fix postfix submission from lan hosts
This commit is contained in:
parent
5f0e99e48d
commit
d44ce598ed
|
|
@ -80,13 +80,14 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Only allow mail delivery through through wg-sigma-public. Note that this
|
# Only allow mail delivery through wg-sigma-public. Note that this does not
|
||||||
# does not tell it to use the correct routing table. For proper internet
|
# tell it to use the correct routing table. For proper internet access, the
|
||||||
# access, the correct routing table is also configured by
|
# correct routing table is also configured by routingPolicyRuleConfig in
|
||||||
# routingPolicyRuleConfig in networking.nix.
|
# networking.nix. enp4s0f0 (lan) is additionally allowed to enable sending
|
||||||
|
# mails from lan hosts.
|
||||||
systemd.services.postfix = {
|
systemd.services.postfix = {
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
RestrictNetworkInterfaces = "lo wg-sigma-public";
|
RestrictNetworkInterfaces = "lo enp4s0f0 wg-sigma-public";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -85,27 +85,26 @@
|
||||||
matchConfig.Name = "wg-sigma-public";
|
matchConfig.Name = "wg-sigma-public";
|
||||||
address = ["49.13.33.75/32"];
|
address = ["49.13.33.75/32"];
|
||||||
routingPolicyRules = [
|
routingPolicyRules = [
|
||||||
{
|
|
||||||
# The postfix systemd service has
|
|
||||||
# RestrictNetworkInterfaces=wg-sigma-public, but that does not tell
|
|
||||||
# it to use the correct routing table.
|
|
||||||
routingPolicyRuleConfig = {
|
|
||||||
Priority = 10;
|
|
||||||
User = config.services.postfix.user;
|
|
||||||
Table = "wg-sigma-public";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
{
|
||||||
# Allow hosts on the local network to contact us directly on the
|
# Allow hosts on the local network to contact us directly on the
|
||||||
# public address instead of routing the packet through Wireguard and
|
# public address instead of routing the packet through Wireguard and
|
||||||
# back again.
|
# back again.
|
||||||
routingPolicyRuleConfig = {
|
routingPolicyRuleConfig = {
|
||||||
Priority = 500;
|
Priority = 10;
|
||||||
From = "49.13.33.75/32";
|
|
||||||
To = "192.168.0.0/24";
|
To = "192.168.0.0/24";
|
||||||
Table = "main";
|
Table = "main";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
# The postfix systemd service has
|
||||||
|
# RestrictNetworkInterfaces=wg-sigma-public, but that does not tell
|
||||||
|
# it to use the correct routing table.
|
||||||
|
routingPolicyRuleConfig = {
|
||||||
|
Priority = 100;
|
||||||
|
User = config.services.postfix.user;
|
||||||
|
Table = "wg-sigma-public";
|
||||||
|
};
|
||||||
|
}
|
||||||
{
|
{
|
||||||
# See the AllowedIPs comment above for why this is necessary
|
# See the AllowedIPs comment above for why this is necessary
|
||||||
routingPolicyRuleConfig = {
|
routingPolicyRuleConfig = {
|
||||||
|
|
@ -151,7 +150,7 @@
|
||||||
# RestrictNetworkInterfaces=wg-sigma-p2p, but that does not tell it
|
# RestrictNetworkInterfaces=wg-sigma-p2p, but that does not tell it
|
||||||
# to use the correct routing table.
|
# to use the correct routing table.
|
||||||
routingPolicyRuleConfig = {
|
routingPolicyRuleConfig = {
|
||||||
Priority = 10;
|
Priority = 100;
|
||||||
User = config.services.deluge.user;
|
User = config.services.deluge.user;
|
||||||
Table = "wg-sigma-p2p";
|
Table = "wg-sigma-p2p";
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue