feat: updates ?

This commit is contained in:
Xavier Morel
2026-06-24 15:56:42 +02:00
parent ab98aeb897
commit 16eded0455
25 changed files with 109 additions and 83 deletions
+21
View File
@@ -0,0 +1,21 @@
{
config,
...
}:
{
services.postfix = {
enable = true;
enableSubmissions = true;
settings.main = {
relayhost = [ "smtp.protonmail.ch:587" ];
smtp_use_tls = "yes";
smtp_tls_security_level = "may";
myhostname = "mail.plg.m0rel.eu";
mydomain = "m0rel.eu";
smtp_sasl_auth_enable = "yes";
smtp_sasl_security_options = "";
smtp_sasl_password_maps = "texthash:${config.age.secrets.mail-smtp-relay.path}";
virtual_alias_maps = "inline:{ { root=home@m0rel.eu } }";
};
};
}
+6 -1
View File
@@ -34,8 +34,13 @@ in
SSO_SCOPES = "openid profile email offline_access"; SSO_SCOPES = "openid profile email offline_access";
SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION = false; SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION = false;
SSO_CLIENT_CACHE_EXPIRATION = 0; SSO_CLIENT_CACHE_EXPIRATION = 0;
SSO_ONLY = true; # Set to true to disable email and master password login and require SSO SSO_ONLY = false; # Set to true to disable email and master password login and require SSO
SSO_SIGNUPS_MATCH_EMAIL = true; # Match first SSO login to an existing account by email SSO_SIGNUPS_MATCH_EMAIL = true; # Match first SSO login to an existing account by email
SMTP_HOST = "192.168.68.33";
SMTP_PORT = "25";
SMTP_SECURITY = "off";
SMTP_FROM = "home@m0rel.eu";
}; };
dbBackend = "postgresql"; dbBackend = "postgresql";
}; };
+3 -7
View File
@@ -11,18 +11,14 @@ in
swap = 512; swap = 512;
}; };
system = { system = {
importConfig = [
../config/mail-postfix.nix
];
port = 80; port = 80;
additionalPorts = [ additionalPorts = [
25 # smtp 25 # smtp
465 # smtps 465 # smtps
]; ];
services.postfix = {
enable = true;
enableSubmission = true;
enableSubmissions = true;
mailname = "mail.m0rel.eu";
domain = "plg.m0rel.eu";
};
}; };
logging = { logging = {
enable = true; enable = true;
+3 -5
View File
@@ -1,14 +1,12 @@
{ {
config, config,
tools,
lib,
... ...
}: }:
let let
cfg = config.my-lxc; cfg = config.my-lxc;
in in
{ {
proxmox_lxc = lib.mapAttrs ( proxmox_lxc = builtins.mapAttrs (
name: def: name: def:
let let
c = def.container; c = def.container;
@@ -25,7 +23,7 @@ in
network = { network = {
name = "eth0"; name = "eth0";
bridge = "vmbr0"; bridge = "vmbr0";
ip = tools.build_ip_cidr name; ip = "192.168.1.${name}";
gw = config.globals.gateway; gw = config.globals.gateway;
type = "veth"; type = "veth";
}; };
@@ -37,7 +35,7 @@ in
}; };
swap = c.swap; swap = c.swap;
vmid = config.id.${name}; vmid = config.id.${name};
tags = lib.strings.join ";" ([ "terraform" ] ++ c.tags); tags = builtins.strings.join ";" ([ "terraform" ] ++ c.tags);
} }
// c.overrides // c.overrides
) cfg; ) cfg;
-9
View File
@@ -334,15 +334,6 @@ in
(import ./containers-terraform-proxmox.nix { inherit config tools lib; }) (import ./containers-terraform-proxmox.nix { inherit config tools lib; })
(import ./containers-terraform-authentik.nix { inherit config tools lib; }) (import ./containers-terraform-authentik.nix { inherit config tools lib; })
]; ];
tf.data.authentik_outpost.embedded = {
name = "authentik Embedded Outpost";
};
tf.data.authentik_flow.default-authorization-flow = {
slug = "default-provider-authorization-implicit-consent";
};
tf.data.authentik_flow.default-invalidation-flow = {
slug = "default-provider-invalidation-flow";
};
nixosModule = lib.mapAttrs ( nixosModule = lib.mapAttrs (
container: def: container: def:
Binary file not shown.
Binary file not shown.
Binary file not shown.
