fix(ops): delete email config for now
We don't have an email server configured (yet), we can resurrect it once we do. Change-Id: I568075154c6169d031462f39b43ce5897a754f19 Reviewed-on: https://cl.snix.dev/c/snix/+/30109 Autosubmit: Florian Klink <flokli@flokli.de> Tested-by: besadii Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
This commit is contained in:
		
							parent
							
								
									ebc924d492
								
							
						
					
					
						commit
						9e7cadeded
					
				
					 5 changed files with 0 additions and 146 deletions
				
			
		|  | @ -69,21 +69,6 @@ resource "digitalocean_record" "snix_dev_infra_public01_v6" { | |||
|   value    = var.public01_ipv6 | ||||
| } | ||||
| 
 | ||||
| # Email records | ||||
| resource "digitalocean_record" "snix_dev_mail_v4" { | ||||
|   domain  = digitalocean_domain.snix_dev.id | ||||
|   type    = "A" | ||||
|   value   = "49.12.112.149" | ||||
|   name    = "mail" | ||||
| } | ||||
| 
 | ||||
| resource "digitalocean_record" "snix_dev_mail_v6" { | ||||
|   domain  = digitalocean_domain.snix_dev.id | ||||
|   type    = "AAAA" | ||||
|   value   = "2a01:4f8:c013:3e62::2" | ||||
|   name    = "mail" | ||||
| } | ||||
| 
 | ||||
| # Explicit records for all services running on public01 | ||||
| resource "digitalocean_record" "snix_dev_public01" { | ||||
|   domain   = digitalocean_domain.snix_dev.id | ||||
|  |  | |||
|  | @ -81,19 +81,6 @@ resource "hcloud_server" "public01" { | |||
|   } | ||||
| } | ||||
| 
 | ||||
| resource "hcloud_rdns" "mail-v4" { | ||||
|   floating_ip_id = hcloud_floating_ip.mail.id | ||||
|   ip_address     = hcloud_floating_ip.mail.ip_address | ||||
|   dns_ptr        = "mail.snix.dev" | ||||
| } | ||||
| 
 | ||||
| resource "hcloud_rdns" "mail-v6" { | ||||
|   server_id  = hcloud_server.public01.id | ||||
|   # Hardcoded because I don't want to compute it via Terraform. | ||||
|   ip_address = "2a01:4f8:c013:3e62::2" | ||||
|   dns_ptr    = "mail.snix.dev" | ||||
| } | ||||
| 
 | ||||
| resource "hcloud_rdns" "public01-v4" { | ||||
|   server_id = hcloud_server.public01.id | ||||
|   ip_address = hcloud_server.public01.ipv4_address | ||||
|  |  | |||
|  | @ -11,7 +11,6 @@ in | |||
|     (mod "hetzner-cloud.nix") | ||||
|     (mod "forgejo.nix") | ||||
|     (mod "restic.nix") | ||||
|     # (mod "stalwart.nix") | ||||
|     # Automatically enable metric and log collection. | ||||
|     (mod "o11y/agent.nix") | ||||
|     (mod "o11y/grafana.nix") | ||||
|  | @ -20,7 +19,6 @@ in | |||
|     (mod "www/status.snix.dev.nix") | ||||
|     (mod "www/auth.snix.dev.nix") | ||||
|     (mod "www/git.snix.dev.nix") | ||||
|     # (mod "www/mail.snix.dev.nix") | ||||
|     (mod "known-hosts.nix") | ||||
| 
 | ||||
|     (depot.third_party.agenix.src + "/modules/age.nix") | ||||
|  | @ -32,10 +30,6 @@ in | |||
|   infra.hardware.hetzner-cloud = { | ||||
|     enable = true; | ||||
|     ipv6 = "2a01:4f8:c013:3e62::1/64"; | ||||
|     # Additional IPs. | ||||
|     floatingIPs = [ | ||||
|       "49.12.112.149/32" | ||||
|     ]; | ||||
|   }; | ||||
| 
 | ||||
|   networking = { | ||||
|  | @ -69,10 +63,6 @@ in | |||
|       domain = "git.snix.dev"; | ||||
|     }; | ||||
|     grafana.enable = true; | ||||
|     # stalwart = { | ||||
|     #   enable = true; | ||||
|     #   mailDomain = "mail.snix.dev"; | ||||
|     # }; | ||||
|     # Configure backups to Hetzner Cloud | ||||
|     restic = { | ||||
|       enable = true; | ||||
|  |  | |||
|  | @ -1,83 +0,0 @@ | |||
| # Stalwart is an all-in-one mailserver in Rust. | ||||
| # https://stalw.art/ | ||||
| { config, lib, ... }: | ||||
| let | ||||
|   inherit (lib) mkOption mkEnableOption mkIf types; | ||||
|   cfg = config.services.depot.stalwart; | ||||
