Martin Weinelt
7f52135a59
nixos/postfix: fold main and master config into settings attribute
2025-07-28 17:03:08 +02:00
Wolfgang Walther
5a0711127c
treewide: run nixfmt 1.0.0
2025-07-24 13:55:40 +02:00
Martin Weinelt
e6445e42fa
postfix-tlspol: adopt package and module
2025-07-11 03:20:39 +02:00
Martin Weinelt
b201963951
nixos/postfix-tlspol: only preset dns resolver with useLocalResolver
...
This is the best indicator we have about whether to use a local resolver.
In the meantime I'm lobbying upstream to read /etc/resolv.conf.
2025-07-11 03:15:28 +02:00
Martin Weinelt
e57363be15
nixos/postfix-tlspol: fix default settings and config reload
...
Reloading was insufficient for changing the dns resolver address, so we
make config changes a restart trigger instead.
2025-07-10 01:56:34 +02:00
Martin Weinelt
7874cc6005
nixos/postfix-tlspol: fix config reload
...
Since we only pass a symlink to ExecStart we need to pass the backing
file as a reload trigger.
2025-06-28 23:44:37 +02:00
Martin Weinelt
df0eb78b31
nixos/postfix-tlspol: migrate to static user/group
...
This fixes postfix' membership in the postfix-tlspol group, since
memberships in a dynamically allocated group don't seem to work out.
Additionally this fixes a typo in the systemd hardening and the test now
prints the results of systemd-analyze security.
2025-06-28 23:40:19 +02:00
Martin Weinelt
64e7fad038
nixos/postfix-tlspol: fix postfix integration
...
Fixes the group membership for postfix processes in the postfix-tlspol
group.
Makes the postfix.service start up after postfix-tlspol.service, because
it depends on it for the TLS policy lookups.
2025-06-21 05:30:45 +02:00
Martin Weinelt
7c0f92f70b
nixos/postfix-tlspol: init
...
MTA-STS and DANE/TLSA resolver and TLS policy socketmap server for
Postfix.
2025-06-11 17:39:36 +02:00
