From 785777eb0ee6ba7ba8c71e01480be6a73c8be143 Mon Sep 17 00:00:00 2001 From: Egor Savkin Date: Tue, 15 Oct 2024 17:41:28 +0800 Subject: [PATCH] Optimize new fw rules and tweak postfix Signed-off-by: Egor Savkin --- nixbld-etc-nixos/configuration.nix | 19 +++++-------------- 1 file changed, 5 insertions(+), 14 deletions(-) diff --git a/nixbld-etc-nixos/configuration.nix b/nixbld-etc-nixos/configuration.nix index ae7d89f..4915d2a 100644 --- a/nixbld-etc-nixos/configuration.nix +++ b/nixbld-etc-nixos/configuration.nix @@ -92,7 +92,7 @@ in firewall = { allowedTCPPorts = [ 53 80 443 2222 7402 ]; allowedUDPPorts = [ 53 67 500 4500 ]; - trustedInterfaces = [ netifLan netifUSA ]; + trustedInterfaces = [ netifLan ]; logRefusedConnections = false; extraCommands = '' iptables -A INPUT -s 5.78.86.156 -p gre -j ACCEPT @@ -1252,18 +1252,6 @@ in }; }; - services.postfix.mapFiles.sender_transport = pkgs.writeText "sender_transport" '' - @m-labs-intl.com intltunnel: - * : - ''; - systemd.services.postfix-rebuild-sender-relay = { - description = "Postfix Rebuild Sender Dependent Transport Maps"; - serviceConfig = { - ExecStart = "${pkgs.postfix}/sbin/postmap /var/lib/postfix/conf/sender_transport"; - }; - wantedBy = [ "multi-user.target" ]; - }; - mailserver = { enable = true; localDnsResolver = false; # conflicts with dnsmasq @@ -1274,6 +1262,9 @@ in certificateScheme = "acme-nginx"; } // (import /etc/nixos/secret/email_settings.nix); services.postfix = { + mapFiles.sender_transport = pkgs.writeText "sender_transport" '' + @m-labs-intl.com intltunnel: + ''; config = { sender_dependent_default_transport_maps = "hash:/var/lib/postfix/conf/sender_transport"; }; @@ -1281,8 +1272,8 @@ in type = "unix"; command = "smtp"; args = [ - "-o" "smtp_bind_address=10.47.3.1" "-o" "inet_interfaces=10.47.3.1" + "-o" "smtp_helo_name=mail.m-labs-intl.com" "-o" "inet_protocols=ipv4" ]; };