From 437bf52b60d26388ca234297ab2a81af17230741 Mon Sep 17 00:00:00 2001 From: Lu Wang Date: Wed, 1 Jan 2025 10:16:52 +0800 Subject: [PATCH] treewide: move mail server from suwako-vie0 to suwako-vie1 --- nixos/hosts/suwako-vie0/default.nix | 3 --- nixos/hosts/suwako-vie1/default.nix | 3 +++ secrets/hosts/suwako-vie0.yaml | 9 +++----- secrets/hosts/suwako-vie1.yaml | 32 +++++++++++++++++++++++++++++ zones/rebmit.link.nix | 4 ++-- zones/rebmit.moe.nix | 6 +++--- 6 files changed, 43 insertions(+), 14 deletions(-) create mode 100644 secrets/hosts/suwako-vie1.yaml diff --git a/nixos/hosts/suwako-vie0/default.nix b/nixos/hosts/suwako-vie0/default.nix index 30223b3..9af3f1d 100644 --- a/nixos/hosts/suwako-vie0/default.nix +++ b/nixos/hosts/suwako-vie0/default.nix @@ -10,9 +10,6 @@ ++ (with profiles; [ services.caddy services.keycloak - services.mail.dovecot - services.mail.postfix - services.mail.rspamd services.matrix.heisenbridge services.matrix.mautrix-telegram services.matrix.synapse diff --git a/nixos/hosts/suwako-vie1/default.nix b/nixos/hosts/suwako-vie1/default.nix index 1b5ebb6..4955b48 100644 --- a/nixos/hosts/suwako-vie1/default.nix +++ b/nixos/hosts/suwako-vie1/default.nix @@ -10,6 +10,9 @@ ++ (with profiles; [ services.caddy services.knot.secondary + services.mail.dovecot + services.mail.postfix + services.mail.rspamd services.prometheus.node-exporter services.prometheus.ping-exporter services.well-known diff --git a/secrets/hosts/suwako-vie0.yaml b/secrets/hosts/suwako-vie0.yaml index bc7bca4..3900744 100644 --- a/secrets/hosts/suwako-vie0.yaml +++ b/secrets/hosts/suwako-vie0.yaml @@ -2,9 +2,6 @@ synapse: signing-key: ENC[AES256_GCM,data:yFxwWDpdQvHetThkK02a/GN3lcw4GNb7BItutO5zisKptG6qB+BdWwHB34oK81J5Rbt3MGLwMwVpa0w=,iv:pQMDF4wSyzLvlRj3jMVbjyx16G76gj7e2ZvEHTB2VUU=,tag:dl1Onm5LNzH2aHZNfnRPbg==,type:str] oidc-client-secret: ENC[AES256_GCM,data:1zUxCuFyTWFvcu7W0dJ70RKyPWW0WY9fJwlaQkYRzok=,iv:8+3w1kz81CfTvzYv8thd/EaEUn2A/OdL8Uw4n0o69tE=,tag:qGTZodnQwOsI/cyXK6X09Q==,type:str] mautrix-telegram-bot-token: ENC[AES256_GCM,data:SgzTnwfmJqYeAM0PjZ0sosYTgkiw8gR6eszfkpM7VIOTlNmkkJezD5CtSHlsQA==,iv:olLvkkl9VHPrUuKZgOQgpzRMEymm9oYo0hJs8KsiTBE=,tag:eEOjwT7vBTyTRnS6qtu4dg==,type:str] -mail: - dkim-20241219: