Wrap service options in service
This commit is contained in:
parent
2faf1a8a02
commit
765792dc54
@ -188,6 +188,7 @@ in {
|
|||||||
|
|
||||||
in {
|
in {
|
||||||
smtp = {
|
smtp = {
|
||||||
|
service = {
|
||||||
networks = [
|
networks = [
|
||||||
"internal_network"
|
"internal_network"
|
||||||
# Needs access to internet to forward emails
|
# Needs access to internet to forward emails
|
||||||
@ -198,6 +199,7 @@ in {
|
|||||||
"${cfg.smtp.ssl-directory}:/run/certs/smtp"
|
"${cfg.smtp.ssl-directory}:/run/certs/smtp"
|
||||||
];
|
];
|
||||||
ports = [ "25:25" "587:587" "465:465" "2525:2525" ];
|
ports = [ "25:25" "587:587" "465:465" "2525:2525" ];
|
||||||
|
};
|
||||||
nixos = {
|
nixos = {
|
||||||
useSystemd = true;
|
useSystemd = true;
|
||||||
configuration = [
|
configuration = [
|
||||||
@ -250,6 +252,7 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
imap = {
|
imap = {
|
||||||
|
service = {
|
||||||
networks = [ "internal_network" ];
|
networks = [ "internal_network" ];
|
||||||
ports = [ "143:143" "993:993" ];
|
ports = [ "143:143" "993:993" ];
|
||||||
user = mkUserMap "mailserver-dovecot";
|
user = mkUserMap "mailserver-dovecot";
|
||||||
@ -258,6 +261,7 @@ in {
|
|||||||
"${hostSecrets.dovecotLdapConfig.target-file}:/run/dovecot2/conf.d/ldap.conf:ro"
|
"${hostSecrets.dovecotLdapConfig.target-file}:/run/dovecot2/conf.d/ldap.conf:ro"
|
||||||
"${cfg.imap.ssl-directory}:/run/certs/imap"
|
"${cfg.imap.ssl-directory}:/run/certs/imap"
|
||||||
];
|
];
|
||||||
|
};
|
||||||
nixos = {
|
nixos = {
|
||||||
useSystemd = true;
|
useSystemd = true;
|
||||||
configuration = [
|
configuration = [
|
||||||
@ -302,11 +306,13 @@ in {
|
|||||||
envFile = hostSecrets.mailLdapProxyEnv.target-file;
|
envFile = hostSecrets.mailLdapProxyEnv.target-file;
|
||||||
};
|
};
|
||||||
antispam = {
|
antispam = {
|
||||||
|
service = {
|
||||||
networks = [
|
networks = [
|
||||||
"internal_network"
|
"internal_network"
|
||||||
# Needs external access for blacklist checks
|
# Needs external access for blacklist checks
|
||||||
"external_network"
|
"external_network"
|
||||||
];
|
];
|
||||||
|
};
|
||||||
nixos = {
|
nixos = {
|
||||||
useSystemd = true;
|
useSystemd = true;
|
||||||
configuration = [
|
configuration = [
|
||||||
@ -331,6 +337,7 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
antivirus = {
|
antivirus = {
|
||||||
|
service = {
|
||||||
networks = [
|
networks = [
|
||||||
"internal_network"
|
"internal_network"
|
||||||
# Needs external access for database updates
|
# Needs external access for database updates
|
||||||
@ -338,6 +345,7 @@ in {
|
|||||||
];
|
];
|
||||||
user = mkUserMap "mailserver-antivirus";
|
user = mkUserMap "mailserver-antivirus";
|
||||||
volumes = [ "${cfg.state-directory}/antivirus:/state" ];
|
volumes = [ "${cfg.state-directory}/antivirus:/state" ];
|
||||||
|
};
|
||||||
nixos = {
|
nixos = {
|
||||||
useSystemd = true;
|
useSystemd = true;
|
||||||
configuration = [
|
configuration = [
|
||||||
@ -355,9 +363,11 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
dkim = {
|
dkim = {
|
||||||
|
service = {
|
||||||
networks = [ "internal_network" ];
|
networks = [ "internal_network" ];
|
||||||
user = mkUserMap "mailserver-dkim";
|
user = mkUserMap "mailserver-dkim";
|
||||||
volumes = [ "${cfg.state-directory}/dkim:/state" ];
|
volumes = [ "${cfg.state-directory}/dkim:/state" ];
|
||||||
|
};
|
||||||
nixos = {
|
nixos = {
|
||||||
useSystemd = true;
|
useSystemd = true;
|
||||||
configuration = [
|
configuration = [
|
||||||
@ -377,8 +387,10 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
metrics-proxy = {
|
metrics-proxy = {
|
||||||
|
service = {
|
||||||
networks = [ "internal_network" ];
|
networks = [ "internal_network" ];
|
||||||
ports = [ "${toString cfg.metricsPort}:80" ];
|
ports = [ "${toString cfg.metricsPort}:80" ];
|
||||||
|
};
|
||||||
nixos = {
|
nixos = {
|
||||||
useSystemd = true;
|
useSystemd = true;
|
||||||
configuration = {
|
configuration = {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user