diff --git a/modules/hosts/nixos/hetznix01/default.nix b/modules/hosts/nixos/hetznix01/default.nix index 8731181..e47546e 100644 --- a/modules/hosts/nixos/hetznix01/default.nix +++ b/modules/hosts/nixos/hetznix01/default.nix @@ -26,9 +26,11 @@ 22 # ssh 25 # SMTP (unencrypted) 80 # http to local Nginx + 143 # imap 443 # https to local Nginx 465 # SMTP with TLS 587 # SMTP with STARTTLS + 993 # imaps 8333 # Bitcoin Core 8448 # Matrix Synapse 9735 # LND @@ -54,6 +56,12 @@ "tailscale0" ]; }; + openssh.settings = { + # require public key authentication for better security + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + PermitRootLogin = "no"; + }; postgresql = { enable = true; package = pkgs.postgresql_16; diff --git a/modules/hosts/nixos/hetznix01/post-install/default.nix b/modules/hosts/nixos/hetznix01/post-install/default.nix index 38856fe..8039499 100644 --- a/modules/hosts/nixos/hetznix01/post-install/default.nix +++ b/modules/hosts/nixos/hetznix01/post-install/default.nix @@ -11,11 +11,14 @@ in { mailserver = { enable = true; enableImap = false; - enableImapSsl = false; + enableImapSsl = true; + enableSubmission = false; + enableSubmissionSsl = true; fqdn = "mail.alt.${domain}"; domains = [ "alt.${domain}" "indianspringsbsa.org" + "pack1828.org" ]; forwards = { "webmaster@indianspringsbsa.org" = "gene+indianspringsbsa.org@geneliverman.com"; diff --git a/modules/hosts/nixos/hetznix01/post-install/nginx.nix b/modules/hosts/nixos/hetznix01/post-install/nginx.nix index e71953f..c1ff83e 100644 --- a/modules/hosts/nixos/hetznix01/post-install/nginx.nix +++ b/modules/hosts/nixos/hetznix01/post-install/nginx.nix @@ -160,6 +160,14 @@ in { # OwnTracks Frontend container locations."/".proxyPass = "http://127.0.0.1:8082"; }; + "pack1828.org" = { + enableACME = true; + acmeRoot = null; + forceSSL = true; + locations."/" = { + return = "307 https://cloud.pack1828.org"; + }; + }; "recorder.${domain}" = { enableACME = true; acmeRoot = null;