Migrate emails

2025-12-24 21:26:59 +01:00 · 2021-12-26 19:42:23 +01:00 · 2021-12-26 19:42:23 +01:00 · 769d01b59f
commit 769d01b59f
parent 59d9750653
4 changed files with 158 additions and 11 deletions
--- a/dns.tf
+++ b/dns.tf
@ -113,7 +113,7 @@ resource "hetznerdns_record" "db1_a" {
 resource "hetznerdns_record" "banditlair_dedicated_a" {
  zone_id = data.hetznerdns_zone.banditlair_zone.id
  name    = "*"
-  value   = "144.76.18.197"
+  value   = local.storage1_ip
  type    = "A"
  ttl     = 600
 }
@ -194,8 +194,8 @@ resource "hetznerdns_record" "dmarc_report_falbo_txt" {

 resource "hetznerdns_record" "dkim_txt" {
  zone_id = data.hetznerdns_zone.banditlair_zone.id
-  name    = "dkim._domainkey"
-  value   = "\"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwDEwt+a0neFlyq7ndCj0EECUp4bsusFpL2aVzroLY5Xw9S//dYuXUp1sr/yiivS71WyNjt7tOpuonu0gGEWpc6RPyeZrzXQg+zY1k/1+cLXFMz5HmJJaAbNxK02Qn89qfk/Y3pbuJt6Y/NBQ4KVOCZQB2hCT2izVSWSkhegYTCwIDAQAB\""
+  name    = "mail._domainkey"
+  value   = "\"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCgRhQ9zN4hkiASKH4kTfWUSBz+Ov7BvH0459BDVeSNQFjH3KjmofJicKQ6eWXGJOSz4jCpNDRdgMbkVHEiTHOcKd/u9LqxEchWKZU50lwSrYhUmr8j+b4vgf+sUxIWKCZUNuyrDp2ROeheA3Pbx+fYJb3VhGTZecLlchMrRjBJqwIDAQAB\""
  type    = "TXT"
  ttl     = 600
 }
@ -254,8 +254,8 @@ resource "hetznerdns_record" "falbo_dmarc_txt" {

 resource "hetznerdns_record" "falbo_dkim_txt" {
  zone_id = data.hetznerdns_zone.falbo_zone.id
-  name    = "dkim._domainkey"
-  value   = "\"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWJwmQoiaxKCp6Cj+rELeHicd7VD1l/Q5KKQURgt1wIAY36bwbFYeuN/+ULruJzbnoyJ63G2QttO4H6MLdVTgNRjTuixmoE5mZEAE/7BlyAfDS0MLUXyGbxD6WtGZPT6PQ1cxWp9jVvYUs/NypcRfpDu0J9IXX6+coQM5CMLLdRwIDAQAB\""
+  name    = "mail._domainkey"
+  value   = "\"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCY6ESTQcWbZVNxjb8TFhpyhCoG6Ri8OV1MijDHGNmpLye8AsuMzaEdcFk59AoIWPI6P9ZGIXzYTTwRxXhCIBrRJgcDGrbTAQ7tuaKggJRCXhan7FVMizZSJ53NEr3f4PFaBtrV0Ni8f7ENuT6WcQQ+JsMN3vEGbwA1LmgHH2XSBQIDAQAB\""
  type    = "TXT"
  ttl     = 600
 }
@ -322,8 +322,8 @@ resource "hetznerdns_record" "froidmont_dmarc_txt" {

 resource "hetznerdns_record" "froidmont_dkim_txt" {
  zone_id = data.hetznerdns_zone.froidmont_zone.id
-  name    = "dkim._domainkey"
-  value   = "\"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlBZhkvPboheAWQtlWZCJpxIsjLvMOjn9TUHpyNz/tATA4/I6m21YlXreyHVoLLkaGOS/jXx2dptU/l6C0Bu+HdhcyBqw3tOxnTwDzD07h58u1mM5L//k/F+YsD+onCWYehQpIzCeRGgNe1w4QN11im4VVoNznFPzwMLIeepbg/QIDAQAB\""
+  name    = "mail._domainkey"
+  value   = "\"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoY56+gnsfCFGVchumtl7mnRuFENBKoTojxpMZQ8kHPY68pkTg7Xw0M6GtfLQQa/2VGCddQIYcXH74nu7J/4vakEPLp7JYsToqbLOucfXoFbBAQN3N43YyUsp8DqMh80y0UjItHf04HQUfa+OyjJWZD9JZm2oKIAO4Z0X0RoSyWwIDAQAB\""
  type    = "TXT"
  ttl     = 600
 }
--- a/modules/mailserver.nix
+++ b/modules/mailserver.nix
@ -5,17 +5,149 @@
    paultrialPassword = {
      key = "email/accounts_passwords/paultrial";
    };
