diff options
| -rw-r--r-- | src/infrastructure/guix/system.scm | 57 | ||||
| -rw-r--r-- | src/infrastructure/rsync.net/authorized_keys | 2 | ||||
| -rw-r--r-- | src/infrastructure/ssh.conf | 10 |
3 files changed, 12 insertions, 57 deletions
diff --git a/src/infrastructure/guix/system.scm b/src/infrastructure/guix/system.scm index de77ab5..43589a8 100644 --- a/src/infrastructure/guix/system.scm +++ b/src/infrastructure/guix/system.scm @@ -1165,17 +1165,6 @@ `(,alias "root")) root-aliases))) -(define (postfix-certificates config) - (match-record config <postfix-configuration> - (hostname) - (list - (certificate-configuration - (domains (list hostname)) - (deploy-hook - (program-file - "postfix-certbot-deploy-hook" - #~(with-shepherd-action 'postfix ('reload) result result))))))) - (define postfix-service-type (service-type (name 'postfix) @@ -1191,8 +1180,6 @@ postfix-activation) (service-extension mail-aliases-service-type postfix-aliases) - (service-extension certbot-service-type - postfix-certificates) (service-extension profile-service-type (compose list postfix-configuration-postfix)) (service-extension shepherd-root-service-type @@ -1426,20 +1413,6 @@ #$config-file "reload"))))))))))) -(define (dovecot2-certificates config) - (match-record config <dovecot2-configuration> - (config-name hostname) - (list - (certificate-configuration - (domains (list hostname)) - (deploy-hook - (program-file - "dovecot2-certbot-deploy-hook" - #~(invoke #$(file-append dovecot "/bin/doveadm") - "-c" - (string-append "/etc/dovecot2/" #$config-name) - "reload"))))))) - (define dovecot2-service-type (service-type (name 'dovecot2) @@ -1451,8 +1424,6 @@ dovecot2-accounts) (service-extension activation-service-type dovecot2-activation) - (service-extension certbot-service-type - dovecot2-certificates) (service-extension profile-service-type (compose list dovecot2-configuration-dovecot2)) (service-extension shepherd-root-service-type @@ -1644,11 +1615,10 @@ -(define host-name "toph") -(define tld "arrobaponto.org") -(define mail.tld (string-append "mail." tld)) +(define tld "euandre.org") (define whoami "andreh") (define me "eu") +(define public-me (format #f "~a@~a" me whoami)) (define gitconfig (plain-file "gitconfig" (format #f #"- [init] @@ -1659,13 +1629,13 @@ [advice] detachedHead = false "# - host-name - host-name))) + tld + tld))) (operating-system (locale "fr_FR.UTF-8") (timezone "America/Sao_Paulo") - (host-name host-name) + (host-name tld) (users (append (list @@ -1818,8 +1788,7 @@ '("groups" "mam") %default-modules-enabled)) (admins - (list - (format #f "~a@~a" me whoami))) + (list public-me)) (c2s-require-encryption? #t) (s2s-require-encryption? #t) (s2s-secure-auth? #t) @@ -1838,19 +1807,17 @@ (public-key "Mhv8KxB/QXQpNKNtqD57PoFv43TXJ1lg52PJd6TmtwI=") (allowed-ips '("10.0.0.0/24")) (keep-alive 25)))))) - (service dovecot2-service-type - (dovecot2-configuration - (hostname mail.tld))) + (service dovecot2-service-type) (service certbot-service-type (certbot-configuration - (email "eu@euandre.org") + (email public-me) (certificates (list (certificate-configuration (domains (list tld)) (deploy-hook (program-file - "prosody-certbot-deploy-hook" + (string-append tld "-deploy-hook") #~(begin (format (current-error-port) "Importing new TLS certificates for \"~a\" to Prosody via prosodyctl(8).