diff --git a/dns.tf b/dns.tf index bd1bbbd..30dadb1 100644 --- a/dns.tf +++ b/dns.tf @@ -113,7 +113,7 @@ resource "hetznerdns_record" "db1_a" { resource "hetznerdns_record" "banditlair_dedicated_a" { zone_id = data.hetznerdns_zone.banditlair_zone.id name = "*" - value = "144.76.18.197" + value = local.storage1_ip type = "A" ttl = 600 } @@ -194,8 +194,8 @@ resource "hetznerdns_record" "dmarc_report_falbo_txt" { resource "hetznerdns_record" "dkim_txt" { zone_id = data.hetznerdns_zone.banditlair_zone.id - name = "dkim._domainkey" - value = "\"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwDEwt+a0neFlyq7ndCj0EECUp4bsusFpL2aVzroLY5Xw9S//dYuXUp1sr/yiivS71WyNjt7tOpuonu0gGEWpc6RPyeZrzXQg+zY1k/1+cLXFMz5HmJJaAbNxK02Qn89qfk/Y3pbuJt6Y/NBQ4KVOCZQB2hCT2izVSWSkhegYTCwIDAQAB\"" + name = "mail._domainkey" + value = "\"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCgRhQ9zN4hkiASKH4kTfWUSBz+Ov7BvH0459BDVeSNQFjH3KjmofJicKQ6eWXGJOSz4jCpNDRdgMbkVHEiTHOcKd/u9LqxEchWKZU50lwSrYhUmr8j+b4vgf+sUxIWKCZUNuyrDp2ROeheA3Pbx+fYJb3VhGTZecLlchMrRjBJqwIDAQAB\"" type = "TXT" ttl = 600 } @@ -254,8 +254,8 @@ resource "hetznerdns_record" "falbo_dmarc_txt" { resource "hetznerdns_record" "falbo_dkim_txt" { zone_id = data.hetznerdns_zone.falbo_zone.id - name = "dkim._domainkey" - value = "\"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWJwmQoiaxKCp6Cj+rELeHicd7VD1l/Q5KKQURgt1wIAY36bwbFYeuN/+ULruJzbnoyJ63G2QttO4H6MLdVTgNRjTuixmoE5mZEAE/7BlyAfDS0MLUXyGbxD6WtGZPT6PQ1cxWp9jVvYUs/NypcRfpDu0J9IXX6+coQM5CMLLdRwIDAQAB\"" + name = "mail._domainkey" + value = "\"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCY6ESTQcWbZVNxjb8TFhpyhCoG6Ri8OV1MijDHGNmpLye8AsuMzaEdcFk59AoIWPI6P9ZGIXzYTTwRxXhCIBrRJgcDGrbTAQ7tuaKggJRCXhan7FVMizZSJ53NEr3f4PFaBtrV0Ni8f7ENuT6WcQQ+JsMN3vEGbwA1LmgHH2XSBQIDAQAB\"" type = "TXT" ttl = 600 } @@ -322,8 +322,8 @@ resource "hetznerdns_record" "froidmont_dmarc_txt" { resource "hetznerdns_record" "froidmont_dkim_txt" { zone_id = data.hetznerdns_zone.froidmont_zone.id - name = "dkim._domainkey" - value = "\"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlBZhkvPboheAWQtlWZCJpxIsjLvMOjn9TUHpyNz/tATA4/I6m21YlXreyHVoLLkaGOS/jXx2dptU/l6C0Bu+HdhcyBqw3tOxnTwDzD07h58u1mM5L//k/F+YsD+onCWYehQpIzCeRGgNe1w4QN11im4VVoNznFPzwMLIeepbg/QIDAQAB\"" + name = "mail._domainkey" + value = "\"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoY56+gnsfCFGVchumtl7mnRuFENBKoTojxpMZQ8kHPY68pkTg7Xw0M6GtfLQQa/2VGCddQIYcXH74nu7J/4vakEPLp7JYsToqbLOucfXoFbBAQN3N43YyUsp8DqMh80y0UjItHf04HQUfa+OyjJWZD9JZm2oKIAO4Z0X0RoSyWwIDAQAB\"" type = "TXT" ttl = 600 } diff --git a/modules/mailserver.nix b/modules/mailserver.nix index 041c206..d17f177 100644 --- a/modules/mailserver.nix +++ b/modules/mailserver.nix @@ -5,17 +5,149 @@ paultrialPassword = { key = "email/accounts_passwords/paultrial"; }; + eliosPassword = { + key = "email/accounts_passwords/elios"; + }; + mariePassword = { + key = "email/accounts_passwords/marie"; + }; + alicePassword = { + key = "email/accounts_passwords/alice"; + }; + monitPassword = { + key = "email/accounts_passwords/monit"; + }; }; mailserver = { enable = true; - fqdn = "mail2.banditlair.com"; + fqdn = "mail.banditlair.com"; domains = [ "banditlair.com" "froidmont.org" "falbo.fr" ]; - # mailDirectory = "/nix/var/data/vmail"; + mailDirectory = "/nix/var/data/vmail"; + lmtpSaveToDetailMailbox = "no"; loginAccounts = { "paultrial@banditlair.com" = { # nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2 > /hashed/password/file/location hashedPasswordFile = config.sops.secrets.paultrialPassword.path; + aliases = [ + "contact@froidmont.org" + "account@banditlair.com" + ]; + }; + "marie-alice@froidmont.org" = { + hashedPasswordFile = config.sops.secrets.mariePassword.path; + aliases = [ + "osteopathie@froidmont.org" + "communication@froidmont.org" + "crelan.communication@froidmont.org" + "kerger.communication@froidmont.org" + "3arcs.communication@froidmont.org" + "7days.communication@froidmont.org" + "ulb.communication@froidmont.org" + "baijot.communication@froidmont.org" + "alltrails.communication@froidmont.org" + "alltricks.communication@froidmont.org" + "amazon.communication@froidmont.org" + "athletv.communication@froidmont.org" + "bebecenter.communication@froidmont.org" + "canyon.communication@froidmont.org" + "cbc.communication@froidmont.org" + "coursulb.communication@froidmont.org" + "decathlon.communication@froidmont.org" + "degiro.communication@froidmont.org" + "delogne.communication@froidmont.org" + "diagnosteo.communication@froidmont.org" + "haptis.communication@froidmont.org" + "fortis.communication@froidmont.org" + "fox.communication@froidmont.org" + "vandenborre.communication@froidmont.org" + "swissquote.communication@froidmont.org" + "belso.communication@froidmont.org" + "hibike.communication@froidmont.org" + "giromedical.communication@froidmont.org" + "gymna.communication@froidmont.org" + "hotmail.communication@froidmont.org" + "hubo.communication@froidmont.org" + "infopixel.communication@froidmont.org" + "jysk.communication@froidmont.org" + "kerger.communication@froidmont.org" + "ldlc.communication@froidmont.org" + "location.communication@froidmont.org" + "mainslibres.communication@froidmont.org" + "vistaprint.communication@froidmont.org" + "solidaris.communication@froidmont.org" + "coulon.communication@froidmont.org" + "vlan.communication@froidmont.org" + "hotel.communication@froidmont.org" + "medipost.communication@froidmont.org" + "proximus.communication@froidmont.org" + "marie.communication@froidmont.org" + "tuxedo.communication@froidmont.org" + "corine.wallaux.communication@froidmont.org" + "maziers.communication@froidmont.org" + "miliboo.communication@froidmont.org" + "nike.communication@froidmont.org" + "partena.communication@froidmont.org" + "payconiq.communication@froidmont.org" + "plumart.communication@froidmont.org" + "probikeshop.communication@froidmont.org" + "ring.communication@froidmont.org" + "teams.communication@froidmont.org" + "trail.communication@froidmont.org" + "wikiloc.communication@froidmont.org" + "udemy.communication@froidmont.org" + ]; + }; + "alice@froidmont.org" = { + hashedPasswordFile = config.sops.secrets.alicePassword.path; + }; + "elios@banditlair.com" = { + hashedPasswordFile = config.sops.secrets.eliosPassword.path; + aliases = [ + "webshit@banditlair.com" + "nexusmods.webshit@banditlair.com" + "pizza.webshit@banditlair.com" + "fnac.webshit@banditlair.com" + "paypal.webshit@banditlair.com" + "zooplus.webshit@banditlair.com" + "event.webshit@banditlair.com" + "reservation.webshit@banditlair.com" + "netflix.webshit@banditlair.com" + "jvc.webshit@banditlair.com" + "kickstarter.webshit@banditlair.com" + "vpn.webshit@banditlair.com" + "VOO.WEBSHIT@banditlair.com" + "proximus.webshit@banditlair.com" + "post.webshit@banditlair.com" + "ikea.webshit@banditlair.com" + "microsoft.webshit@banditlair.com" + "zerotier.webshit@banditlair.com" + "athome.webshit@banditlair.com" + "nordvpn.webshit@banditlair.com" + "sncf.webshit@banditlair.com" + "paradox.webshit@banditlair.com" + "oracle.webshit@banditlair.com" + "kinepolis.webshit@banditlair.com" + "leboncoin.webshit@banditlair.com" + "wondercraft.webshit@banditlair.com" + "petitvapoteur.webshit@banditlair.com" + "ryanair.webshit@banditlair.com" + "europapark.webshit@banditlair.com" + "Tricount.webshit@banditlair.com" + "huawei.webshit@banditlair.com" + "facebook.webshit@banditlair.com" + "roll20.webshit@banditlair.com" + "drivethrurpg.webshit@banditlair.com" + "chrono24.webshit@banditlair.com" + "emby.webshit@banditlair.com" + "amazon.webshit@banditlair.com" + "steam.webshit@banditlair.com" + "tinder.webshit@banditlair.com" + ]; + }; + "monit@banditlair.com" = { + hashedPasswordFile = config.sops.secrets.monitPassword.path; + sendOnly = true; }; }; extraVirtualAliases = { @@ -30,6 +162,11 @@ "info@falbo.fr" = "paultrial@banditlair.com"; "postmaster@falbo.fr" = "paultrial@banditlair.com"; "abuse@falbo.fr" = "paultrial@banditlair.com"; + + #Catch all + "@banditlair.com" = "paultrial@banditlair.com"; + "@froidmont.org" = "paultrial@banditlair.com"; + "@falbo.fr" = "elios@banditlair.com"; }; diff --git a/profiles/storage.nix b/profiles/storage.nix index 9805328..d1dc3eb 100644 --- a/profiles/storage.nix +++ b/profiles/storage.nix @@ -24,4 +24,10 @@ group = config.users.groups.www-data.name; }; users.groups.www-data = { gid = 991; }; + + users.users.steam = { + isNormalUser = true; + group = config.users.groups.steam.name; + }; + users.groups.steam = { }; } diff --git a/secrets.enc.yml b/secrets.enc.yml index 52a4529..61e24b1 100644 --- a/secrets.enc.yml +++ b/secrets.enc.yml @@ -10,6 +10,10 @@ transmission: email: accounts_passwords: paultrial: ENC[AES256_GCM,data:fDGYNdu9DQcfheOkc5aixUGmHPrVh4/6JGAECwhl64zpxXqPQ/jqYoaOMz3o3wozF1g+ZOKdBd2daBm0,iv:nyz37z1gmKbdpBDRvEe/4l36+evh89kpgowNxd+KdE0=,tag:j6JWAXglSPtKqN0v7akrSg==,type:str] + elios: ENC[AES256_GCM,data:J1Q1dz7IuDshfVk6PREMwatI6vbpAWhYjk3q/0+rZcvmGhmqXw+3CO8Q6M9ATd1j4cRGvK9G2pLAeu4m,iv:0RxXvfzhmEFWVnNdhQJ2ZvaZ86AFfFhpNKahfmp/ONk=,tag:4XGo6fEINSrhPfWF1EABHA==,type:str] + marie: ENC[AES256_GCM,data:XM1Gt2fY0GqOq+J3+CQflnWPLMmILqTWviWxzkrluovweQ+iMWmfGAS9o2K/GAS1Rr0G3P4NFmhPe6YL,iv:g9Y3WClUzvE4bkXaV82q2/cFME20KvsIV1T/q0ysBIo=,tag:Gc5rE/WubuD66uz+8OOclQ==,type:str] + alice: ENC[AES256_GCM,data:YKGwIj3RnsKuVZYfKGi9O+QE05wMMs86nw0NI5Q1XfRLdzGhBfAaPI/WjZ3C7APAzkNWKtYWgrCvQXcn,iv:dirLlOph9Vh2lmZga0HJ48SIwsRCgC1JzgF+pLVF62I=,tag:VcMbpEoxHdhCpxZI6ODzAw==,type:str] + monit: ENC[AES256_GCM,data:p/Vtc9MM8BeNF2V3l0VL82oOk0JUeKY/hAqPtW45Sdm8hiZbCNdF68jurvoI2oBu8b0d2Fer0n4ybAQJ,iv:R7PhqwaWaxx7g1gyYnh0UdoQILYHKuFG84AGghiOJ9g=,tag:S/IpeyVHLzHyqPDHIxAT8w==,type:str] wiki: anderia: users_file: ENC[AES256_GCM,data:Zx5QTmtqqrRwbHUMiVFfvMnvzaLSlKiouOg57H+4RYS/5Zavl4y3Awswuiz9y7iRDGZhsxba6Ki3jEg/sSwlmB/hICQikQlRfsnx1ibAKeTv9A==,iv:R7vQBU/4thmBVcydHPNiwUOavkhl6OGEVL9WdexJzAw=,tag:FQ/9LjQ6c+ErAhH3erzOBQ==,type:str] @@ -35,8 +39,8 @@ sops: azure_kv: [] hc_vault: [] age: [] - lastmodified: "2021-12-09T21:02:06Z" - mac: ENC[AES256_GCM,data:UTQgCoVA38k/D2kt1EVEq5mNhQAyuPcyNJnCpSZ9drRa9Nslr4GYSKTetz3HMdqkEy7H4EBYF5PrBttwJ8HSa7VcJZ3ct3WfW7qeCAd1O3ZDlmeLhII4o4+XG49HoQ5jpVJs5Dve8eJn7DOtVrluXblbahFZlQmN1m7mSlGdt20=,iv:34Br9UV6YOI6/4OBYeJDorlkj2lPSblHy429dWd2UIY=,tag:HfH06ZqikXZDGaeGxoeGvg==,type:str] + lastmodified: "2021-12-26T15:01:54Z" + mac: ENC[AES256_GCM,data:NZHnzTzxv6rAGxOJUyrYvt4W0nvzBIRcSbTqwmu7ICLXGlNNnt0mKL/j4LgQPufUM1RLAKX3DwUamN7FqdcGAb0QdgGeF/3QPa3T2Fuaj/wZz6/MnzKAlVadfBKF5N7JsfPnjPnZ2J+dbJPGS5FK5yQJRi5GbBd69WbLHbwBSOM=,iv:19vPP3wikeC4GcAgu/oGPxIJAaOXEGCTOd8exAZz/8U=,tag:Wm2ytvLSk5EG1Fb3ycTRGw==,type:str] pgp: - created_at: "2021-11-29T00:57:34Z" enc: |