+    eliosPassword = {
+      key = "email/accounts_passwords/elios";
+    };
+    mariePassword = {
+      key = "email/accounts_passwords/marie";
+    };
+    alicePassword = {
+      key = "email/accounts_passwords/alice";
+    };
+    monitPassword = {
+      key = "email/accounts_passwords/monit";
+    };
  };

  mailserver = {
    enable = true;
-    fqdn = "mail2.banditlair.com";
+    fqdn = "mail.banditlair.com";
    domains = [ "banditlair.com" "froidmont.org" "falbo.fr" ];
-    # mailDirectory = "/nix/var/data/vmail";
+    mailDirectory = "/nix/var/data/vmail";
+    lmtpSaveToDetailMailbox = "no";
    loginAccounts = {
      "paultrial@banditlair.com" = {
        # nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2 > /hashed/password/file/location
        hashedPasswordFile = config.sops.secrets.paultrialPassword.path;
+        aliases = [
+          "contact@froidmont.org"
+          "account@banditlair.com"
+        ];
+      };
+      "marie-alice@froidmont.org" = {
+        hashedPasswordFile = config.sops.secrets.mariePassword.path;
+        aliases = [
+          "osteopathie@froidmont.org"
+          "communication@froidmont.org"
+          "crelan.communication@froidmont.org"
+          "kerger.communication@froidmont.org"
+          "3arcs.communication@froidmont.org"
+          "7days.communication@froidmont.org"
+          "ulb.communication@froidmont.org"
+          "baijot.communication@froidmont.org"
+          "alltrails.communication@froidmont.org"
+          "alltricks.communication@froidmont.org"
+          "amazon.communication@froidmont.org"
+          "athletv.communication@froidmont.org"
+          "bebecenter.communication@froidmont.org"
+          "canyon.communication@froidmont.org"
+          "cbc.communication@froidmont.org"
+          "coursulb.communication@froidmont.org"
+          "decathlon.communication@froidmont.org"
+          "degiro.communication@froidmont.org"
+          "delogne.communication@froidmont.org"
+          "diagnosteo.communication@froidmont.org"
+          "haptis.communication@froidmont.org"
+          "fortis.communication@froidmont.org"
+          "fox.communication@froidmont.org"
+          "vandenborre.communication@froidmont.org"
+          "swissquote.communication@froidmont.org"
+          "belso.communication@froidmont.org"
+          "hibike.communication@froidmont.org"
+          "giromedical.communication@froidmont.org"
+          "gymna.communication@froidmont.org"
+          "hotmail.communication@froidmont.org"
+          "hubo.communication@froidmont.org"
+          "infopixel.communication@froidmont.org"
+          "jysk.communication@froidmont.org"
+          "kerger.communication@froidmont.org"
+          "ldlc.communication@froidmont.org"
+          "location.communication@froidmont.org"
+          "mainslibres.communication@froidmont.org"
+          "vistaprint.communication@froidmont.org"
+          "solidaris.communication@froidmont.org"
