public
/
mail-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add volume for redis passwd 

Also...the volume has to refer to a local file...
This commit is contained in:
niten 2023-10-16 12:15:48 -07:00
parent f07f164fe4
commit bed75d392b
1 changed files with 16 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
mail-server.nix
View File

@ -12,6 +12,10 @@ let
dovecotApiKey = pkgs.lib.passwd.stablerandom-passwd-file "dovecot-api-key" dovecotApiKey = pkgs.lib.passwd.stablerandom-passwd-file "dovecot-api-key"
config.instance.build-seed; config.instance.build-seed;
redisPasswdFile =
pkgs.lib.passwd.stablerandom-passwd-file "mail-server-redis-passwd"
config.instance.build-seed;
in { in {
options.fudo.mail = with types; { options.fudo.mail = with types; {
enable = mkEnableOption "Enable mail server."; enable = mkEnableOption "Enable mail server.";
@ -215,7 +219,7 @@ in {
AUTHENTIK_TOKEN=${cfg.ldap.outpost-token} AUTHENTIK_TOKEN=${cfg.ldap.outpost-token}
AUTHENTIK_INSECURE=false AUTHENTIK_INSECURE=false
''; '';
target-file = "/run/ldap-proxy/env"; target-file = "/run/mail-server/ldap-proxy/env";
}; };
dovecotLdapConfig = { dovecotLdapConfig = {
@ -233,7 +237,7 @@ in {
"pass_attrs = =user=%{ldap:cn}" "pass_attrs = =user=%{ldap:cn}"
"user_attrs = =user=%{ldap:cn}" "user_attrs = =user=%{ldap:cn}"
]); ]);
target-file = "/run/dovecot-secrets/ldap.conf"; target-file = "/run/mail-server/dovecot-secrets/ldap.conf";
}; };
dovecotAdminConfig = { dovecotAdminConfig = {
@ -241,7 +245,12 @@ in {
([ "doveadm_password = ${readFile dovecotAdminPasswd}" ] ([ "doveadm_password = ${readFile dovecotAdminPasswd}" ]
++ (optional (cfg.imap.api-port != null) ++ (optional (cfg.imap.api-port != null)
"doveadm_api_key = ${readFile dovecotApiKey}"))); "doveadm_api_key = ${readFile dovecotApiKey}")));
target-file = "/run/dovecot-secrets/admin.conf"; target-file = "/run/mail-server/dovecot-secrets/admin.conf";
};
redisPasswd = {
source-file = redisPasswdFile;
target-file = "/run/mail-server/redis/passwd";
}; };
}; };
@ -254,9 +263,6 @@ in {
]; ];
virtualisation.arion.projects.mail-server.settings = let virtualisation.arion.projects.mail-server.settings = let
redisPasswdFile =
pkgs.lib.passwd.stablerandom-passwd-file "mail-server-redis-passwd"
config.instance.build-seed;
image = { pkgs, ... }: { image = { pkgs, ... }: {
project.name = "mail-server"; project.name = "mail-server";
@ -495,7 +501,10 @@ in {
}; };
redis = { redis = {
service = { service = {
volumes = [ "${cfg.state-directory}/redis:/var/lib/redis" ]; volumes = [
"${cfg.state-directory}/redis:/var/lib/redis"
"${hostSecrets.redisPasswd.target-file}:/run/redis/passwd"
];
networks = [ "redis_network" ]; networks = [ "redis_network" ];
}; };
nixos = { nixos = {