diff options
author | tv <tv@krebsco.de> | 2022-12-07 19:51:04 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2022-12-07 19:51:04 +0100 |
commit | 9bcce729ef7de715cfcd61dfe1146d126878d48f (patch) | |
tree | eab042a912a41b13ceb58b79f4de167779a427f1 /krebs/3modules | |
parent | 9a9b8e56eb6234650a369bbd24d41b8f4c66c78d (diff) | |
parent | 2eb33e60b45c2b37d51a57b0fbe4a023861a7429 (diff) |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'krebs/3modules')
-rw-r--r-- | krebs/3modules/exim-smarthost.nix | 33 | ||||
-rw-r--r-- | krebs/3modules/ssl.nix | 21 |
2 files changed, 2 insertions, 52 deletions
diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index 5923b610d..38cc828bb 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -126,9 +126,8 @@ let domainlist sender_domains = ${concatStringsSep ":" cfg.sender_domains} hostlist relay_from_hosts = <;${concatStringsSep ";" cfg.relay_from_hosts} - acl_smtp_data = acl_check_data - acl_smtp_mail = acl_check_mail acl_smtp_rcpt = acl_check_rcpt + acl_smtp_data = acl_check_data never_users = root @@ -180,36 +179,6 @@ let accept - acl_check_mail: - accept - sender_domains = +sender_domains - hosts = +relay_from_hosts - deny - spf = fail : softfail - log_message = spf=$spf_result - message = SPF validation failed: \ - $sender_host_address is not allowed to send mail from \ - ''${if def:sender_address_domain\ - {$sender_address_domain}\ - {$sender_helo_name}} - deny - spf = permerror - log_message = spf=$spf_result - message = SPF validation failed: \ - syntax error in SPF record(s) for \ - ''${if def:sender_address_domain\ - {$sender_address_domain}\ - {$sender_helo_name}} - defer - spf = temperror - log_message = spf=$spf_result; deferred - message = temporary error during SPF validation; \ - please try again later - warn - spf = none : neutral - log_message = spf=$spf_result - accept - add_header = $spf_received begin routers diff --git a/krebs/3modules/ssl.nix b/krebs/3modules/ssl.nix index 3a9b5d329..8cbd8dcce 100644 --- a/krebs/3modules/ssl.nix +++ b/krebs/3modules/ssl.nix @@ -5,26 +5,7 @@ in { rootCA = lib.mkOption { type = lib.types.str; readOnly = true; - default = '' - -----BEGIN CERTIFICATE----- - MIIC0jCCAjugAwIBAgIJAKeARo6lDD0YMA0GCSqGSIb3DQEBBQUAMIGBMQswCQYD - VQQGEwJaWjESMBAGA1UECAwJc3RhdGVsZXNzMRAwDgYDVQQKDAdLcmVic2NvMQsw - CQYDVQQLDAJLTTEWMBQGA1UEAwwNS3JlYnMgUm9vdCBDQTEnMCUGCSqGSIb3DQEJ - ARYYcm9vdC1jYUBzeW50YXgtZmVobGVyLmRlMB4XDTE0MDYxMTA4NTMwNloXDTM5 - MDIwMTA4NTMwNlowgYExCzAJBgNVBAYTAlpaMRIwEAYDVQQIDAlzdGF0ZWxlc3Mx - EDAOBgNVBAoMB0tyZWJzY28xCzAJBgNVBAsMAktNMRYwFAYDVQQDDA1LcmVicyBS - b290IENBMScwJQYJKoZIhvcNAQkBFhhyb290LWNhQHN5bnRheC1mZWhsZXIuZGUw - gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMs/WNyeQziccllLqom7bfCjlh6/ - /qx9p6UOqpw96YOOT3sh/mNSBLyNxIUJbWsU7dN5hT7HkR7GwzpfKDtudd9qiZeU - QNYQ+OL0HdOnApjdPqdspZfKxKTXyC1T1vJlaODsM1RBrjLK9RUcQZeNhgg3iM9B - HptOCrMI2fjCdZuVAgMBAAGjUDBOMB0GA1UdDgQWBBSKeq01+rAwp7yAXwzlwZBo - 3EGVLzAfBgNVHSMEGDAWgBSKeq01+rAwp7yAXwzlwZBo3EGVLzAMBgNVHRMEBTAD - AQH/MA0GCSqGSIb3DQEBBQUAA4GBAIWIffZuQ43ddY2/ZnjAxPCRpM3AjoKIwEj9 - GZuLJJ1sB9+/PAPmRrpmUniRkPLD4gtmolDVuoLDNAT9os7/v90yg5dOuga33Ese - 725musUbhEoQE1A1oVHrexBs2sQOplxHKsVXoYJp2/trQdqvaNaEKc3EeVnzFC63 - 80WiO952 - -----END CERTIFICATE----- - ''; + default = builtins.readFile ../6assets/krebsRootCA.crt; }; intermediateCA = lib.mkOption { type = lib.types.str; |