diff options
| -rw-r--r-- | common/monitoring.nix | 4 | ||||
| -rw-r--r-- | flora/services/mail.nix | 2 | ||||
| -rw-r--r-- | flora/services/monit.nix | 18 | ||||
| -rw-r--r-- | flora/services/ntfy.nix | 6 | ||||
| -rw-r--r-- | secrets/common.yaml | 8 |
5 files changed, 19 insertions, 19 deletions
diff --git a/common/monitoring.nix b/common/monitoring.nix index e5f111c..0ae744d 100644 --- a/common/monitoring.nix +++ b/common/monitoring.nix @@ -12,8 +12,8 @@ set daemon 120 with start delay 60 set mailserver - ping.stuebinm.eu - port 2525 + mail.stuebinm.eu + port 25 set httpd port 2812 address localhost allow localhost diff --git a/flora/services/mail.nix b/flora/services/mail.nix index 3987a49..523c32d 100644 --- a/flora/services/mail.nix +++ b/flora/services/mail.nix @@ -6,7 +6,7 @@ sops.secrets."mail/hashedPassword" = {}; mailserver = { - enable = true; + enable = false; fqdn = "mail.stuebinm.eu"; domains = [ "stuebinm.eu" ]; diff --git a/flora/services/monit.nix b/flora/services/monit.nix index 83436e7..19e7e88 100644 --- a/flora/services/monit.nix +++ b/flora/services/monit.nix @@ -16,15 +16,15 @@ if failed port 64738 of type tcp using ssl with expect "NixOS" then alert - check process postfix with pidfile /var/lib/postfix/queue/pid/master.pid - start program = "${pkgs.systemd}/bin/systemctl start postfix" - stop program = "${pkgs.systemd}/bin/systemctl stop postfix" - if failed port 25 protocol smtp for 5 cycles then restart - - check process dovecot with pidfile /var/run/dovecot2/master.pid - start program = "${pkgs.systemd}/bin/systemctl start dovecot2" - stop program = "${pkgs.systemd}/bin/systemctl stop dovecot2" - if failed host mail.stuebinm.eu port 993 type tcpssl sslauto protocol imap for 5 cycles then restart + # check process postfix with pidfile /var/lib/postfix/queue/pid/master.pid + # start program = "${pkgs.systemd}/bin/systemctl start postfix" + # stop program = "${pkgs.systemd}/bin/systemctl stop postfix" + # if failed port 25 protocol smtp for 5 cycles then restart + + # check process dovecot with pidfile /var/run/dovecot2/master.pid + # start program = "${pkgs.systemd}/bin/systemctl start dovecot2" + # stop program = "${pkgs.systemd}/bin/systemctl stop dovecot2" + # if failed host mail.stuebinm.eu port 993 type tcpssl sslauto protocol imap for 5 cycles then restart check host bahnhof.name with address bahnhof.name if failed port 443 with protocol https diff --git a/flora/services/ntfy.nix b/flora/services/ntfy.nix index aa46a39..25ae8f8 100644 --- a/flora/services/ntfy.nix +++ b/flora/services/ntfy.nix @@ -10,8 +10,8 @@ listen-unix = "/run/ntfy-sh/ntfy.sock"; listen-unix-mode = 511; ## lossy nix->yaml conversion eats octal literals (equal to 0777) - smtp-server-listen = ":2525"; - smtp-server-domain = "ping.stuebinm.eu"; + smtp-server-listen = ":25"; + smtp-server-domain = "mail.stuebinm.eu"; auth-file = "/var/lib/ntfy-sh/user.db"; auth-default-access = "deny-all"; @@ -21,7 +21,7 @@ }; }; - networking.firewall.allowedTCPPorts = [ 2525 ]; + networking.firewall.allowedTCPPorts = [ 25 ]; services.mollysocket = { enable = true; diff --git a/secrets/common.yaml b/secrets/common.yaml index 7fc1a30..1eecebd 100644 --- a/secrets/common.yaml +++ b/secrets/common.yaml @@ -1,5 +1,5 @@ monit: - mail: ENC[AES256_GCM,data:QOq9eDdG4r81V1q9N7rCIIjfAhynv7sGMvZs7qdb5tu4qSXp4xcLhE2nk8cJR+XUChi83AC29YH3H7pP17XpguzF,iv:QL6vN7z30QrZDYudmuIg59Kf01TmPZW1UOwh4qWttqc=,tag:SeA5ur9L0cun4RebVRhWCQ==,type:str] + mail: ENC[AES256_GCM,data:FdnK81GT/itLxXRWPlsafj4eifrqFN2s7BOPcS33hS5x0R/cNyu/Ykx3ZJQQM0/M9siQ+o05Q2OWCiY6kSqNv7a1,iv:8kTMHSXZCgku551eAE35DwIj5BDWYMmArVyXAmxitWc=,tag:CZT/XHW83qOsLGWfSH6Jaw==,type:str] sops: kms: [] gcp_kms: [] @@ -33,8 +33,8 @@ sops: dWcwWnpYQnRsTWhzZ3JvYk1XUC9iUzQKApP0h4UxJmCKOOHUN+lkt2dSVCljpP03 +0kxmI1ex6aTH9lxQuNBa99OJ2XWZ2/Bmx/sWD7NzcNlRSW/aGMOfg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-07T17:49:12Z" - mac: ENC[AES256_GCM,data:Veg4lSarFpVaY71tFL0mOR6A/WDxB07O9RXtsxZcukEQqEmay85bJ/C7paoCO+EwU/1isupNA6kWgRGbrV3ts2dUGLQG55MpkK3dRaaADHkV3GThOwvASxer37SznZNvIj1TiVS55UcOl3d+hDI3q5rhQ2RrCHy5dVDvbnG92AM=,iv:jNb8fbNnezWn6Qe717sLGJmUesxR2LAVrQpKpvB5CXA=,tag:/OuZBnDnN4YB5MWJ29usLQ==,type:str] + lastmodified: "2024-12-06T14:52:14Z" + mac: ENC[AES256_GCM,data:aFuvWKss5qIYXhIDlrup9wAhwqUJkmBrfma3fArtb6Ch+jzLnpeAx5uzbjoAZt73H6SaWa8OR9nM72R3ayvf3AFalK9Drb5vBS/bxFD8Xq0I0POsGrroaX4h0wzsvXyU829HD4C2OsxS7qfayhlBWcICKQRN+2nbltzwf0OB0IM=,iv:rogSHSLL6yS5Hs5jdd9mMC5UVTxiPbuFViOj8Lks+0E=,tag:FNdHhC0mYmQ9oZAviHKFjg==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.1 |