nx2/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

email smtp2go&google relay 2

Browse Source
This commit is contained in:
Lennart J. Kurzweg (Nx2)
2026-05-04 03:30:43 +02:00
parent 245fdbb60f
commit 6ab89d09b7
6 changed files with 73 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
sops-secrets.yaml
View File

File diff suppressed because one or more lines are too long

12
system-modules/networking.nix
View File

@@ -10,13 +10,15 @@
}; };
enableIPv6 = true; enableIPv6 = true;
firewall.allowedTCPPorts = [ firewall.allowedTCPPorts = [
(pkgs.lib.mkIf config.services.ollama.enable 11434)
80
443
8000 8000
8080 8080
(pkgs.lib.mkIf config.services.postfix.enable 587) (pkgs.lib.mkIf config.services.nginx.enable 80)
(pkgs.lib.mkIf config.services.dovecot2.enable 993) (pkgs.lib.mkIf config.services.nginx.enable 443)
(pkgs.lib.mkIf config.services.ollama.enable 11434)
(pkgs.lib.mkIf config.services.maddy.enable 587)
(pkgs.lib.mkIf config.services.maddy.enable 465)
(pkgs.lib.mkIf config.services.maddy.enable 993)
(pkgs.lib.mkIf config.services.maddy.enable 25025)
]; ];
}; };
} }

4
system-modules/nx2site.nix
View File

@@ -91,12 +91,12 @@ def main():
print(f"*.${hyper.domain}: {update_record(record_id="${record_id.sub}", record_name="*.${hyper.domain}", ip=my_ip, type="A", proxied=True, pw=pw).status_code}") print(f"*.${hyper.domain}: {update_record(record_id="${record_id.sub}", record_name="*.${hyper.domain}", ip=my_ip, type="A", proxied=True, pw=pw).status_code}")
print(f"ssh.${hyper.domain}: {update_record(record_id="${record_id.ssh}", record_name="ssh.${hyper.domain}", ip=my_ip, type="A", proxied=False, pw=pw).status_code}") print(f"ssh.${hyper.domain}: {update_record(record_id="${record_id.ssh}", record_name="ssh.${hyper.domain}", ip=my_ip, type="A", proxied=False, pw=pw).status_code}")
print(f"dev.${hyper.domain}: {update_record(record_id="${record_id.dev}", record_name="dev.${hyper.domain}", ip=my_ip, type="A", proxied=False, pw=pw).status_code}") print(f"dev.${hyper.domain}: {update_record(record_id="${record_id.dev}", record_name="dev.${hyper.domain}", ip=my_ip, type="A", proxied=False, pw=pw).status_code}")
print(f"mail.${hyper.domain}: {update_record(record_id="${record_id.mail}", record_name="mail.${hyper.domain}", ip=my_ip, type="A", proxied=False, pw=pw).status_code}") # print(f"mail.${hyper.domain}: {update_record(record_id="${record_id.mail}", record_name="mail.${hyper.domain}", ip=my_ip, type="A", proxied=False, pw=pw).status_code}")
print(f"${hyper.domain}: {update_record(record_id="${record_id.base6}", record_name="${hyper.domain}", ip=my_ip6, type="AAAA", proxied=True, pw=pw).status_code}") print(f"${hyper.domain}: {update_record(record_id="${record_id.base6}", record_name="${hyper.domain}", ip=my_ip6, type="AAAA", proxied=True, pw=pw).status_code}")
print(f"*.${hyper.domain}: {update_record(record_id="${record_id.sub6}", record_name="*.${hyper.domain}", ip=my_ip6, type="AAAA", proxied=True, pw=pw).status_code}") print(f"*.${hyper.domain}: {update_record(record_id="${record_id.sub6}", record_name="*.${hyper.domain}", ip=my_ip6, type="AAAA", proxied=True, pw=pw).status_code}")
print(f"ssh.${hyper.domain}: {update_record(record_id="${record_id.ssh6}", record_name="ssh.${hyper.domain}", ip=my_ip6, type="AAAA", proxied=False, pw=pw).status_code}") print(f"ssh.${hyper.domain}: {update_record(record_id="${record_id.ssh6}", record_name="ssh.${hyper.domain}", ip=my_ip6, type="AAAA", proxied=False, pw=pw).status_code}")
print(f"mail.${hyper.domain}: {update_record(record_id="${record_id.mail6}", record_name="mail.${hyper.domain}", ip=my_ip6, type="AAAA", proxied=False, pw=pw).status_code}") # print(f"mail.${hyper.domain}: {update_record(record_id="${record_id.mail6}", record_name="mail.${hyper.domain}", ip=my_ip6, type="AAAA", proxied=False, pw=pw).status_code}")
if __name__ == "__main__": if __name__ == "__main__":
main() main()

30
system-modules/nx2site/maddy.nix
View File

@@ -68,6 +68,36 @@
deliver_to &remote_queue deliver_to &remote_queue
} }
} }
# nx2s-email-relay backdor
smtp tcp://0.0.0.0:25025 {
# tls off
# 1. Allow incoming mail from the VM for your domains
destination postmaster $(local_domains) {
deliver_to &local_routing
}
# 2. Prevent the world from using you as an open relay
default_destination {
reject 521 5.0.0 "User not local"
}
}
''; '';
}; };
} }
# --- Receive
# 1. mx to mail.nx2.site
# 2. mail.nx2.site to nx2s-email-relay (google e2-micro)
# 3. nx2s-email-relay uses emaul-relay.service to socat 25 to 25025 home
# 4. home gets 25025 and handles it
# -- Send
# 1. Via Smtp2go (mail-eu.smtp2go.com)
# SPF is coverd by CNAME (return) (somehow)