+8 -9
View File
@@ -1,10 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 jxhkLg xNDlDdho+Amh4Wf77L/0OfMWevmRQUB49fjNAgj4sXo -> ssh-ed25519 jxhkLg YNVl9EvnlsfS8rqCORhExodr4U7doD2sc2V2Igh6wyM
iRHPgcqPqsBJVtv4Map3WRpG173YQlwZ9hJI1hgbIB4 2+9ccgcBxgtZiRARbYb3CGt3t/iUbJ1Z4GppNuxKpWU
-> ssh-ed25519 tqMvRA MGYTH08khPjQrLGFbq2Evd1fFkFbI3ap/jM9jiDnoBo -> ssh-ed25519 tqMvRA P5GUVZrILJSE/ZvF/cmSAeocAP3XWsohA8kQtW3zU2s
sgWaeJ3IWV4E6LYgmFVHTIOrGZ2ZHUmFRJY+CvAFjbk EFmkyCY0QZsqRhhUjYIdjV5Tqy1JrdaV0Px4rImB3j0
-> ssh-ed25519 720szw sC+xKVyWtGH8Hq9hwcg4X6gylYDYphP1/NanE07hhBc -> ssh-ed25519 720szw AuUmyABlgdDYkotBpRF7MmNXjz/bgnSeIF7c6t7GnBE
30HqQ7wdYr0n1vVNwx8pkUrm+6vxtPTz/70QkJxXrlg MfJt7x8ChIAaGNCs46gM1GbXPKTfU08/e+A2v+G+4I0
--- qpQfmx0AAz4q5Z7UT+vhiwRztZ0dDAotEUDJy7xR75c --- 78XdYtCgrNbwHYR3wk2cyVTz7nJNvbbvU2a/Vv5JIBA
ÑSFN3C¸QáBv窂Ÿl ©L|8kLâÛ…ô lm¶¹Cëß  áþX¸;¾%ÖIr†X9«—/‡¡$àŒë
QÓÍÚ™% ª‚¨zRTœÌ-.Qºv0-ÿ‚{‚Ç$Ï€züzJz“ôð²³ã"ÀÄ,‡íPh¹¬^Š: ÍXá9/
+8 -8
View File
@@ -1,9 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 jxhkLg mwMAP1IoULmBo8MiQbF7/OTFqHGEDvQAWtyu88KPkWA -> ssh-ed25519 jxhkLg jmZEdYs0k0ZW68F6fhW9fCtyT4WWNUeBfvoMqAdLBxY
b7rx/IbvpHppKH0nkomglxRkcjE6L0/SHlZ0rwSKVi4 PW8qcAecC7ouQWBz4lyEYS/Tssc7U9D9RyI99tO+D4o
-> ssh-ed25519 tqMvRA 08jdQsatahCoJu552xIsjf6aeKR2kfHqcpigtVEN6lA -> ssh-ed25519 tqMvRA VKn6tGS4/gim8rLKoi9N/NrsGLgUph2Xjl0ek3LwyjE
R8VfTa9BUs7B6LZD3ZeW91VaMRGwNbP7+WkBi7mU2ec m0fNiJqN47AM7NRgFY+Wda2QL1FJYt7zKMKx4ngutLQ
-> ssh-ed25519 UJuwpQ ZFeIg0jF3Wgp3Az9XRaqynaAA9gVETjqMHAAHpn5o2I -> ssh-ed25519 UJuwpQ UydkFFa+9kSqWRmhLe7878GPVrC+wAPCIhxidM93VgA
v+9C2KHhDPzDDGJjBgA03pbuALaBm0VP29qtpzeDe1c YDeQwo+b/bDrCSNyar7Je12RkhFKkN5BRKgk037uPVA
--- ucg+XE0J0RL8ZN4pH4BAly3A5eMoSUSG/AqQSfXJ9Ro --- 7OoH3mHI3xhpIR9wG7x99bpAgRz3f/cATOo7bC1mUFI
lBEÞüRÀÀIÁ½@8¥ÕP´,©à¬]¿ú–?Ÿ alÒmKž2*á:½á¨—crF^׿:S&ÁõÆqÞyÙÏØ —ˆ¿Œ"²†žö¨âò¸*é ¤hÿ#¾²Ò>žë~"þËÏðÞ‹ÿ‚{,æ±³;žèPu‚aÍ‘¥Ð¦Š®§túGÈ’i¶Â•Ùšêè–"ó>)Ñ…rÐ CÀ£›ÙÖižÌã®
Binary file not shown.