ENC[AES256_GCM,data:GjnSHIn9D4AFRsgin8AZyyXnerJrtChMAzEsMKVjaagzwAaNNdcMik+q7miAjY0UzO+N8Al/jDLaTmv+KWmGNr5nVcc7/EWNi1WsEYZsIZjk9baT2E5QVCZGE2URBKQI3BWl9yJTE5qyovJDOTwcIr77lAwoAGN+4QYflmtrEdSaurQXRBkiooK3g7QrDNUOaD3nJNpMED5ioFR4nC+8AB1RJmo/FfgRSgpgRUDE2Fv0Q7Ex2WDUKo7UsPguaxlrUGznshS9mPFKYt0Uxqno49OPhPHZAgjGH9UxDn3sduwyBNlv7ANGPslY0TrGq7G0PrWNhvvH3l/9Fu3pkULGyp6utjgx5eSmT8cSMpdaDbFyrFkk5nlpbvHKGeFRYLaJwo2gORt7qBVZxXgFtuOCUYsUI0fTAX6269tGXgBwlxr69IStXif043Wyh0wdsrekQ5PgMvWlTffkjQo7z57O931+gQiiFHuJWrREOQqcxMVlJmulLFEvCIZWbNvlTN5si+g9cMCR/uHsUpiFhgthNaYMHASf1PUvmfP1WOY7QQ2Bn37534inrZEqWLDCnAjpjFLYQs1ZjP2B3JmUT8AumIr/dY2CLRY7ojvv7QLNT8b7HOjEUAgIde3My4qRhV9LvGjV5DVaLJCgL9vHjCRV77YfO7QB/MZzQkQfX6R6mwQttG7FG/glOV6i8pdZb09Zs5BvmZ1KCuR8S+JgzjkSQ1/kJay/Wy5iLnRO1JaEp2xBFZPFHti7q00pJOJm/v7ebKhqudokyOK9mOGe7cpGww8CJ3wjbBiSGeImtzmx599DaYkJQZNVaP3rffVxAs3oXyn4ZTGYn6S+wNFOwNSw5TRuk2JaeZoCgFs8kP8BhuH/yoUP3gXHE/5t0U3ssciBqlhFxvKHvXHlcB3Wnq1990ROVe+p/O5ET2jbP3jdMNhh7UmTcGUdZtLTu8MphI9KSNeVcUWX1Taj9jX9RE4pNpZKIrsa4njpqvwXUijDRaAyXckHlmTFNB4R3UtG3wKTXe4nbfyVQFSPRkIGSDUXj0oyPJRnf0D3IC2PfNoJHioG+bCMzICrZ8mCQNtjVMlZBSgqsqdwSxvCYs0sO6GlWJo9fsWErCdzf/HU8wHnZ/X56yWYlAsIqx2V0qAZRIkw1hdwcnVh6smcgciZiXRPbCo6mwhtOOw5vXp1DKBEGHjwdZUsuXw+Zi1axCFuxYFM6gHs24//+lcfmv2VPNjopAeUdVvthPWg58CbLMTSxwKlFafTyVXsZZjHinZ23YNpzynz4EMlx5HTZ9jBEPdA7oENtafUI8CBxB7DhKvX0zC0286Y+w1a7Wkyxv9XFP9M6cn17nCH+HN03XQuNcVVNLzGzVapkJPnRgFxBe8o6B3/AyhIbY7phj/Z82E4tI23+Dwg6vCKQBBHXpLERU3j/UXtCaF7tFwin5kL6fai/bu7MC+/8olB7XrHHoa2raXqYZ22LISOgOScR2cVDDTwr+XZUca98bsDQVLjhZlcG7wrartOKRF0/fBZMnyMMrg9RAo0CMkXiPNIg+Sg/WkgUWefrJysCgUtPcJPHUVnYsqwxj+nSTFsX1yc4NWatmMkj7+maHd2F7BL3eTk4zdSMWaI9oxagbo869VD0wNtnsSIdhzummiILhQGAMpSrmLmFb+4GXVMJx1tljhTHh2zxHtTR/YlPr+pAxS2h21Mj1LVCxvNXsLc4bU5zyl6i/NBEimax05BFPX9fAiksSAcruoHPG3fzQJzSVfziN67xfwCTz4QGb0hneCCLWRvhp0OnH2DbeQdUPGiJVwaQZGn2B+ItNYjZ03I9h9BkRxunp/zTejHnW2eaZ7esibTpjxrPgUkrR9ZMLwVU9CTtTuT80f6njmQLbS6ubwnYgCtYkZ+iiQzWLtQ+Fa0QEHZQHx5zUtxFszElaxj+FIl3aJwPGZeAIvurQFsqOLD/Q1vjHVa3ag6VRhFDwFQOLTRl2ccbKi38RX/Kribnezx8PJYr7qpIsNtYQ1kd46B9lPcqyavIPwcOsLPL3ShC0rXkiguwTKaatR/RbTMvbbQQx4ryvxL3M5kCx6seHMmUX3jI+pJLKV4W6lc80ipZ+n/CdFEmksHSj5i+cNVcFne1RWMltiV/3jB8no6BneaeLaEXdMaEGmbfXbtOduIqdTnX5MIpF1xytKpCtZRICCs2dq+oNEyL8aew9VgyvoBh9Q1IKA75FTwo1kjgULHnfcQu4y29UNRciZn0ClzJcuwntLh6CnAwBbYgBi5,iv:ylnoYDXMVcmAWkIHTjjZM0rwV0PretOTxv1oP3HyfrM=,tag:KgToEhowEwQiG8KuWTdjrA==,type:str] - dovecot-passdb: