diff options
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/mta/default.nix | 11 | ||||
| -rw-r--r-- | sys/nspawn/dmz.nix | 7 |
2 files changed, 15 insertions, 3 deletions
diff --git a/sys/mta/default.nix b/sys/mta/default.nix index 15476bf..2bd0cdd 100644 --- a/sys/mta/default.nix +++ b/sys/mta/default.nix @@ -47,7 +47,7 @@ in { type = types.port; }; - relayListen = mkOption { + mtaListen = mkOption { type = types.str; }; }; @@ -147,6 +147,7 @@ in { { mydomain = domain; myhostname = mtaDomain.main; + inet_interfaces = [cfg.mtaListen]; myorigin = "$mydomain"; #TODO: check_recipient_access para rechazar localhost desde afuera @@ -217,8 +218,6 @@ in { milter_default_action = "accept"; } // optionalAttrs isBackup { - inet_interfaces = [cfg.relayListen]; - smtpd_relay_restrictions = [ "reject_unauth_destination" ]; @@ -261,5 +260,11 @@ in { }; security.acme.certs.${mtaDomain.main}.reloadServices = ["postfix.service"]; + + # Evita race condition en bind de inet_interfaces + systemd.services.postfix-setup = { + after = ["network-online.target"]; + wants = ["network-online.target"]; + }; }; } diff --git a/sys/nspawn/dmz.nix b/sys/nspawn/dmz.nix index 4cb3901..626993d 100644 --- a/sys/nspawn/dmz.nix +++ b/sys/nspawn/dmz.nix @@ -36,6 +36,11 @@ in { readOnly = true; }; + mtaAddr6 = mkOption { + type = types.str; + readOnly = true; + }; + system = mkOption { type = types.raw; }; @@ -64,6 +69,7 @@ in { mailHost.mdaListen = cfg.hostAddr6; nspawn.dmz = { + mtaAddr6 = dmzNet.hosts.mta.v6.address; hostAddr6 = dmzNet.hosts.gateway.v6.address; system = let @@ -78,6 +84,7 @@ in { mta = { mdaAddr = "[${mailHost.mdaListen}]"; + mtaListen = cfg.mtaAddr6; inherit (mailHost) saslPort lmtpPort; }; |