summary refs log tree commit diff stats
path: root/system
diff options
context:
space:
mode:
authorene <ene@sils.li>2023-04-07 22:02:24 +0200
committerene <ene@sils.li>2023-04-07 22:29:21 +0200
commitcb92ffc878fcb417bd66b3b30ef1ff189a5aa44c (patch)
treef9cb9f6c0a85f9b7f973288423f3f47900d0ea46 /system
parentFix(system/services/rust-motd): Quote ssl-cert names (diff)
downloadnixos-server-cb92ffc878fcb417bd66b3b30ef1ff189a5aa44c.tar.gz
nixos-server-cb92ffc878fcb417bd66b3b30ef1ff189a5aa44c.zip
Fix(system/mail): Allow opening ports in the firewall
As the previous configuration only opened some ports, receiving mail was
impossible. This allows NSM to open the required ports directly,
ensuring that none was missed.

SECURITY:
As all other options than SSL are still disabled, this change should not
introduce unencrypted mail transfer.
This has not been tested.
Diffstat (limited to 'system')
-rw-r--r--system/mail/default.nix2
-rw-r--r--system/services/default.nix2
2 files changed, 2 insertions, 2 deletions
diff --git a/system/mail/default.nix b/system/mail/default.nix
index d2fd55c..b1da088 100644
--- a/system/mail/default.nix
+++ b/system/mail/default.nix
@@ -42,7 +42,7 @@ in {
   # SMTP
   enableSubmission = false;
   enableSubmissionSsl = true;
-  openFirewall = false; # handled below
+  openFirewall = true;
 
   keyFile = "/var/lib/acme/server1.vhack.eu/key.pem";
   certificateScheme = 1;
diff --git a/system/services/default.nix b/system/services/default.nix
index 5d9e5b6..6e5cb3c 100644
--- a/system/services/default.nix
+++ b/system/services/default.nix
@@ -1,7 +1,7 @@
 {config, ...}: {
   imports = [
     ./acme
-    ./firewall
+#  ./firewall
     #./minecraft
     ./nginx
     ./nix