summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorAlejandro Soto <alejandro@34project.org>2026-02-08 22:36:54 -0600
committerAlejandro Soto <alejandro@34project.org>2026-02-08 22:36:54 -0600
commit80c4c471d2b3e782312db0d524cbc24acd94ca5e (patch)
tree0c4183f2f2bb0e6261b84fbdfdec0d978b98197f /sys
parent95b84e3a61cefd9e282d4485797b3dd7e7d6d276 (diff)
sys/mta: set the SMTP bind address for the primary MX instance
Diffstat (limited to '')
-rw-r--r--sys/mta/default.nix5
-rw-r--r--sys/nspawn/dmz.nix9
2 files changed, 10 insertions, 4 deletions
diff --git a/sys/mta/default.nix b/sys/mta/default.nix
index 15476bf..004e2ae 100644
--- a/sys/mta/default.nix
+++ b/sys/mta/default.nix
@@ -47,7 +47,7 @@ in {
type = types.port;
};
- relayListen = mkOption {
+ mtaListen = mkOption {
type = types.str;
};
};
@@ -147,6 +147,7 @@ in {
{
mydomain = domain;
myhostname = mtaDomain.main;
+ inet_interfaces = [cfg.mtaListen];
myorigin = "$mydomain";
#TODO: check_recipient_access para rechazar localhost desde afuera
@@ -217,8 +218,6 @@ in {
milter_default_action = "accept";
}
// optionalAttrs isBackup {
- inet_interfaces = [cfg.relayListen];
-
smtpd_relay_restrictions = [
"reject_unauth_destination"
];
diff --git a/sys/nspawn/dmz.nix b/sys/nspawn/dmz.nix
index 4cb3901..cf290a4 100644
--- a/sys/nspawn/dmz.nix
+++ b/sys/nspawn/dmz.nix
@@ -36,6 +36,11 @@ in {
readOnly = true;
};
+ mtaAddr6 = mkOption {
+ type = types.str;
+ readOnly = true;
+ };
+
system = mkOption {
type = types.raw;
};
@@ -64,6 +69,7 @@ in {
mailHost.mdaListen = cfg.hostAddr6;
nspawn.dmz = {
+ dmzAddr6 = dmzNet.hosts.mta.v6.address;
hostAddr6 = dmzNet.hosts.gateway.v6.address;
system = let
@@ -78,7 +84,8 @@ in {
mta = {
mdaAddr = "[${mailHost.mdaListen}]";
- inherit (mailHost) saslPort lmtpPort;
+ mtaListen = cfg.mtaAddr6;
+ inherit (mailHost) mtaListen saslPort lmtpPort;
};
web.sites = {
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-10 19:39:15 +0000