+10
View File
@@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 jxhkLg +poePGAJ/ZVLHPXEK/Yr8tpmWZBRwB3bdx5FnLARY3A
9/OA2Mix1X+uvrFEEpZVOJZHoloVRSL35iGhxWqv2XM
-> ssh-ed25519 tqMvRA DQ+gJqcSfjmYxs+L/6DJ86yEkGtV4v+Y4xJExYNuVDI
lqv5OaNuHKtXjpgEQwlyuahp1O5a3nc83W8joaNn/mw
-> ssh-ed25519 SEy3Fw 09q3eW5ppW9JO0DWQo34VdaXHEllKlxnTdCy+K2SoAQ
bQfnSNiy5ZZCT7hpfNiLVVionG/UMVsYBxMWj/1359w
--- yiuElsPJeYH/0XB2YRd3gnwYFMPtPDXJQ71zVypdJew
¥ah)øožZŒHpü@Öÿ/®¶ÀîfM.[u!Òp” =gŒ¸
°s½Þ×F`‚FEáŸê2ÁK%w‘¸˜ÎK¬mi&`L.*þ@R€"
Binary file not shown.
Binary file not shown.
Binary file not shown.
+8 -8
View File
@@ -1,9 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 jxhkLg ZLzOFFu6isbAWkrXF/etG1sjvE2O0hvDCz/BFsvONQg -> ssh-ed25519 jxhkLg WOtezChzCSmy1x5ob8CFUKcjA8tTTJaLrUj0dhKUgiA
gagibzhJwfpwgr3XGZJcaaD7IztcAH+HlxLwlhaYah0 iYFJ0cdtpHdsK4FXRgTRAaZI7CYS8VAUKmvHC0TP0x8
-> ssh-ed25519 tqMvRA c7VvH+2ZhDozgIH24PiUaWzkEgYYHgjIq2QrQ9XAWy0 -> ssh-ed25519 tqMvRA 7AQf+l0+15W34unEqO3IyqD8qu2mIMXpVTActsUd8y0
SGsGZOVSCsodoc3unWEgaG2swbZ61G39rcQFJX6utQI 3xcW7LAmcUXxQKBO36WACH44IziCiHt0G1SmT4SFC/I
-> ssh-ed25519 5VK9ng g1XMAKsB6l8vWxAAnIJIJWhzBVBeLFLg7JqzadibyBM -> ssh-ed25519 5VK9ng Pvw6cet2AVlGx5F1F/5OM63r0fgGYEc7dCsipRPAkVQ
2Drr46dDuVJOyH0kp91K/qVdQsq1+Xd7hgoan0yc6K0 3HtvmxOzT4bGn9aECfusyNCpaTCNFSRgUSbeRik1wwA
--- ApI3P3YMJmzY8eFcZ+YzZeGvJRdqvgpMtW+I0KM0Y3c --- 9dSUckyaEH5FpzcEdNTnC6M+5v7BwJapMIcSIFR29Tg
Yモ}6ゥ・カsニ(ムq葛フコcチチラj蜿ア」?レセ ¶n@Yß Â½”h'ÖÛ¯Ó¬³”ž»&è¢ìw%ö “ ýé
Binary file not shown.
