top | item 27373665

(no title)

sorbits | 4 years ago

The thing with a lot of server software (like postfix) is that configuration is usually spread across many files.

And then there is the re-use of things between services, for example DKIM’s generated public key should be made available as a TXT record by the DNS server, the SSL certificate kept up-to-date by the web server should be used by both the smtp and imap servers, though it may need to include the full chain, and services may need to be relaunched, if the certificate is updated, etc.

I was hoping to hear from someone who had managed to get a “full” server running (with SMTP, IMAP, DKIM, DNS, DNSSec, HTTPS via ACME, etc.), because while I know that I can output raw configuration files, it seems like an extremely daunting task to weave all this together in something semantically meaningful.

Right now I have /etc under git control and a Makefile that handles all dependencies between the various pieces (i.e. to ensure proper files are regenerated/indexed as needed, and services relaunched when dependencies are updated).

discuss

Mic92|4 years ago

I do have all these things (https://github.com/Mic92/dotfiles/blob/master/nixos/eve/modu..., https://github.com/Mic92/dotfiles/blob/master/nixos/eve/modu..., https://github.com/Mic92/dotfiles/blob/master/nixos/eve/modu... ...). Especially things like ACME work a lot better the NixOS-provided curated and unit-tested acme module compared to setting up it yourself. You can also use the Nixos simple mail server setup that already provides sane defaults and puts the individual nixos modules together: https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/

sorbits|4 years ago

Appreciate the links, thanks!