root/the_prg_server_configuration_old
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update password management... again.

Browse source
This commit is contained in:
Root User 2026-02-15 18:17:03 +01:00
parent e7d4f3d4a1
commit 5289fc4a20
Signed by: root
GPG key ID: 087F0A95E5766D72
2 changed files with 11 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

11
nix-system-configs/modules/system/mail-server.nix
View file

@ -44,15 +44,14 @@ in {
# Pass secrets to Stalwart Mail service via environment variables
systemd.services.stalwart-mail = {
serviceConfig = {
EnvironmentFile = [
config.sops.secrets."cloudflare-username".path
config.sops.secrets."cloudflare-dns-token".path
config.sops.secrets."admin-password".path
config.sops.secrets."board-member-password".path
Environment = [
(let v = builtins.replaceStrings ["\n"] [""] (builtins.readFile config.sops.secrets."cloudflare-username".path); in "CLOUDFLARE_USERNAME=${v}")
(let v = builtins.replaceStrings ["\n"] [""] (builtins.readFile config.sops.secrets."cloudflare-dns-token".path); in "CLOUDFLARE_API_TOKEN=${v}")
(let v = builtins.replaceStrings ["\n"] [""] (builtins.readFile config.sops.secrets."admin-password".path); in "ADMIN_PASSWORD=${v}")
(let v = builtins.replaceStrings ["\n"] [""] (builtins.readFile config.sops.secrets."board-member-password".path); in "BOARD_PASSWORD=${v}")
];
};
};
# Enable Tailscale for remote access to Traefik dashboard and configuration
services.tailscale.enable = true;