+12 -10
View File
@@ -1,11 +1,13 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 jxhkLg B1+QK5IUkrya5HgZLF8oWpMiL7cBK+OYNCvNeodmqkw -> ssh-ed25519 jxhkLg dADzUsvWJkprV9aYYdTQ4tLd3V6H/lMRNLaAC6fNty8
mTglq5BlxDDKiYBe78Cs8tNMv0yksrvS4tyhCZKJu/M NVzvSEd7KBDfkqbkrZgVgRJkFi6UmlqEIPr2sK+o6t8
-> ssh-ed25519 tqMvRA la4nh/Nr0sNaV6JVhSi7cYLkI+kgbIhEr2fTTa/wKRA -> ssh-ed25519 tqMvRA XnsNo926VyUqSppFZ50N1KtzK/QCbi1lF6LJZYWUsGM
W5qaU2lfPLVPomrkHvdwB52LxJPcUvvcgI6wN/gqeYk atsaJ7XjRum1dWvIjxdUq3Fr3Ypp7/RO7kqSqWfgUrM
-> ssh-ed25519 5VK9ng vsmrq5wf3y4CiSgyNT0aQvrxLTJ0WcdG8B+zAbdpgGo -> ssh-ed25519 5VK9ng PJRg2ljsArsWYgAsHk8optwi7P/vZirhhX5FbINHjhs
hDADh9v99hacIc85T+QP2oywVDyqJjlKVa0skJuf3BI pFJ2uibaYO2hWfSnyElxrvoFCC3BpcZOrnxET8ynBUI
--- GT+Ns1ZRlOOO0HwG2WcpgG1XLf5NJzX2Hg3aJAL+vOA --- 3vf+8iS73Sk0CeHRLkxxX4kGg+py39sAQVVDniljAEY
Š0‰¥ràÉÊO>ýµ¦¸xI48ϲ¹s<Ù×ÜànÍgâ‘Ïïq'¨DMFP*ŸòŒöQ¿P+ߥ¿fŽ÷ÖgÄf6˜£ è$xoúfðq“Z 8r|=vÁ&Ÿ \­þE~D×3xèžœ™ `Ù{ð
¿ãLýó>,šôÛK¾Ñõ 5YI\¤Uc0Ñ<#dë3u˜Õ|tÅÊŒ}sÆíP ‰å4[Ÿ‚&V­2\]Üc4/n=”P.ø
æv8=A Ó¡À?•­Òìó¼çÖøŸ}Êÿ«+á5™P¨­?1Ñ×´mÔpèÚçZ&cžËŒ¸îù«N'€¢ò³¶¼¼ \E8oswÉbÞtC(9›ÇJŽŠç ÿ4ˆF-Ï+—dÓR$Ùœ:#¡÷óÙa)ŠYYHãY3yg
ð
¨Šâh„ÅÌu n‹K˜È=kWnWýŒÍÇáîÛžßçž<?ÀYŸØá¶Q}zò¼óGýõ…µyA«ý†%x¥Ÿ“ÈãxkîHÈÌø3  Ô¯cjZR=j–©Y×¼
+8 -8
View File
@@ -1,9 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 jxhkLg RCq2VAcmya10eK7zwPVFB0klV0zSNkHmF+WlnJXaWzw -> ssh-ed25519 jxhkLg FFstKIybiFO48aoLNDSnDSdwIHAZEwe7CSWt6+YnqyA
8ySn0NB5FNb7a2qJOzx1yiCdH2MTJWBUUPc2i5ytly0 3i7YRHdvQ2kD+frqH1+wvCnWx4py78fahA7AWAEMx1I
-> ssh-ed25519 tqMvRA sB9nTKSEnh1AQ0rYf1uYmd2CzCabz2hEJF1XTsvrtkk -> ssh-ed25519 tqMvRA 5KeC4teldBf/QTudaRtHbP+6LfpZ/m75wxVq4M8LxEU
ASWOYP+4XiLxf2OLbYXRDRTXfiuLqvxN5gkoEauL8c8 H8Ee4v44FRfapY8tRGEFOneVzji8QOv/u1uIUD/mrJs
-> ssh-ed25519 5VK9ng KkXWseT01qSmhEAeotqEi6CG4zzz+50TrKclYdn57AA -> ssh-ed25519 5VK9ng K/C8z7WTlyjLsH4n4ufAVrCMCkVgQuFPpyNz6Mcxl24
hThUinxaRHWTD/wAhELcYWj6qcQ8V0Ybi60cnUc7pdk dsZ/aO4DIzni7Dkiju8JVPnklhvAdiujunaL7WfAaOc
--- h3P58TD8hmBfKLliCDSL4m3bCJHLs80yZ4i/croZp48 --- kJ92gmMAzGRD8THcfjF/k00eo3+oMSiETAYR4wJOsj8
]sM`gィ愃モZ「=0'荿ヨcワミ┨果菅_ル・T纎 £éûÇtçü¤ãXâ¥&Ú½§ÂÖÈÄnIÄ3qÙ÷:²š<<ÿYÐàÞC'¦ñì
+10 -10
View File
