blob: 55f2fb82412b62fd11056a13d6add22c32ba6346 (
plain) (
tree)
|
|
{
config,
lib,
...
}: let
cfg = config.vhack.mail;
all_admins = [
"sils@vhack.eu"
"soispha@vhack.eu"
"nightingale@vhack.eu"
];
in {
options.vhack.mail = {
enable = lib.mkEnableOption "sophisticated mail setup with simple-nixos-mailserver";
fqdn = lib.mkOption {
type = lib.types.str;
description = "The fqdn mailserver should be served on.";
};
};
config = lib.mkIf cfg.enable {
vhack.persist.directories = [
{
directory = "/var/lib/mail/backup";
user = "virtualMail";
group = "virtualMail";
mode = "0700";
}
{
directory = "/var/lib/mail/sieve";
user = "virtualMail";
group = "virtualMail";
mode = "0700";
}
{
directory = "/var/lib/mail/vmail";
user = "virtualMail";
group = "virtualMail";
mode = "0700";
}
{
directory = "/var/lib/mail/dkim";
user = "opendkim";
group = "opendkim";
mode = "0700";
}
{
directory = "/var/lib/postfix/data";
user = "postfix";
group = "postfix";
mode = "0700";
}
{
directory = "/var/lib/postfix/queue";
user = "postfix";
group = "postfix";
mode = "0700";
}
{
directory = "/var/lib/rspamd";
user = "rspamd";
group = "rspamd";
mode = "0700";
}
];
vhack.nginx.enable = true;
security.acme.certs = {
"${cfg.fqdn}" = {
domain = cfg.fqdn;
};
};
mailserver = {
enable = true;
inherit (cfg) fqdn;
useFsLayout = true;
extraVirtualAliases = {
"abuse@vhack.eu" = all_admins;
"postmaster@vhack.eu" = all_admins;
"admin@vhack.eu" = all_admins;
};
mailDirectory = "/var/lib/mail/vmail";
dkimKeyDirectory = "/var/lib/mail/dkim";
sieveDirectory = "/var/lib/mail/sieve";
backup.snapshotRoot = "/var/lib/mail/backup";
enableImap = false;
enableImapSsl = true;
enablePop3 = false;
enablePop3Ssl = true;
# SMTP
enableSubmission = false;
enableSubmissionSsl = true;
openFirewall = true;
keyFile = "/var/lib/acme/${cfg.fqdn}/key.pem";
certificateScheme = "acme";
certificateFile = "/var/lib/acme/${cfg.fqdn}/fullchain.pem";
domains = [
"vhack.eu"
"s-schoeffel.de"
"b-peetz.de"
"sils.li"
"nightingale.sils.li"
"sils.sils.li"
];
loginAccounts = {
"sils@vhack.eu" = {
hashedPassword = "$2b$05$RW/Svgk7iGxvP5W7ZwUZ1e.a3fj4fteevb2MtfFYYD0d1DQ17y9Fm";
};
"soispha@vhack.eu" = {
hashedPassword = "$2b$05$XX36sJuHNbTFvi8DFldscOeQBHahluSkiUqD9QGzQaET7NJusSuQW";
};
"benedikt.peetz@b-peetz.de" = {
hashedPassword = "$2b$05$MfET8utot2OolPZNASqoDe4VXNoG2chnEWhdfQ2E92mit0TvI2gBy";
aliases = ["@b-peetz.de"];
};
"silas.schoeffel@s-schoeffel.de" = {
hashedPassword = "$2b$05$Qb8rl7ncpCcTbsSdsduJBuOITp8RTD6sfOTjuxJsVtD9vjAYY9n8e";
aliases = ["@s-schoeffel.de"];
};
"nightingale@vhack.eu" = {
hashedPassword = "$2b$05$nDKVVq1EktKXWqGFhnOLP.plLovXFyvWSuptK9GIkxA5DScKFx6YS";
aliases = [
"@nightingale.sils.li"
];
};
"sils@sils.li" = {
hashedPassword = "$2b$05$Ebzh2ZhuWkz1p4tqJ172IejNZg10FtCxPDY4k6umYrpirXg7ezIRq";
aliases = [
"@sils.sils.li"
"@sils.li"
];
};
# Mail-Account used by hosted software
"mastodon@vhack.eu" = {
hashedPassword = "$2b$05$pSby3x2p3cHg0FyAE8IiJ.nYUqtAIR10JA8HNpHwMAiLXqc.ltSK.";
};
"peertube@vhack.eu" = {
hashedPassword = "$y$j9T$hyWQ8Awd2Xrc6qsK.2hwE1$LxACfaeW.yHGbkQL95dWtID9.zXL/aMwT6lp.yU/0g0";
};
};
};
users = {
users = {
knot-resolver.uid = config.vhack.constants.ids.uids.knot-resolver;
redis-rspamd.uid = config.vhack.constants.ids.uids.redis-rspamd;
rspamd.uid = config.vhack.constants.ids.uids.rspamd;
};
groups = {
knot-resolver.gid = lib.mkForce config.vhack.constants.ids.gids.knot-resolver;
redis-rspamd.gid = config.vhack.constants.ids.gids.redis-rspamd;
rspamd.gid = config.vhack.constants.ids.gids.rspamd;
};
};
};
}
|