ENC[AES256_GCM,data:C5YKPo13aEuTwMqzbMdn+r3vPrB5DtRi8hwCx2gbWOQ1bSn9d9yHJ7tNQwTGT5wGoQ3WZrs+mArTsrOF7OPzbXxguSr45Wns+ShdH4iypIoldOlc+bscafF9RmmmDrinyTjDezrI9ddTUNFFtVhkKi3pMi7yfoLTuaRuvQiVtF8=,iv:y+GikkIrFGecRdTeAKW0RUC7wqmkIeh5S++Q2LDVJS0=,tag:9Zw/GfvSPdLc1Zh0U3CJWw==,type:str] sops: kms: [] gcp_kms: [] @@ -29,8 +26,8 @@ sops: ZjQyOG1ZVDVnTGxBNWR0RGs3d082aGsKqqIdYDPsnvCa5+YFWCqdwAi5vgWuMazv sZF1K96MHFgxgqgGonu2wZN3uj2mGttDRC8ZZmMPEftY1na6VLl40A== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-19T11:27:01Z" - mac: ENC[AES256_GCM,data:VQEnYBKOZ8X5VC4u8X8V0k6EU0Jvb0UipNw6RR6ZXQlclQn4c9Bbxzr8WU3lx0sNVHdY6aleHOKyWa0H0Bzyl5uLPu0v0SNtcB/JphbfJDNKZ6qwKtBSK8NUmSxLz35qoqRU/9pN1LFAW2DvzR6RCwk3RNLstuyT9XJWpuE9bmw=,iv:ClPVKD4f5KqQbVI+EYpAojHu4QuWAsrRMRX5GhS6o6I=,tag:iwe0CC013V0JyBMt+RUfhA==,type:str] + lastmodified: "2025-01-01T02:07:05Z" + mac: ENC[AES256_GCM,data:Lyfte9XWPuhEmLXcR6ZAtldwKCDx/tyE6OToIRAHS1z53fH6qZSXzSW0Fby+kxNKFCK1CXwvUCe5HMSWYYT1GfN0Oj0kxwFjUqV8EJa2wmUreruNJrJQ328EIPVbQZYaZfDdZpomIZsFo+PfZwWDkbDog7+PcVAoIN+QSnk7Bpk=,iv:+qaJbaqaGoUaZRsX4uemtBED00rHyJoKesUt+vZbAgE=,tag:1B1j/56Fy/I3lqpT73u5Gw==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.9.2 diff --git a/secrets/hosts/suwako-vie1.yaml b/secrets/hosts/suwako-vie1.yaml new file mode 100644 index 0000000..e12299b --- /dev/null +++ b/secrets/hosts/suwako-vie1.yaml @@ -0,0 +1,32 @@ +mail: + dkim-20241219: ENC[AES256_GCM,data:HT/k9RtGz9TYJ42hS5faVALFqGV0ROEiDIOUX6FHXDNqDBJ7vgQwYEyQ3SUovwkCfdP7JAipz71PGoxBO1MToRjuzIl/rE0jw5u9y1ZJqTgj/AimTyrO8JM+RphTII1XaE67g80mSSWDiPevcCX7tWo2uhrsbt1Dh2S3v1mliN3sahKY2dieO1D6d1JsMU2IfJZFqb6i9IrMzr8FFfB85Gz0Rdt5lkSSEfg9pxUasUi8VIJKw43rjq8sSS2RA30lQqZLQAY6xlT1bzISGrYrvE+CV+DuT6bEpDdayYj7Yh81Yg1PQbYXErozzgR4oeCktU1nhjJbQiEXX6ulDpnuUEuJssuqePUVdLXCMsB28yAqL0H7Iqhvw8wbrE97+BvAOKxC4CqfxXI9EpJZPcvSzb3FXL+j0wxD709gwQj3Ys3XL8tGR96B7ojh6ZnJFx/JznU6wwWCPFSaZS+KNPCAZ4utjp+h+ruPWmwld0cuTc9pq80lqIcjh3uXIxhekTeq04Ms820e0JQbagkVPgGXvLpvBSi1WvmFzkAb5QRpYPjvlWBHtuaIS6vvnenMcuqinFNaqbP7wuFCAbv7iUAhk3vI/e34vMFv0CZBX/PGQn8/xnzSDZ6K0m5fPMog0So6XYIaquVjnNPg9Af3AV2s+YVjY3rIAdHCM6nMgb93nBaY1UngNnjlkRGrVC0KE4SVUtyLk+d/NSv9KAlxqKaVVAyul3/D82qC/yzm+kObhulLZGIf097/xzH2nZZWK77jIkukhrbrquGXwc/Crwp+qON1kVqqe+Jir7yzClPVrJ3n9CbsjiZWNg/E5JTh0drlaWad9ra3ii1iBJk+ShwggVQpTp6gdc0v6lfhBWl4P6O/TaXYKH1N8aGUSkXyOoHMM8WK376Kc67bLtpBP37L9hZsWkA/WwUPzFz/k6c0xf5H4Qo4mBSYPljr4D0fjE48cq2RfDUFkhQbG2tl9wJ6VfkBZeQ28wkeFcEC4/p6maLuFDwjlKhIgo+g6vxO3zmks+w4JdCsff2Xz4Rrti8ffZHLryb1TNn7hz6S8saqAYrHsWz4DV3974hwwJlfz2G9dAVrMFUeGkgsT0EPm/24kflMZqwUUoaXvMuRfxCzVCLA38ilxsna7ua0Kx1MOUYm0i/A8KPyzeNJnxxdbOulPqahV/VAmBo21u3Fi4I9ApgkGizxijWhQ6LY5eCVc7R2Vfwb5sjFC4dxE/nyqTpHEgGX0c6dG+k8Wm3e2K2iGwvmcrHHPmeYmB02t0J8KA+ShVKbjebQhlD5W57/lQeKVrSe1fYDl3et8z9GYClL1Hh3DS4l6jD+PDAunn5cG/k0xarN/okoqATzlkkWJraW9duLne6cL0OxpqFdzjXepTzDb8f+AYjVDA5CJuxv9WN25FVjpazWvPcaOg0LSDmvfXBdXmS0bTWs0H3YCQme1tCClhP3wwGvU8MOYcgER6khWJIIxQA81y5p8O7cCCIT7eJI0pVwQ5Uwl2Le/RpojlKyB17p52w9V3b3ApmRSgGf0AOlCxbyiIOj84p1gDgTI5Ne5i/abCt1ZHY9nCgBdyeJRvu6gJLGJB/z/aXGQEkX4RPSZTjEfpPGYrUHTP5wo8gzMy1OX07O5UzO9GeIqxbC5t18bAfyWdKGOztJvcX39PffyqDEpy/q4jcEAyHuhkUZj0TnSKPJx6d27qTCs5YOP3jf1SQUXHwVSLQh/+oP6AIUX8slVT+iLgVv/QbXDjkWeF/4boqfXktUlVaMhYO0kIwB+cWEtoRqJzpRn65vlX7bCZ62wGNwE9AObBV1nvar+RpwCtrqVJRcMxutvLSGDUFP5vkT3tB3/FpYJRvthcy7w4hj2zP5iTrTQZzDV5t2BLRfjlvnse4Bw7D7xserKYrDQy4Xxl5wou4V78qhAbGWP1EUiX5fJ4nhhv+xp1VkLKyC7p67C4VJsSwSwpsh5a4R2O3pmCUcA2HxbNxUISNyN4Y1Ts4qEyOpPvcqSMVvkUppknT0AZwla8hMwB0cttYMiV3dGIiflvqlE3jIBXc7sO1pcRfaWDfOHRbsh8F3rZJ0rVdXG/iFC+6YHC3vrBzhjVoOYwJUjiqub6gNZXed+cJ0e7UhN3c/qHL+lsmnZJS3g6fxkSZxVRDKGXQ9SIE+deWq7RbrukQeBYB4N0j0/NJlqiAhur3x6xNYoVhM8evpOBeQYhaEaN5LYAPTlg7AjePo2+AP/LtX9pp6wtLqaWmeHD/35OjDPuzoJ1Vg2XIgpsId,iv:+ZgBgEMHH2Mi3QBZXmtVW2dEAReUvKrm06d3XMolm2s=,tag:RhIWA1SdAmks0OLhwbgdTw==,type:str] + dovecot-passdb: ENC[AES256_GCM,data:wko6AN/ON6ORIUUcbgDA0uKkJBGkTT86zelkaaa5QaSxBbNTq9CdxZkqjsZC3RKxYNqlDeIFUUZ0Trp5hCx3kf2uAyCcdRz6wKyEz/vPihyHfGslcdzYvU9++gL2VEyxiLJu3Izm7zLKRQU1Itk7P1CxMAXRoQ+kVw62hwPjYqk=,iv:ZPdIA3aSEfCDdt6wE4qkF7FrIQ2QmQYxBJb7YwYrWVs=,tag:HQd4V46jGVFK2voWIB4CkQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1sfnct03u4cvfj98x4yjrcrrnu5gg8qgxrwk4uqq8w4e6wveeaedq97rn44 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMeHdweWEyeXFQdm1mL2tT + VERZVWhiZTg5Qm9iOXVXbW54dTN5ZGQybmk0Cmx4a0lsRXFYUDVTdStPZ3hkYk5C + T1Z1U1JXTnh3WEZKZTNoQWFjYmhZK0kKLS0tIFI3Z2tTQm0xRXZOT2Jaa3BGbk05 + a29KYzI3d0ErRXNGSmFiWEpwRUQvSUUKJWVATlS5QjEcDWxQdcQlqYjTHQBjhP3H + dYVC1Rb15XlHzjDuIoLtY0aL3+UGIb6wpTC5AWrWWGWfxpeICAlotA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1p9xzkzc3zxasgxtd75html0pvrtd6fzvmhz6n388vtjg36d3zffsvma0j0 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6dFo0UzlNOG9JdkgxcTZk + aEV4TXVVV1VDeVV3UmdHSzBTcmdPenBMVDFVCkd5bXl3dk9LZGNBaHBWMUp4V1B1 + NWZzdXZvU3drN0oxSlpSM0V4Lzc2ZEkKLS0tIFdLL29Falk3MmF2T0NVREpQRFpF + NGhlWHFpdm5IekY2MXBDdE5Ua3VMYTQKxIqtWOVTjgodJAONWyRVGYTWFPEfPvxw + UUaDzFFaqK8DbOvF6L3QWvBsnR/0dvjJIQdaF+Dy+n5YHn1ZDl6xdg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-01-01T01:58:05Z" + mac: ENC[AES256_GCM,data:PpqsYI0geIbGkPPnw5JjRPfpXl9kLzaBMOsfAMH9a7QMMh1b02kvrcZsKfAc7JntL/Ccsj+56JH1Nm1QJYB5ZRlIL5Hp8osZCreiRmtAdw58J9WJs35JWeF5TxENQ5KhKp3uN/CGCQ4OgO2/i+H5+CzcwVf9t/eFDQUxH6URWww=,iv:Jt3oC3wREWVKDfXGUpmZfxrJOvHbce8IFoNa77qa/Ds=,tag:8kQk0T1YbSiCW6jG9AhzYQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 diff --git a/zones/rebmit.link.nix b/zones/rebmit.link.nix index a6be420..789957c 100644 --- a/zones/rebmit.link.nix +++ b/zones/rebmit.link.nix @@ -14,7 +14,7 @@ dns.lib.toString "rebmit.link" { DKIM DMARC ; - MX = with mx; [ (mx 10 "suwako-vie0.rebmit.link.") ]; + MX = with mx; [ (mx 10 "suwako-vie1.rebmit.link.") ]; TXT = [ (with spf; soft [ "mx" ]) ]; subdomains = lib.recursiveUpdate @@ -42,7 +42,7 @@ dns.lib.toString "rebmit.link" { ) enthalpyHosts )) { - "suwako-vie0".DMARC = [ + "suwako-vie1".DMARC = [ { p = "reject"; sp = "reject"; diff --git a/zones/rebmit.moe.nix b/zones/rebmit.moe.nix index bf30606..0b121ed 100644 --- a/zones/rebmit.moe.nix +++ b/zones/rebmit.moe.nix @@ -32,16 +32,16 @@ dns.lib.toString "rebmit.moe" { service = "imaps"; proto = "tcp"; port = config.networking.ports.imap-tls; - target = "suwako-vie0.rebmit.link."; + target = "suwako-vie1.rebmit.link."; } { service = "submissions"; proto = "tcp"; port = config.networking.ports.smtp-tls; - target = "suwako-vie0.rebmit.link."; + target = "suwako-vie1.rebmit.link."; } ]; - MX = with mx; [ (mx 10 "suwako-vie0.rebmit.link.") ]; + MX = with mx; [ (mx 10 "suwako-vie1.rebmit.link.") ]; TXT = [ (with spf; soft [ "mx" ]) ]; subdomains = { keycloak.CNAME = [ "suwako-vie0.rebmit.link." ];