flake.lock

@@ -279,21 +279,6 @@
         "type": "indirect"
       }
     },
-    "nixpkgs-23_05": {
-      "locked": {
-        "lastModified": 1704290814,
-        "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
-        "type": "github"
-      },
-      "original": {
-        "id": "nixpkgs",
-        "ref": "nixos-23.05",
-        "type": "indirect"
-      }
-    },
     "nixpkgs-droid": {
       "locked": {
         "lastModified": 1702350026,
@@ -344,11 +329,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1705316053,
+        "lastModified": 1702312524,
-        "narHash": "sha256-J2Ey5mPFT8gdfL2XC0JTZvKaBw/b2pnyudEXFvl+dQM=",
+        "narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "c3e128f3c0ecc1fb04aef9f72b3dcc2f6cecf370",
+        "rev": "a9bf124c46ef298113270b1f84a164865987a91c",
         "type": "github"
       },
       "original": {
@@ -440,20 +425,22 @@
         "flake-compat": "flake-compat",
         "nixpkgs": "nixpkgs_2",
         "nixpkgs-22_11": "nixpkgs-22_11",
-        "nixpkgs-23_05": "nixpkgs-23_05",
+        "nixpkgs-23_05": [
+          "nixpkgs"
+        ],
         "utils": "utils_2"
       },
       "locked": {
-        "lastModified": 1703666786,
+        "lastModified": 1687462267,
-        "narHash": "sha256-SLPNpM/rI8XPyVJAxMYAe+n6NiYSpuXvdwPILHP4yZI=",
+        "narHash": "sha256-rNSputjn/0HEHHnsKfQ8mQVEPVchcBw7DsbND7Wg8dk=",
         "owner": "simple-nixos-mailserver",
         "repo": "nixos-mailserver",
-        "rev": "b5023b36a1f6628865cb42b4353bd2ddde0ea9f4",
+        "rev": "24128c3052090311688b09a400aa408ba61c6ee5",
         "type": "gitlab"
       },
       "original": {
         "owner": "simple-nixos-mailserver",
-        "ref": "master",
+        "ref": "nixos-23.05",
         "repo": "nixos-mailserver",
         "type": "gitlab"
       }

flake.nix

@@ -16,8 +16,8 @@
 
     # simple mailserver
     snm = {
-      url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master";
+      url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05";
-      #      inputs.nixpkgs-23_05.follows = "nixpkgs";
+      inputs.nixpkgs-23_05.follows = "nixpkgs";
     };
 
     nix-on-droid = {
@@ -42,46 +42,41 @@
     };
   };
 
-  outputs =
+  outputs = { home-manager, nixpkgs, agenix, snm, ... }@inputs: {
-    { home-manager, nixpkgs, nixpkgs-unstable, agenix, snm, ... }@inputs: {
+    nixosConfigurations."thrall" = nixpkgs.lib.nixosSystem {
-      nixosConfigurations."thrall" = nixpkgs.lib.nixosSystem {
+      system = "x86_64-linux";
-        system = "x86_64-linux";
+      specialArgs = { inherit inputs; };
-        specialArgs = { inherit inputs; };
+      modules = [
-        modules = let
+        ({ inputs, lib, ... }: {
-          postfix-overlay = final: prev: {
+          nixpkgs = {
-            postfix = nixpkgs-unstable.legacyPackages."x86_64-linux".postfix;
+            config.allowUnfree = true;
+            overlays = with inputs; [ emacs.overlay ];
           };
-        in [
+          nix.registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
-          ({ inputs, lib, ... }: {
+        })
-            nixpkgs = {
+        snm.nixosModule
-              config.allowUnfree = true;
+        ./modules/security.nix
-              overlays = with inputs; [ emacs.overlay postfix-overlay ];
+        ./hosts/thrall
-            };
+        agenix.nixosModules.age
-            nix.registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
+        home-manager.nixosModules.home-manager
-          })
+        {
-          snm.nixosModule
+          home-manager.useGlobalPkgs = true;
-          ./modules/security.nix
+          home-manager.useUserPackages = true;
-          ./hosts/thrall
+          home-manager.users.alex = import ./home/cli.nix;
-          agenix.nixosModules.age
+        }
-          home-manager.nixosModules.home-manager
+      ];
-          {
+    };
-            home-manager.useGlobalPkgs = true;
+
-            home-manager.useUserPackages = true;
+    nixosConfigurations."dregil" = import ./hosts/dregil { inherit inputs; };
-            home-manager.users.alex = import ./home/cli.nix;
+    homeConfigurations = import ./outputs/homeConfigurations inputs;
-          }
+
+    nixOnDroidConfigurations.default = with inputs;
+      nix-on-droid.lib.nixOnDroidConfiguration {
+        modules = [
+          ./hosts/redmi
+          { nix.registry.nixpkgs.flake = nixpkgs-droid; }
+          { nix.nixPath = [ "nixpkgs=${nixpkgs-droid}" ]; }
         ];
       };
-
+  };
-      nixosConfigurations."dregil" = import ./hosts/dregil { inherit inputs; };
-      homeConfigurations = import ./outputs/homeConfigurations inputs;
-
-      nixOnDroidConfigurations.default = with inputs;
-        nix-on-droid.lib.nixOnDroidConfiguration {
-          modules = [
-            ./hosts/redmi
-            { nix.registry.nixpkgs.flake = nixpkgs-droid; }
-            { nix.nixPath = [ "nixpkgs=${nixpkgs-droid}" ]; }
-          ];
-        };
-    };
 }

hosts/thrall/default.nix

@@ -14,7 +14,7 @@ in {
 
   nix.package = pkgs.nixUnstable;
   nix.extraOptions = ''
-    experimental-features = nix-command flakes repl-flake ca-derivations
+    experimental-features = nix-command flakes ca-derivations
   '';
   # nix.registry.nixpkgs.flake = nixpkgs;
 
@@ -322,19 +322,8 @@ in {
   services.fail2ban = {
     enable = true;
     maxretry = 5;
-
-    bantime = "1h";
-    bantime-increment.enable = true;
-
     ignoreIP =
       [ "127.0.0.0/8" "195.90.211.228/22" "10.0.0.0/8" "192.168.0.0/16" ];
-
-    jails.postfix = ''
-      filter   = postfix
-      maxretry = 3
-      action   = iptables[name=postfix, port=smtp, protocol=tcp]
-      enabled  = true
-    '';
   };
 
   services.syncthing = {