Add SD image pipeline, documentation overhaul, and fix module issues

- Add automatic SD image builds for Raspberry Pi via Forgejo Actions - Enable binfmt emulation on cryodev-main for aarch64 cross-builds - Add sd-image.nix module to cryodev-pi configuration - Create comprehensive docs/ structure with installation guides - Split installation docs into: first-install (server), reinstall, new-client (Pi) - Add lib/utils.nix and apps/rebuild from synix - Fix headplane module for new upstream API (tale/headplane) - Fix various module issues (mailserver stateVersion, option conflicts) - Add placeholder secrets.yaml files for both hosts - Remove old INSTRUCTIONS.md (content moved to docs/)
2026-03-11 08:41:58 +01:00 · 2026-03-11 08:41:58 +01:00 · 5ba78886d2
commit 5ba78886d2
parent a5261d8ff0
44 changed files with 3570 additions and 609 deletions
--- a/modules/nixos/mailserver/default.nix
+++ b/modules/nixos/mailserver/default.nix
@ -66,8 +66,10 @@ in
      fqdn = mkDefault fqdn;

      domains = mkDefault [ domain ];
-      certificateScheme = mkDefault "acme-nginx";
-      stateVersion = mkDefault 1;
+      # stateVersion 3 requires the new mail directory structure
+      # For new installations, this is the correct value
+      # For existing installations, see: https://nixos-mailserver.readthedocs.io/en/latest/migrations.html
+      stateVersion = mkDefault 3;

      loginAccounts = mapAttrs' (
        user: accConf:
@ -79,8 +81,14 @@ in
          hashedPasswordFile = config.sops.secrets."mailserver/accounts/${user}".path;
        }
      ) cfg.accounts;
+
+      # Use ACME for certificate
+      x509.useACMEHost = mkDefault fqdn;
    };

+    # ACME certificate for mail server
+    security.acme.certs.${fqdn} = { };
+
    security.acme = {
      acceptTerms = true;
      defaults.email = mkDefault "postmaster@cryodev.xyz";