+          "coulon.communication@froidmont.org"
+          "vlan.communication@froidmont.org"
+          "hotel.communication@froidmont.org"
+          "medipost.communication@froidmont.org"
+          "proximus.communication@froidmont.org"
+          "marie.communication@froidmont.org"
+          "tuxedo.communication@froidmont.org"
+          "corine.wallaux.communication@froidmont.org"
+          "maziers.communication@froidmont.org"
+          "miliboo.communication@froidmont.org"
+          "nike.communication@froidmont.org"
+          "partena.communication@froidmont.org"
+          "payconiq.communication@froidmont.org"
+          "plumart.communication@froidmont.org"
+          "probikeshop.communication@froidmont.org"
+          "ring.communication@froidmont.org"
+          "teams.communication@froidmont.org"
+          "trail.communication@froidmont.org"
+          "wikiloc.communication@froidmont.org"
+          "udemy.communication@froidmont.org"
+        ];
+      };
+      "alice@froidmont.org" = {
+        hashedPasswordFile = config.sops.secrets.alicePassword.path;
+      };
+      "elios@banditlair.com" = {
+        hashedPasswordFile = config.sops.secrets.eliosPassword.path;
+        aliases = [
+          "webshit@banditlair.com"
+          "nexusmods.webshit@banditlair.com"
+          "pizza.webshit@banditlair.com"
+          "fnac.webshit@banditlair.com"
+          "paypal.webshit@banditlair.com"
+          "zooplus.webshit@banditlair.com"
+          "event.webshit@banditlair.com"
+          "reservation.webshit@banditlair.com"
+          "netflix.webshit@banditlair.com"
+          "jvc.webshit@banditlair.com"
+          "kickstarter.webshit@banditlair.com"
+          "vpn.webshit@banditlair.com"
+          "VOO.WEBSHIT@banditlair.com"
+          "proximus.webshit@banditlair.com"
+          "post.webshit@banditlair.com"
+          "ikea.webshit@banditlair.com"
+          "microsoft.webshit@banditlair.com"
+          "zerotier.webshit@banditlair.com"
+          "athome.webshit@banditlair.com"
+          "nordvpn.webshit@banditlair.com"
+          "sncf.webshit@banditlair.com"
+          "paradox.webshit@banditlair.com"
+          "oracle.webshit@banditlair.com"
+          "kinepolis.webshit@banditlair.com"
+          "leboncoin.webshit@banditlair.com"
+          "wondercraft.webshit@banditlair.com"
+          "petitvapoteur.webshit@banditlair.com"
+          "ryanair.webshit@banditlair.com"
+          "europapark.webshit@banditlair.com"
+          "Tricount.webshit@banditlair.com"
+          "huawei.webshit@banditlair.com"
+          "facebook.webshit@banditlair.com"
+          "roll20.webshit@banditlair.com"
+          "drivethrurpg.webshit@banditlair.com"
+          "chrono24.webshit@banditlair.com"
+          "emby.webshit@banditlair.com"
+          "amazon.webshit@banditlair.com"
+          "steam.webshit@banditlair.com"
+          "tinder.webshit@banditlair.com"
+        ];
+      };
+      "monit@banditlair.com" = {
+        hashedPasswordFile = config.sops.secrets.monitPassword.path;
+        sendOnly = true;
      };
    };
    extraVirtualAliases = {
@ -30,6 +162,11 @@
      "info@falbo.fr" = "paultrial@banditlair.com";
      "postmaster@falbo.fr" = "paultrial@banditlair.com";
      "abuse@falbo.fr" = "paultrial@banditlair.com";
+
+      #Catch all
+      "@banditlair.com" = "paultrial@banditlair.com";
+      "@froidmont.org" = "paultrial@banditlair.com";
+      "@falbo.fr" = "elios@banditlair.com";
    };


--- a/profiles/storage.nix
+++ b/profiles/storage.nix
@ -24,4 +24,10 @@
    group = config.users.groups.www-data.name;
  };
  users.groups.www-data = { gid = 991; };
+
+  users.users.steam = {
+    isNormalUser = true;
+    group = config.users.groups.steam.name;
+  };
+  users.groups.steam = { };
 }
--- a/secrets.enc.yml
+++ b/secrets.enc.yml
@ -10,6 +10,10 @@ transmission:
 email:
    accounts_passwords:
        paultrial: ENC[AES256_GCM,data:fDGYNdu9DQcfheOkc5aixUGmHPrVh4/6JGAECwhl64zpxXqPQ/jqYoaOMz3o3wozF1g+ZOKdBd2daBm0,iv:nyz37z1gmKbdpBDRvEe/4l36+evh89kpgowNxd+KdE0=,tag:j6JWAXglSPtKqN0v7akrSg==,type:str]
+        elios: ENC[AES256_GCM,data:J1Q1dz7IuDshfVk6PREMwatI6vbpAWhYjk3q/0+rZcvmGhmqXw+3CO8Q6M9ATd1j4cRGvK9G2pLAeu4m,iv:0RxXvfzhmEFWVnNdhQJ2ZvaZ86AFfFhpNKahfmp/ONk=,tag:4XGo6fEINSrhPfWF1EABHA==,type:str]
+        marie: ENC[AES256_GCM,data:XM1Gt2fY0GqOq+J3+CQflnWPLMmILqTWviWxzkrluovweQ+iMWmfGAS9o2K/GAS1Rr0G3P4NFmhPe6YL,iv:g9Y3WClUzvE4bkXaV82q2/cFME20KvsIV1T/q0ysBIo=,tag:Gc5rE/WubuD66uz+8OOclQ==,type:str]
+        alice: ENC[AES256_GCM,data:YKGwIj3RnsKuVZYfKGi9O+QE05wMMs86nw0NI5Q1XfRLdzGhBfAaPI/WjZ3C7APAzkNWKtYWgrCvQXcn,iv:dirLlOph9Vh2lmZga0HJ48SIwsRCgC1JzgF+pLVF62I=,tag:VcMbpEoxHdhCpxZI6ODzAw==,type:str]
+        monit: ENC[AES256_GCM,data:p/Vtc9MM8BeNF2V3l0VL82oOk0JUeKY/hAqPtW45Sdm8hiZbCNdF68jurvoI2oBu8b0d2Fer0n4ybAQJ,iv:R7PhqwaWaxx7g1gyYnh0UdoQILYHKuFG84AGghiOJ9g=,tag:S/IpeyVHLzHyqPDHIxAT8w==,type:str]
 wiki:
    anderia:
        users_file: ENC[AES256_GCM,data:Zx5QTmtqqrRwbHUMiVFfvMnvzaLSlKiouOg57H+4RYS/5Zavl4y3Awswuiz9y7iRDGZhsxba6Ki3jEg/sSwlmB/hICQikQlRfsnx1ibAKeTv9A==,iv:R7vQBU/4thmBVcydHPNiwUOavkhl6OGEVL9WdexJzAw=,tag:FQ/9LjQ6c+ErAhH3erzOBQ==,type:str]
@ -35,8 +39,8 @@ sops:
    azure_kv: []
    hc_vault: []
    age: []
-    lastmodified: "2021-12-09T21:02:06Z"
-    mac: ENC[AES256_GCM,data:UTQgCoVA38k/D2kt1EVEq5mNhQAyuPcyNJnCpSZ9drRa9Nslr4GYSKTetz3HMdqkEy7H4EBYF5PrBttwJ8HSa7VcJZ3ct3WfW7qeCAd1O3ZDlmeLhII4o4+XG49HoQ5jpVJs5Dve8eJn7DOtVrluXblbahFZlQmN1m7mSlGdt20=,iv:34Br9UV6YOI6/4OBYeJDorlkj2lPSblHy429dWd2UIY=,tag:HfH06ZqikXZDGaeGxoeGvg==,type:str]
+    lastmodified: "2021-12-26T15:01:54Z"
+    mac: ENC[AES256_GCM,data:NZHnzTzxv6rAGxOJUyrYvt4W0nvzBIRcSbTqwmu7ICLXGlNNnt0mKL/j4LgQPufUM1RLAKX3DwUamN7FqdcGAb0QdgGeF/3QPa3T2Fuaj/wZz6/MnzKAlVadfBKF5N7JsfPnjPnZ2J+dbJPGS5FK5yQJRi5GbBd69WbLHbwBSOM=,iv:19vPP3wikeC4GcAgu/oGPxIJAaOXEGCTOd8exAZz/8U=,tag:Wm2ytvLSk5EG1Fb3ycTRGw==,type:str]
    pgp:
        - created_at: "2021-11-29T00:57:34Z"
          enc: |