|   certs = config.security.acme.certs.${cfg.mailDomain} or (throw "NixOS-level ACME was not enabled for `${cfg.mailDomain}`: mailserver cannot autoconfigure!"); | ||||
|   mkBind = port: ip: "${ip}:${toString port}"; | ||||
| in | ||||
| { | ||||
|   options.services.depot.stalwart = { | ||||
|     enable = mkEnableOption "Stalwart Mail server"; | ||||
| 
 | ||||
|     listenAddresses = mkOption { | ||||
|       type = types.listOf types.str; | ||||
|       default = [ | ||||
|         "49.12.112.149" | ||||
|         "[2a01:4f8:c013:3e62::2]" | ||||
|       ]; | ||||
|     }; | ||||
| 
 | ||||
|     mailDomain = mkOption { | ||||
|       type = types.str; | ||||
|       description = "The email domain, i.e. the part after @"; | ||||
|       example = "snix.dev"; | ||||
|     }; | ||||
|   }; | ||||
| 
 | ||||
|   config = mkIf cfg.enable { | ||||
|     # Open only from the listen addresses. | ||||
|     networking.firewall.allowedTCPPorts = [ 25 587 143 443 ]; | ||||
|     services.stalwart-mail = { | ||||
|       enable = true; | ||||
|       settings = { | ||||
|         certificate.letsencrypt = { | ||||
|           cert = "file://${certs.directory}/fullchain.pem"; | ||||
|           private-key = "file://${certs.directory}/key.pem"; | ||||
|         }; | ||||
|         server = { | ||||
|           hostname = cfg.mailDomain; | ||||
|           tls = { | ||||
|             certificate = "letsencrypt"; | ||||
|             enable = true; | ||||
|             implicit = false; | ||||
|           }; | ||||
|           listener = { | ||||
|             smtp = { | ||||
|               bind = map (mkBind 587) cfg.listenAddresses; | ||||
|               protocol = "smtp"; | ||||
|             }; | ||||
|             imap = { | ||||
|               bind = map (mkBind 143) cfg.listenAddresses; | ||||
|               protocol = "imap"; | ||||
|             }; | ||||
|             mgmt = { | ||||
|               bind = map (mkBind 443) cfg.listenAddresses; | ||||
|               protocol = "https"; | ||||
|             }; | ||||
|           }; | ||||
|         }; | ||||
|         session = { | ||||
|           rcpt = { | ||||
|             directory = "in-memory"; | ||||
|             # Allow this server to be used as a relay for authenticated principals. | ||||
|             relay = [ | ||||
|               { "if" = "!is_empty(authenticated_as)"; "then" = true; } | ||||
|               { "else" = false; } | ||||
|             ]; | ||||
|           }; | ||||
|           auth = { | ||||
|             mechanisms = [ "PLAIN" ]; | ||||
|             directory = "in-memory"; | ||||
|           }; | ||||
|         }; | ||||
|         jmap.directory = "in-memory"; | ||||
|         queue.outbound.next-hop = [ "local" ]; | ||||
|         directory.in-memory = { | ||||
|           type = "memory"; | ||||
|         }; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
|  | @ -1,25 +0,0 @@ | |||
| { config, ... }: | ||||
| 
 | ||||
| { | ||||
|   imports = [ | ||||
|     ./base.nix | ||||
|   ]; | ||||
| 
 | ||||
|   config = { | ||||
|     # Listen on a special IPv4 & IPv6 specialized for mail.  | ||||
|     # This NGINX has only one role: obtain TLS/SSL certificates for the mailserver.  | ||||
|     # All the TLS, IMAP, SMTP stuff is handled directly by the mailserver runtime.  | ||||
|     # This is why you will not see any `stream { }` block here. | ||||
|     services.nginx.virtualHosts.stalwart = { | ||||
|       serverName = "mail.snix.dev"; | ||||
|       enableACME = true; | ||||
|       forceSSL = true; | ||||
| 
 | ||||
|       listenAddresses = [ | ||||
|         "127.0.0.2" | ||||
|         "49.12.112.149" | ||||
|         "[2a01:4f8:c013:3e62::2]" | ||||
|       ]; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue