The SMTPS (465) And Submission (587) ports expect encryption, either
implicitly (i.e. via direct TLS connection) or explicitly (i.e. via
STARTTLS), but this was not enforced previously. Port 25 remains
configured for opportunistic encryption, but will still not allow for
authentication over unencrypted transports.
The fixes here include typos, removals of deprecated paths, fixes for
first-boot-only systemd targets and related MariaDB migrate machinery,
better logging for Postfix, and an increase in the default request body
size for the default NGINX ingress.
This commit represents a large amount of work toward moving services to
a more standard approach to storing data, and a simplification in how
networks are managed.
This contains the culmination of work done privately for a few months,
and is intended to be a solid basis for other peoples' experimentations
with setting up single-node, home-server setups using Fedora CoreOS.