{hosts/server3,zones/vhack.eu}: Activate stalwart-mail on server3 for soispha

1 files changed, 31 insertions, 0 deletions

diff --git a/hosts/by-name/server3/configuration.nix b/hosts/by-name/server3/configuration.nix
index a89e047..7f5bce5 100644
--- a/hosts/by-name/server3/configuration.nix
+++ b/hosts/by-name/server3/configuration.nix
@@ -67,6 +67,37 @@
         "/var/log"
       ];
     };
+    stalwart-mail = {
+      enable = true;
+      fqdn = "mail.vhack.eu";
+      admin = "admin@vhack.eu";
+      security = {
+        dkimKeys = let
+          loadKey = name: {
+            dkimPublicKey = builtins.readFile (./secrets/dkim + "/${name}-public");
+            dkimPrivateKeyPath = ./secrets/dkim + "/${name}-private.age";
+            keyAlgorithm = "ed25519-sha256";
+          };
+        in {
+          "mail.vhack.eu" = loadKey "mail.vhack.eu";
+        };
+        verificationMode = "strict";
+      };
+      openFirewall = true;
+      principals = [
+        {
+          class = "individual";
+          name = "soispha";
+          secret = "$2b$05$XX36sJuHNbTFvi8DFldscOeQBHahluSkiUqD9QGzQaET7NJusSuQW";
+          email = [
+            "soispha@vhack.eu"
+            "abuse@vhack.eu"
+            "postmaster@vhack.eu"
+            "admin@vhack.eu"
+          ];
+        }
+      ];
+    };
     postgresql.enable = true;
     rust-motd.enable = true;
     users.enable = true;