Feat: Add mailserver

3 files changed, 141 insertions, 2 deletions

diff --git a/flake.lock b/flake.lock
index 8af459c..7848d91 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,21 @@
 {
   "nodes": {
+    "blobs": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1604995301,
+        "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
+        "owner": "simple-nixos-mailserver",
+        "repo": "blobs",
+        "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
+        "type": "gitlab"
+      },
+      "original": {
+        "owner": "simple-nixos-mailserver",
+        "repo": "blobs",
+        "type": "gitlab"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1675512093,
@@ -16,9 +32,77 @@
         "type": "github"
       }
     },
+    "nixpkgs-22_11": {
+      "locked": {
+        "lastModified": 1669558522,
+        "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-22.11",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1669542132,
+        "narHash": "sha256-DRlg++NJAwPh8io3ExBJdNW7Djs3plVI5jgYQ+iXAZQ=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "a115bb9bd56831941be3776c8a94005867f316a7",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-unstable",
+        "type": "indirect"
+      }
+    },
     "root": {
       "inputs": {
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": "nixpkgs",
+        "simple-nixos-mailserver": "simple-nixos-mailserver"
+      }
+    },
+    "simple-nixos-mailserver": {
+      "inputs": {
+        "blobs": "blobs",
+        "nixpkgs": "nixpkgs_2",
+        "nixpkgs-22_11": "nixpkgs-22_11",
+        "utils": "utils"
+      },
+      "locked": {
+        "lastModified": 1671659164,
+        "narHash": "sha256-DbpT+v1POwFOInbrDL+vMbYV3mVbTkMxmJ5j50QnOcA=",
+        "owner": "simple-nixos-mailserver",
+        "repo": "nixos-mailserver",
+        "rev": "bc667fb6afc45f6cc2d118ab77658faf2227cffd",
+        "type": "gitlab"
+      },
+      "original": {
+        "owner": "simple-nixos-mailserver",
+        "ref": "nixos-22.11",
+        "repo": "nixos-mailserver",
+        "type": "gitlab"
+      }
+    },
+    "utils": {
+      "locked": {
+        "lastModified": 1605370193,
+        "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "5021eac20303a61fafe17224c087f5519baed54d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
       }
     }
   },
diff --git a/flake.nix b/flake.nix
index 9df3c84..e087f96 100644
--- a/flake.nix
+++ b/flake.nix
@@ -4,17 +4,49 @@
 
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11-small";
+    simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-22.11";
   };
 
   outputs = {
     self,
     nixpkgs,
+    simple-nixos-mailserver,
     ...
   } @ attrs: {
     nixosConfigurations."server1" = nixpkgs.lib.nixosSystem {
       system = "x86_64-linux";
       specialArgs = attrs;
-      modules = [./hosts/server1/configuration.nix];
+      modules = [
+        ./hosts/server1/configuration.nix
+        simple-nixos-mailserver.nixosModule
+        {
+          mailserver = {
+            enable = true;
+            fqdn = "server1.vhack.eu";
+            domains = ["vhack.eu"];
+
+            mailDirectory = "/srv/mail/vmail";
+            dkimKeyDirectory = "/srv/mail/dkim";
+            backup.snapshotRoot = "/srv/mail/backup";
+
+            loginAccounts = {
+              "sils@vhack.eu" = {
+                hashedPasswordFile = "/srv/mail/.secrets/silsmailpswd";
+              };
+            };
+
+            extraVirtualAliases = {
+              "abuse@vhack.eu" = ["sils@vhack.eu"];
+              "postmaster@vhack.eu" = ["sils@vhack.eu"];
+            };
+
+            sieveDirectory = "/srv/mail/sieve";
+            keyFile = "/var/lib/acme/server1.vhack.eu/key.pem";
+            certificateScheme = 1;
+            certificateFile = "/var/lib/acme/server1.vhack.eu/fullchain.pem";
+          };
+        }
+      ];
     };
   };
 }
diff --git a/services/services/acme.nix b/services/services/acme.nix
index 42f9ed5..7e39174 100644
--- a/services/services/acme.nix
+++ b/services/services/acme.nix
@@ -1,6 +1,29 @@
 {...}: {
+  users.users.nginx.extraGroups = ["acme"];
+
+  services.nginx = {
+    enable = true;
+    virtualHosts = {
+      "acmechallenge.vhack.eu" = {
+        serverAliases = ["*.vhack.eu"];
+        locations."/.well-known/acme-challenge" = {
+          root = "/var/lib/acme/.challenges";
+        };
+        locations."/" = {
+          return = "301 https://$host$request_uri";
+        };
+      };
+    };
+  };
+
   security.acme = {
     acceptTerms = true;
     defaults.email = "admin@vhack.eu";
+    certs = {
+      "server1.vhack.eu" = {
+        webroot = "/var/lib/acme/.challenges";
+        group = "nginx";
+      };
+    };
   };
 }