diff --git a/machines/liza/configuration.nix b/machines/liza/configuration.nix index d0462ec..4abb629 100644 --- a/machines/liza/configuration.nix +++ b/machines/liza/configuration.nix @@ -38,7 +38,6 @@ "runyan.org" "runyan.rocks" "thunderhex.com" "tar.ninja" "bsd.ninja" "bsd.rocks" - "paradigminteractive.agency" ]; loginAccounts = { "jeremy@runyan.org" = { @@ -61,6 +60,31 @@ }; age.secrets.email-pw.file = ../../secrets/email-pw.age; + # relay sent mail through mailgun + # https://www.howtoforge.com/community/threads/different-smtp-relays-for-different-domains-in-postfix.82711/#post-392620 + services.postfix.config = { + smtp_sasl_auth_enable = "yes"; + smtp_sasl_security_options = "noanonymous"; + smtp_sasl_password_maps = "hash:/var/lib/postfix/conf/sasl_relay_passwd"; + smtp_use_tls = "yes"; + sender_dependent_relayhost_maps = "hash:/var/lib/postfix/conf/sender_relay"; + }; + services.postfix.mapFiles.sender_relay = let + relayHost = "[smtp.mailgun.org]:587"; + in pkgs.writeText "sender_relay" '' + @neet.space ${relayHost} + @neet.cloud ${relayHost} + @neet.dev ${relayHost} + @runyan.org ${relayHost} + @runyan.rocks ${relayHost} + @thunderhex.com ${relayHost} + @tar.ninja ${relayHost} + @bsd.ninja ${relayHost} + @bsd.rocks ${relayHost} + ''; + services.postfix.mapFiles.sasl_relay_passwd = "/run/agenix/sasl_relay_passwd"; + age.secrets.sasl_relay_passwd.file = ../../secrets/sasl_relay_passwd.age; + services.nextcloud = { enable = true; https = true; diff --git a/secrets/sasl_relay_passwd.age b/secrets/sasl_relay_passwd.age new file mode 100644 index 0000000..60a281d Binary files /dev/null and b/secrets/sasl_relay_passwd.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index a0d3e7f..e955ff7 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -18,4 +18,5 @@ in "wolframalpha.age".publicKeys = all; "cloudflared-navidrome.json.age".publicKeys = all; "smb-secrets.age".publicKeys = all; + "sasl_relay_passwd.age".publicKeys = all; }