nx2/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

email smtp2go&google relay 2

Browse Source
This commit is contained in:
Lennart J. Kurzweg (Nx2)
2026-05-04 03:30:43 +02:00
parent 245fdbb60f
commit 6ab89d09b7
6 changed files with 73 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
system-modules/nx2site/maddy.nix
View File

@@ -68,6 +68,36 @@
deliver_to &remote_queue
}
}
# nx2s-email-relay backdor
smtp tcp://0.0.0.0:25025 {
# tls off
# 1. Allow incoming mail from the VM for your domains
destination postmaster $(local_domains) {
deliver_to &local_routing
}
# 2. Prevent the world from using you as an open relay
default_destination {
reject 521 5.0.0 "User not local"
}
}
'';
};
}
# --- Receive
# 1. mx to mail.nx2.site
# 2. mail.nx2.site to nx2s-email-relay (google e2-micro)
# 3. nx2s-email-relay uses emaul-relay.service to socat 25 to 25025 home
# 4. home gets 25025 and handles it
# -- Send
# 1. Via Smtp2go (mail-eu.smtp2go.com)
# SPF is coverd by CNAME (return) (somehow)

21
system-modules/nx2site/nextcloud.nix
View File

@@ -1,7 +1,7 @@
{ config, pkgs, ... }@all: with all; let
user = "nextcloud";
in {
sops.secrets = let ss = { owner = user; group = user; mode = "777"; }; in {
sops.secrets = let ss = { owner = user; group = user; mode = "600"; }; in {
"nx2site/nextcloud/admin_pass" = ss;
"nx2site/nextcloud/db_pass" = ss;
"nx2site/nextcloud/lennart_pass" = ss;
@@ -9,6 +9,7 @@ in {
"nx2site/nextcloud/diane_pass" = ss;
"nx2site/nextcloud/georg_pass" = ss;
"nx2site/nextcloud/tessa_pass" = ss;
"nx2site/smtp2go/nextcloud_api_key" = ss;
};
users.users."${user}" = {
isSystemUser = true;
@@ -39,17 +40,25 @@ in {
overwriteProtocol = "https";
default_phone_region = "DE";
# # local
# "mail_smtpmode" = "smtp";
# "mail_smtphost" = "127.0.0.1";
# "mail_smtpport" = 2525;
# "mail_from_address" = "nextcloud";
# "mail_domain" = hyper.domain;
# "mail_smtpsecure" = ""; # = STARTTLS
"mail_smtpmode" = "smtp";
"mail_smtphost" = "127.0.0.1";
"mail_smtphost" = "mail-eu.smtp2go.com";
"mail_smtpport" = 2525;
"mail_from_address" = "nextcloud";
"mail_domain" = hyper.domain;
"mail_smtpsecure" = ""; # = STARTTLS
# "mail_smtpauth" = true;
# "mail_smtpauthtype" = "LOGIN";
# "mail_smtpname" = "nextcloud@${hyper.domain}";
"mail_smtpauth" = true;
"mail_smtpauthtype" = "LOGIN";
"mail_smtpname" = "nextcloud@${hyper.domain}";
};
secrets."mail_smtppassword" = config.sops.secrets."nx2site/maddy/nextcloud_password".path;
secrets."mail_smtppassword" = config.sops.secrets."nx2site/smtp2go/nextcloud_api_key".path;
# secrets.settings."mail_smtppassword" = config.sops.secrets."nx2site/maddy/nextcloud_password".path;
config = {
adminpassFile = config.sops.secrets."nx2site/nextcloud/admin_pass".path;

20
system-modules/nx2site/proxy.nix
View File

@@ -15,7 +15,8 @@
"${hyper.domain}" = {
extraDomainNames = builtins.map (subd: "${subd}.${hyper.domain}") [
"sync"
"mail"
"ssh"
# "mail"
];
};
};
@@ -116,6 +117,13 @@
];
locations."/.well-known/acme-challenge".root = "/var/lib/acme/acme-challenge";
};
"ssh.${hyper.domain}" = {
listen = [
{ addr = "0.0.0.0"; port = 80; }
{ addr = "[::0]"; port = 80; }
];
locations."/.well-known/acme-challenge".root = "/var/lib/acme/acme-challenge";
};
"matrix.${hyper.domain}" = {
listen = dl;
locations."~.*".return = "502";
@@ -204,10 +212,12 @@
};
"dev.${hyper.domain}" = vh // {
listen = dl;
locations."/" = {
proxyPass = "http://127.0.0.1:8080";
proxyWebsockets = true;
};
locations = {
"/" = {
proxyPass = "http://127.0.0.1:8080";
proxyWebsockets = true;
};
};
};
# is done atomatically
# "owc.${hyper.domain}" = vh // {