~%" @@ -1868,15 +1835,13 @@ (name "smtpd.conf")))))) (service postfix-service-type (postfix-configuration - (hostname mail.tld) (main.cf-extra (format #f #"- - canonical_maps = inline:{ ~a=~a@~a } + canonical_maps = inline:{ ~a=~a } "# whoami - me - tld)))) + public-me)))) (service mail-aliases-service-type `(("root" ,whoami) (,me ,whoami))) diff --git a/src/infrastructure/rsync.net/authorized_keys b/src/infrastructure/rsync.net/authorized_keys index a0a8dac..d120837 100644 --- a/src/infrastructure/rsync.net/authorized_keys +++ b/src/infrastructure/rsync.net/authorized_keys @@ -2,4 +2,4 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDnUv7iWOejQNa3fZ6v4lkHT6qFRp2+NuzIpFJ2Vy7e command="borg1 serve --append-only --restrict-to-repository borg/camarada.site/",restrict ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAIZpXwNI5HVH7lUOterphIdUlX/a0nCuhb/XxbdDvU0tj3wjT7wGhCU9T9oaY2aNg5XVuWtPzLv5oLMW4eATlXw65knii2dU1Tp28vfD99aqbampxbbNwsJZ62jRhQwGhsehNREDEiNo+5llJNY4tMXEIpHXlQohemORVBIYa99VymWNiVQhW7vpH4SsbXh2hc9bAU0WWTU3COBvrSJ1VDYlhE08NJsOkUrwrP17U6ZkVDuPHoBQBEwHuBvQd86ogiHnZijRoz7nAH4ZIWYrXL6f/itA6Fw6C3G7yOrJvNbuYg0N176/qGjw9RfyuE5001zWem41hP2Z7+TCvzrhH7MjvtPSjixXrObjYSY0DI8GuaK/1fTOeVgc7pTfJ6S1ZEUMcQlEKTPlce8Jkrx5M1JOP0nnfABb0ZQB/6gNjw7LCcMEJrKjxBffNuloGVQSt4wuGyDlNIe0zZXLXxJPgc0NgIgrRNif5lF/KO+cNm/XDQ548JdYXnwGb6Jxhg8s= andreh@toph command="borg1 serve --append-only --restrict-to-repository borg/kuvira/",restrict ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw3VGwWQNpGvu1OFdVzwixovSMadlu3QUqTFADYxdBOX0tilf37LJQElaoyNVLTYOTsDTgfcTfpB+Qo6pdyJhbFYV3DyGdssRSxWgFv3mCMlGm0QzDGLLt+ebYBcc67aQytXTaA10EVVmcs/yKTXsEwiI7kHnZlBOt+8llAg/li6Vd+oiLdnEw6Y6wPcY/WOO7/UtlH4pBxrhibV5i04ngd+IFOvsNRpVgCPnS4OuNquNFdm5xkiKN0nwkzFrKS3ECCbo4wxAirjAjAT+vRiu5mi32P5PDflWajrAzrruALD+htiDjm++jkYrKWQoDpH6Vqlow8kdSQEpUbykXn43beLOKvQ3GAC2AjjP+cZmyYp7Lag9hS4ROL68ckDE0W10i90sxO9E4+6e0nM4mEkOdj4791Xi0/8GSYDMptHFT+hHJ2w0xdgFYU275MWPYlhaOFx2ak4WVPkjyS6avIhLhRKlv6LkrK5v+Z5RwmK7fexjxm15e6HoN9/pxxqSXBY8= andreh@kuvira command="borg1 serve --append-only --restrict-to-repository borg/iroh/",restrict ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJRGX6A/oXJ8hxE+JrUIalhsAZSk90CdQ28EkTN9Em4Aoa5sDX9u4lz9sVIPipAvKYsUZd35GArmGRMVjO2bXfPG0o0VKiHUtfy7Q422EvI9CSi3+FUTnDrrzeq73yFa5v2ANY+D0PeXzrWfltBTQMaLUYmfeQwYRyuWqftxMuGlxNeSkIJ2ySvHbdmfrWi55ae9Fs6xiB3ZdREmRse9RUWbgAL2FVRhDerDqHR1IGbtk4pfGIDsOB85i1TqnaaI9xIa4t6x0dsuoyb5UTGCXhUxBHi5kgEXHDNiL73OxJur7oAXW4I/x1QkXDZpOEsqVTiIVbwRmAerXMZBA8WTEB root@box.euandre.org -command="borg1 serve --append-only --restrict-to-repository borg/toph/",restrict ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC0o73ml7gMPhw/EwjIof6ph5PHPAL5EFDrP7PPZ9xCES79nSKZ0r40uW2RNp2Gzwb/QYtbr/aFkuX11Eo739upnj5cydyr4AHPLgoBoPVbn7/0/IIkin4r31GrWYdGzXRZSB5Tz0Za58OYW0RiUVHffx/E5+tOBQ2SMc6WK9/Q6FljGrD3yK/KYgZhcvmfsDTv2DGhFFORoUQSfGGwmRMJXGVPG2lDqoD3I3CWF34Y/b9GRHdSFgHy3iOas03WTsMaOSosmuF9MMm8Zn2515XGXU+uirsUJrFOa5leRBEvoEmx+WsB6CULn0PKk+ieghcq8z4j5oR1AOUFeSSJVIvlOyyt8x5rqLW8CvPFtU982LZrAq/DCcuaIkx/ww/cIbkUIN52Tv1Ia8jfV2aqRJ4hRshsuh9mj5fUlp+jmrMY6Ww5tl24OKrKRAT6pr5Fzgip927BkLPKJFClcp5fzZJLUiwNihYfuR5J+VselMPfxoTXfNVj/hsINclj2CLoCTM= andreh@toph +command="borg1 serve --append-only --restrict-to-repository borg/euandre.org/",restrict ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC0o73ml7gMPhw/EwjIof6ph5PHPAL5EFDrP7PPZ9xCES79nSKZ0r40uW2RNp2Gzwb/QYtbr/aFkuX11Eo739upnj5cydyr4AHPLgoBoPVbn7/0/IIkin4r31GrWYdGzXRZSB5Tz0Za58OYW0RiUVHffx/E5+tOBQ2SMc6WK9/Q6FljGrD3yK/KYgZhcvmfsDTv2DGhFFORoUQSfGGwmRMJXGVPG2lDqoD3I3CWF34Y/b9GRHdSFgHy3iOas03WTsMaOSosmuF9MMm8Zn2515XGXU+uirsUJrFOa5leRBEvoEmx+WsB6CULn0PKk+ieghcq8z4j5oR1AOUFeSSJVIvlOyyt8x5rqLW8CvPFtU982LZrAq/DCcuaIkx/ww/cIbkUIN52Tv1Ia8jfV2aqRJ4hRshsuh9mj5fUlp+jmrMY6Ww5tl24OKrKRAT6pr5Fzgip927BkLPKJFClcp5fzZJLUiwNihYfuR5J+VselMPfxoTXfNVj/hsINclj2CLoCTM= andreh@toph diff --git a/src/infrastructure/ssh.conf b/src/infrastructure/ssh.conf index ce1af3d..01a55ed 100644 --- a/src/infrastructure/ssh.conf +++ b/src/infrastructure/ssh.conf @@ -2,16 +2,6 @@ Host * ServerAliveInterval 30 ServerAliveCountMax 20 -Host iroh *euandre.org - HostName euandre.org - User root - -Host kuvira *euandreh.xyz - HostName euandreh.xyz - -Host toph *arrobaponto.org - HostName arrobaponto.org - Host suyin HostName ch-s010.rsync.net User 16686 |