@@ -1,11 +1,11 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 jxhkLg BZflK7sIBRQVRQFl06h25sX5KiWHsu3g39r/8uMpcwE -> ssh-ed25519 jxhkLg b83U678xLJlB1FFoxSaeG7JN/4v1sVU4QsITY3j/awc
beZ8ZBKgRvJvY3EEhJ/ylKdDdWTz2u08pvWbVaFg8m8 Dhc/V5R3bK9x7i2ws9FQ4O4HHT6xTlaEKt3SXJhihTk
-> ssh-ed25519 tqMvRA CQtMI9v79kBZoiBrxLY91756LiAJGogbTb+ayd6cRmo -> ssh-ed25519 tqMvRA KPLjl31HwXs/ucQ/LJwEL2+px2mSkCk812bGk9rTiWs
F2MiE9whRNZ73cskxhXeuudvMgA4JOvbtzotNpHMIf4 qADzPQi44e9QiQpXpoyhNNDuULJhTXo9x0109lyOq10
-> ssh-ed25519 KkzjXA uH+5mcV0ZZ5oKNfq88ihWHY/Z8YpgPjzvkcvhMJOKU8 -> ssh-ed25519 KkzjXA 6Xwc9hqBdR7LPYNmfEn5+M0n6QTEBkuNTBk/t7ofh3Q
4z8x8XyAYsaIkXFylMEAwacHyQEJ/1mYFXsEsdnZ74w GjcVMhPZ6X4ybBxtIabKFegicdTZbq+zQWvn9PYNeME
--- vlF5pHK/D7m3ErKazggz4xxdn2hcwGvvIYrZtn2sT8Q --- 3ZY5ysyGfwJ6Y0/FEO7YpsFkAJkn9B4D3gIzpZBPx10
o¯ñ5àÐ ;v"Þ‘ÛÏ×ÔF¼>´›J”4Ú^G«Èe´ÇZÔ$Íʱòc¯L¦Ü
ã2¦ƒÅx6óN/NóHèù_òSH»B­^Lhµ«› –jŽ‹ì%HM”Ù=[]J±¾ªÚ}IWAE¶dgÝûŽWŒ«¹ŽÕbßšÞB|_©1
{å‚,Cjî†Æ½©˜Âå•4„€ì51È%ëc_`§41Ñ@Ú‘T׸¦«|>¬Ðòvè¥ôvî­ 6 óŸùþÿ\HeLz¨šÑަU™F}E*‚Ô½}
Binary file not shown.
+8 -8
View File
@@ -1,9 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 jxhkLg tYj2oLp8OWZtYmj0gKJnEE5G+3tmfPul8tGt5fnnwDs -> ssh-ed25519 jxhkLg Jt0tBomUSwoxIf+D0n2leQ8ULQcrpWJDN4Tm/obLnyg
/SujjcZxvPmZurlLWETwR8JhH8LIJh/MeoogW5VxP8w yct3YGS4BiDsAZPlKZybD7GVoqQdL1EZ6dlHXSY5b8U
-> ssh-ed25519 tqMvRA qY8Cv7G1UJm139N9NxA4dAXAfje42n6p7ZajU8r8Fgo -> ssh-ed25519 tqMvRA amDzRhpIGTVsZxAHWSUacZ629OEttMU1VAOVKdCLyFE
Qw4WobdnlixxHxAwiTCGyeJGzcfOWxslOmS/sYhiTug 2fRvar0fSfbYyw+O4zpE3DusNKtuFDOCVxSzMccaMKg
-> ssh-ed25519 DVDL4g Lkxuay1WN05O7uO+onML4INymrsBf8DrBHyGPhSW5xQ -> ssh-ed25519 DVDL4g QIXLyMveRBfhcNCrbI0ZpZqjaB5j76ROsXs7pUquZXI
sAdASiFmiCDRl7WfI5k6Qz+fKY/FG5H9dLucFluSFTI vYciNWwJrTuGOZToE7eoCYhrGOlwqd6tuYeIUXQGjTs
--- NjnXZAi+St4JHuxdQ6/rpT//nwTwY3MA59MotWicycA --- 0J/foPauSiv/wNTq2TkTVBnQOqm1dll+xyqwFqM9lpY
EwLKネリ? i6jw€セ2ッYMケヒrVOP?股-ロ ¸øÆ‚1L<¬ÊÎ!ƒ©5T>ØKÜßm‹×+»×Šê5bµüoù‡•ƒÈ
Binary file not shown.
+4
View File
@@ -31,6 +31,10 @@ in
group = "nginx"; group = "nginx";
}; };
}; };
"mail-smtp-relay.age" = {
publicKeys = users ++ [ keys.mail ];
extra.owner = "postfix";
};
"matrix-maubot-cfg.age".publicKeys = users ++ [ "matrix-maubot-cfg.age".publicKeys = users ++ [
keys.matrix keys.matrix
]; ];
Binary file not shown.