diff options
| author | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2025-03-21 12:26:14 +0100 |
|---|---|---|
| committer | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2025-03-29 15:13:15 +0100 |
| commit | 5c28c5d242c60c0fdceffa88a33c65d540e1c8b7 (patch) | |
| tree | a65b4547f7cc73f08e947d209b929452a3e7b2f5 /hosts/by-name/server2/configuration.nix | |
| parent | tests/email-dns/secrets: Re-key secrets, so that soispha and sils can read them (diff) | |
| download | nixos-server-5c28c5d242c60c0fdceffa88a33c65d540e1c8b7.zip | |
hosts/server2: Setup stalwalt-mail on mail.vhack.eu for soispha@vhack.eu
We need to actually test stalwart out in the real world, because the test can never actually capture all the weird things people do with their mail setup. Refs: #6ea08aa
Diffstat (limited to 'hosts/by-name/server2/configuration.nix')
| -rw-r--r-- | hosts/by-name/server2/configuration.nix | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/hosts/by-name/server2/configuration.nix b/hosts/by-name/server2/configuration.nix index 5fe635a..cbc1ff3 100644 --- a/hosts/by-name/server2/configuration.nix +++ b/hosts/by-name/server2/configuration.nix @@ -57,6 +57,37 @@ enable = true; fqdn = "mail.foss-syndicate.org"; }; + stalwart-mail = { + enable = true; + fqdn = "mail.vhack.eu"; + admin = "admin@vhack.eu"; + security = { + dkimKeys = let + loadKey = name: { + dkimPublicKey = builtins.readFile (./secrets/dkim + "/${name}/public"); + dkimPrivateKeyPath = ./secrets/dkim + "/${name}/private.age"; + keyAlgorithm = "ed25519-sha256"; + }; + in { + "mail.vhack.eu" = loadKey "vhack.eu"; + }; + verificationMode = "strict"; + }; + openFirewall = true; + principals = [ + { + class = "individual"; + name = "soispha"; + secret = "$2b$05$XX36sJuHNbTFvi8DFldscOeQBHahluSkiUqD9QGzQaET7NJusSuQW"; + email = [ + "soispha@vhack.eu" + "abuse@vhack.eu" + "postmaster@vhack.eu" + "admin@vhack.eu" + ]; + } + ]; + }; nginx = { enable = true; redirects = { |