21
system-modules/nx2site/nextcloud.nix
View File

@@ -1,7 +1,7 @@
{ config, pkgs, ... }@all: with all; let { config, pkgs, ... }@all: with all; let
user = "nextcloud"; user = "nextcloud";
in { in {
sops.secrets = let ss = { owner = user; group = user; mode = "777"; }; in { sops.secrets = let ss = { owner = user; group = user; mode = "600"; }; in {
"nx2site/nextcloud/admin_pass" = ss; "nx2site/nextcloud/admin_pass" = ss;
"nx2site/nextcloud/db_pass" = ss; "nx2site/nextcloud/db_pass" = ss;
"nx2site/nextcloud/lennart_pass" = ss; "nx2site/nextcloud/lennart_pass" = ss;
@@ -9,6 +9,7 @@ in {
"nx2site/nextcloud/diane_pass" = ss; "nx2site/nextcloud/diane_pass" = ss;
"nx2site/nextcloud/georg_pass" = ss; "nx2site/nextcloud/georg_pass" = ss;
"nx2site/nextcloud/tessa_pass" = ss; "nx2site/nextcloud/tessa_pass" = ss;
"nx2site/smtp2go/nextcloud_api_key" = ss;
}; };
users.users."${user}" = { users.users."${user}" = {
isSystemUser = true; isSystemUser = true;
@@ -39,17 +40,25 @@ in {
overwriteProtocol = "https"; overwriteProtocol = "https";
default_phone_region = "DE"; default_phone_region = "DE";
# # local
# "mail_smtpmode" = "smtp";
# "mail_smtphost" = "127.0.0.1";
# "mail_smtpport" = 2525;
# "mail_from_address" = "nextcloud";
# "mail_domain" = hyper.domain;
# "mail_smtpsecure" = ""; # = STARTTLS
"mail_smtpmode" = "smtp"; "mail_smtpmode" = "smtp";
"mail_smtphost" = "127.0.0.1"; "mail_smtphost" = "mail-eu.smtp2go.com";
"mail_smtpport" = 2525; "mail_smtpport" = 2525;
"mail_from_address" = "nextcloud"; "mail_from_address" = "nextcloud";
"mail_domain" = hyper.domain; "mail_domain" = hyper.domain;
"mail_smtpsecure" = ""; # = STARTTLS "mail_smtpsecure" = ""; # = STARTTLS
# "mail_smtpauth" = true; "mail_smtpauth" = true;
# "mail_smtpauthtype" = "LOGIN"; "mail_smtpauthtype" = "LOGIN";
# "mail_smtpname" = "nextcloud@${hyper.domain}"; "mail_smtpname" = "nextcloud@${hyper.domain}";
}; };
secrets."mail_smtppassword" = config.sops.secrets."nx2site/maddy/nextcloud_password".path; secrets."mail_smtppassword" = config.sops.secrets."nx2site/smtp2go/nextcloud_api_key".path;
# secrets.settings."mail_smtppassword" = config.sops.secrets."nx2site/maddy/nextcloud_password".path; # secrets.settings."mail_smtppassword" = config.sops.secrets."nx2site/maddy/nextcloud_password".path;
config = { config = {
adminpassFile = config.sops.secrets."nx2site/nextcloud/admin_pass".path; adminpassFile = config.sops.secrets."nx2site/nextcloud/admin_pass".path;

20
system-modules/nx2site/proxy.nix
View File

@@ -15,7 +15,8 @@
"${hyper.domain}" = { "${hyper.domain}" = {
extraDomainNames = builtins.map (subd: "${subd}.${hyper.domain}") [ extraDomainNames = builtins.map (subd: "${subd}.${hyper.domain}") [
"sync" "sync"
"mail" "ssh"
# "mail"
]; ];
}; };
}; };
@@ -116,6 +117,13 @@
]; ];
locations."/.well-known/acme-challenge".root = "/var/lib/acme/acme-challenge"; locations."/.well-known/acme-challenge".root = "/var/lib/acme/acme-challenge";
}; };
"ssh.${hyper.domain}" = {
listen = [
{ addr = "0.0.0.0"; port = 80; }
{ addr = "[::0]"; port = 80; }
];
locations."/.well-known/acme-challenge".root = "/var/lib/acme/acme-challenge";
};
"matrix.${hyper.domain}" = { "matrix.${hyper.domain}" = {
listen = dl; listen = dl;
locations."~.*".return = "502"; locations."~.*".return = "502";
@@ -204,10 +212,12 @@
}; };
"dev.${hyper.domain}" = vh // { "dev.${hyper.domain}" = vh // {
listen = dl; listen = dl;
locations."/" = { locations = {
proxyPass = "http://127.0.0.1:8080"; "/" = {
proxyWebsockets = true; proxyPass = "http://127.0.0.1:8080";
}; proxyWebsockets = true;
};
};
}; };
# is done atomatically # is done atomatically
# "owc.${hyper.domain}" = vh // { # "owc.${hyper.domain}" = vh // {