diff --git a/config/domain-config/fudo.org.nix b/config/domain-config/fudo.org.nix index 4020e1c..16c5490 100644 --- a/config/domain-config/fudo.org.nix +++ b/config/domain-config/fudo.org.nix @@ -52,22 +52,14 @@ in { config = { # All Fudo hosts should redirect selby.ca to the selbyhomecentre website. services.nginx.virtualHosts = { - "selby.ca" = { - enableACME = true; - locations."/".return = "301 https://selbyhomecentre.com$request_uri"; - }; - "www.selby.ca" = { - enableACME = true; - locations."/".return = "301 https://selbyhomecentre.com$request_uri"; - }; - "selbyhomecentre.com" = { - enableACME = true; - locations."/".return = "301 https://selbyhomecentre.com$request_uri"; - }; - "www.selbyhomecentre.com" = { - enableACME = true; - locations."/".return = "301 https://selbyhomecentre.com$request_uri"; - }; + "selby.ca".locations."/".return = + "301 https://selbyhomecentre.com$request_uri"; + "www.selby.ca".locations."/".return = + "301 https://selbyhomecentre.com$request_uri"; + "selbyhomecentre.com".locations."/".return = + "301 https://selbyhomecentre.com$request_uri"; + "www.selbyhomecentre.com".locations."/".return = + "301 https://selbyhomecentre.com$request_uri"; }; fudo.services = { @@ -88,7 +80,7 @@ in { }; "selby.ca" = { default-host = "germany"; - ksk = config.fudo.secrets.files.dns.key-signing-keys."selby.ca"; + ksk = null; }; "selbyhomecentre.com" = { default-host = "germany"; diff --git a/config/host-config/germany.nix b/config/host-config/germany.nix index 216bb4a..10a61b5 100644 --- a/config/host-config/germany.nix +++ b/config/host-config/germany.nix @@ -23,9 +23,9 @@ in { prefixLength = 28; }]; }; - firewall.enable = { + firewall = { enable = false; - interface.podman0.allowedUDPPorts = [ 53 ]; + interfaces.podman0.allowedUDPPorts = [ 53 ]; }; }; diff --git a/config/service/fudo-auth.nix b/config/service/fudo-auth.nix index 1759468..2187eac 100644 --- a/config/service/fudo-auth.nix +++ b/config/service/fudo-auth.nix @@ -90,13 +90,16 @@ in { ]; description = "Initialize and update the Heimdal KDC database."; path = with pkgs; [ kdcMergePrincipals coreutils ]; - serviceConfig = { + serviceConfig = let + db = config.fudo.auth.kerberos.kdc.database; + principals = host-secrets.kdc-principals.target-file; + master-key = host-secrets.realm-master-key.target-file; + in { User = krb-user; Group = krb-group; + Restart = "always"; + ConditionPathExists = [ db principals master-key ]; ExecStart = let - db = config.fudo.auth.kerberos.kdc.database; - principals = host-secrets.kdc-principals.target-file; - master-key = host-secrets.realm-master-key.target-file; init-db-cmd = concatStringsSep " " [ "${pkgs.kdcMergePrincipals}/bin/kdc-merge-principals" "--create" diff --git a/flake.lock b/flake.lock index 4e23860..53a6ce7 100644 --- a/flake.lock +++ b/flake.lock @@ -2984,11 +2984,11 @@ ] }, "locked": { - "lastModified": 1697257997, - "narHash": "sha256-oVRwU9XkWzhfRFrvNzNLSS6YUIyFiFX/uVt/WrFRxZw=", + "lastModified": 1697412875, + "narHash": "sha256-rJmQ1+5mDuA4nskjnDQ6KVRIS0c8nJ3SJaOrpdIx+I0=", "ref": "refs/heads/master", - "rev": "34b51d34b9f339f12e4111d4d6e5b00b8752f6bc", - "revCount": 241, + "rev": "af3dbd0bed0da50d8b13d01256a328b15d9eb7c5", + "revCount": 245, "type": "git", "url": "https://git.fudo.org/fudo-public/mail-server.git" }, @@ -3548,11 +3548,11 @@ }, "nixpkgs_21": { "locked": { - "lastModified": 1696983906, - "narHash": "sha256-L7GyeErguS7Pg4h8nK0wGlcUTbfUMDu+HMf1UcyP72k=", + "lastModified": 1697226376, + "narHash": "sha256-cumLLb1QOUtWieUnLGqo+ylNt3+fU8Lcv5Zl+tYbRUE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bd1cde45c77891214131cbbea5b1203e485a9d51", + "rev": "898cb2064b6e98b8c5499f37e81adbdf2925f7c5", "type": "github" }, "original": {