1
0
Форкнуть 0

Use SNM from branch 20.03 and switch NixOS state to 20.03

master
dump_stack() 2020-05-30 10:00:53 +00:00
родитель b7b2785836
Коммит 226c73e3f5
Подписано: dump_stack
Идентификатор ключа GPG: BE44DA8C062D87DC
2 изменённых файлов: 19 добавлений и 17 удалений

Просмотреть файл

@ -1,10 +1,7 @@
# mail.dumpstack.io
Note:
1. Comment out fetchTarball and mailserver for initial installation,
because of [this bug](https://github.com/NixOS/nix/issues/2405).
2. Some cloud providers disallow outbound SMTP by default. Check it if
1. Some cloud providers disallow outbound SMTP by default. Check it if
there'll be issues with outgoing emails.
## Installation

Просмотреть файл

@ -1,14 +1,13 @@
{ config, pkgs, ... }:
let
secrets = import ./secrets.nix;
domain = "dumpstack.io";
branch = "20.03";
in {
imports = [
./hardware-configuration.nix
# check https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/tags
# for new releases
(builtins.fetchTarball {
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.3.0/nixos-mailserver-v2.3.0.tar.gz";
sha256 = "0lpz08qviccvpfws2nm83n7m2r8add2wvfg9bljx9yxx8107r919";
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-${branch}/nixos-mailserver-nixos-${branch}.tar.gz";
})
];
@ -20,7 +19,7 @@ in {
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/vda";
networking.hostName = "mail.dumpstack.io";
networking.hostName = "mail.${domain}";
networking.firewall.allowedTCPPorts = [ 443 ];
@ -28,29 +27,35 @@ in {
htop
];
security.acme.acceptTerms = true;
security.acme.certs."mail.${domain}".email = "letsencrypt@${domain}";
mailserver = {
enable = true;
fqdn = "mail.dumpstack.io";
domains = [ "dumpstack.io" ];
fqdn = "mail.${domain}";
domains = [ "${domain}" ];
loginAccounts = {
"root@dumpstack.io" = {
"root@${domain}" = {
hashedPassword = "${secrets.mailHashedPassword}";
aliases = secrets.aliases;
catchAll = [ "dumpstack.io" ];
catchAll = [ "${domain}" ];
};
};
certificateScheme = 3; # Let's Encrypt
enableImapSsl = true;
rebootAfterKernelUpgrade.enable = true;
};
time.timeZone = "UTC";
services.openssh.enable = true;
system.autoUpgrade.enable = true;
system.stateVersion = "19.09";
system.autoUpgrade = {
enable = true;
allowReboot = true;
};
# read release notes carefully before changing it
system.stateVersion = "20.03";
nix = {
optimise.automatic = true;