root/the_prg_server_configuration_old
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix the file permissions.

Browse source
This commit is contained in:
Root User 2026-02-15 19:03:14 +01:00
parent 8963c8d048
commit 64d59dd636
Signed by: root
GPG key ID: 087F0A95E5766D72
1 changed files with 9 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

14
nix-system-configs/modules/system/mail-server.nix
View file

@ -52,13 +52,17 @@ in {
# Create /etc/stalwart secret files so the generated TOML can reference them
environment.etc = {
"stalwart/mail-pw1".text = boardPassword; # principal password (board)
"stalwart/mail-pw1".mode = "0400";
"stalwart/mail-pw1".mode = "0440";
"stalwart/mail-pw1".owner = "stalwart";
"stalwart/admin-pw".text = adminPassword; # admin fallback password
"stalwart/admin-pw".mode = "0400";
"stalwart/admin-pw".mode = "0440";
"stalwart/admin-pw".owner = "root";
"stalwart/acme-secret".text = cloudflareToken; # API token for ACME (Cloudflare)
"stalwart/acme-secret".mode = "0400";
"stalwart/acme-secret".mode = "0440";
"stalwart/acme-secret".owner = "stalwart";
"stalwart/cloudflare-username".text = cloudflareUsername; # contact email for ACME
"stalwart/cloudflare-username".mode = "0400";
"stalwart/cloudflare-username".mode = "0440";
"stalwart/cloudflare-username".owner = "stalwart";
};
# Enable Tailscale for remote access to Traefik dashboard and configuration
@ -93,7 +97,7 @@ in {
protocol = "smtp";
tls.implicit = true;
# Also trust proxy for SMTPS
proxy.trusted-networks = ["10.1.1.250/32"];
proxy.trusted-networks = ["10.1.1.250/31"];
};
imaps = {
bind = "[::]:993";