root/the_prg_server_configuration_old
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Diagnose certificate issues, add missing ServerAliases

Browse source
This commit is contained in:
Root User 2026-02-15 23:16:59 +01:00
parent ba7e32a2a7
commit 1bc85803a9
Signed by: root
GPG key ID: 087F0A95E5766D72
2 changed files with 14 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

18
nix-system-configs/modules/system/mail-server.nix
View file

@ -121,15 +121,15 @@ in {
hostname = "mail.prg-radio.org"; hostname = "mail.prg-radio.org";
domain = "prg-radio.org"; domain = "prg-radio.org";
}; };
acme."letsencrypt" = { # acme."letsencrypt" = {
directory = "https://acme-v02.api.letsencrypt.org/directory"; # directory = "https://acme-v02.api.letsencrypt.org/directory";
challenge = "dns-01"; # challenge = "dns-01";
# reference the contact and secret via files under /etc/stalwart # # reference the contact and secret via files under /etc/stalwart
contact = "%{file:/etc/stalwart/cloudflare-username}%"; # contact = "%{file:/etc/stalwart/cloudflare-username}%";
domains = ["prg-radio.org" "mail.prg-radio.org"]; # domains = ["prg-radio.org" "mail.prg-radio.org"];
provider = "cloudflare"; # provider = "cloudflare";
secret = "%{file:/etc/stalwart/acme-secret}%"; # secret = "%{file:/etc/stalwart/acme-secret}%";
}; #};
session.auth = { session.auth = {
mechanisms = ["plain"]; mechanisms = ["plain"];
directory = "in-memory"; directory = "in-memory";

10
nix-system-configs/modules/system/traefik.nix
View file

@ -371,7 +371,7 @@ in {
# Mail HTTP (JMAP / web) - terminate TLS at Traefik and forward to Stalwart JMAP HTTP listener # Mail HTTP (JMAP / web) - terminate TLS at Traefik and forward to Stalwart JMAP HTTP listener
mail = { mail = {
rule = "Host(`mail.prg-radio.org`)"; rule = "Host(`mail.prg-radio.org`,`mta-sts.prg-radio.org`,`autoconfig.prg-radio.org`,`autodiscover.prg-radio.org`)";
service = "mail-jmap"; service = "mail-jmap";
entryPoints = ["websecure"]; entryPoints = ["websecure"];
tls = {certresolver = "acme";}; tls = {certresolver = "acme";};
@ -379,7 +379,7 @@ in {
# Mail web administration UI (Stalwart management) - exposed under /management # Mail web administration UI (Stalwart management) - exposed under /management
mail-webadmin = { mail-webadmin = {
rule = "Host(`mail.prg-radio.org`) && PathPrefix(`/management`)"; rule = "Host(`mail.prg-radio.org`,`mta-sts.prg-radio.org`,`autoconfig.prg-radio.org`,`autodiscover.prg-radio.org`) && PathPrefix(`/management`)";
service = "mail-webadmin"; service = "mail-webadmin";
entryPoints = ["websecure"]; entryPoints = ["websecure"];
tls = {certresolver = "acme";}; tls = {certresolver = "acme";};
@ -517,17 +517,17 @@ in {
# Mail TCP services # Mail TCP services
mail-smtp.loadBalancer = { mail-smtp.loadBalancer = {
proxyProtocol = { version = 2; }; # Add this line proxyProtocol = {version = 2;}; # Add this line
servers = [{address = "10.1.1.15:25";}]; servers = [{address = "10.1.1.15:25";}];
}; };
mail-smtps.loadBalancer = { mail-smtps.loadBalancer = {
proxyProtocol = { version = 2; }; # Add this line proxyProtocol = {version = 2;}; # Add this line
servers = [{address = "10.1.1.15:465";}]; servers = [{address = "10.1.1.15:465";}];
}; };
mail-imaps.loadBalancer = { mail-imaps.loadBalancer = {
proxyProtocol = { version = 2; }; # Add this line proxyProtocol = {version = 2;}; # Add this line
servers = [{address = "10.1.1.15:993";}]; servers = [{address = "10.1.1.15:993";}];
}; };
}; };