diff options
Diffstat (limited to 'system/services')
| -rw-r--r-- | system/services/default.nix | 1 | ||||
| -rw-r--r-- | system/services/mail/default.nix | 43 | ||||
| -rw-r--r-- | system/services/mail/users.nix | 16 |
3 files changed, 60 insertions, 0 deletions
diff --git a/system/services/default.nix b/system/services/default.nix index bbd3957..3633dbe 100644 --- a/system/services/default.nix +++ b/system/services/default.nix @@ -2,6 +2,7 @@ imports = [ ./fail2ban ./keycloak + ./mail ./minecraft ./nginx ./nix diff --git a/system/services/mail/default.nix b/system/services/mail/default.nix new file mode 100644 index 0000000..5bfdb8c --- /dev/null +++ b/system/services/mail/default.nix @@ -0,0 +1,43 @@ +{lib, ...}: let + all_admins = [ + "sils@vhack.eu" + "soispha@vhack.eu" + "nightingale@vhack.eu" + ]; + users = import ./users.nix {}; +in { + mailserver = + lib.recursiveUpdate { + enable = true; + fqdn = "server1.vhack.eu"; + + useFsLayout = true; + + extraVirtualAliases = { + "abuse@vhack.eu" = all_admins; + "postmaster@vhack.eu" = all_admins; + "admin@vhack.eu" = all_admins; + }; + + mailDirectory = "/srv/mail/vmail"; + dkimKeyDirectory = "/srv/mail/dkim"; + sieveDirectory = "/srv/mail/sieve"; + backup.snapshotRoot = "/srv/mail/backup"; + + enableImap = false; + enableImapSsl = true; + enablePop3 = false; + enablePop3Ssl = true; + # SMTP + enableSubmission = false; + enableSubmissionSsl = true; + openFirewall = true; + + keyFile = "/var/lib/acme/server1.vhack.eu/key.pem"; + certificateScheme = "acme"; + certificateFile = "/var/lib/acme/server1.vhack.eu/fullchain.pem"; + } + users; +} +# vim: ts=2 + diff --git a/system/services/mail/users.nix b/system/services/mail/users.nix new file mode 100644 index 0000000..47b80fb --- /dev/null +++ b/system/services/mail/users.nix @@ -0,0 +1,16 @@ +{...}: { + # vhack.eu {{{ + domains = ["vhack.eu"]; + loginAccounts = { + "sils@vhack.eu" = { + hashedPassword = "$2b$05$RW/Svgk7iGxvP5W7ZwUZ1e.a3fj4fteevb2MtfFYYD0d1DQ17y9Fm"; + }; + "soispha@vhack.eu" = { + hashedPassword = "$2b$05$XX36sJuHNbTFvi8DFldscOeQBHahluSkiUqD9QGzQaET7NJusSuQW"; + }; + "nightingale@vhack.eu" = { + hashedPassword = "$2b$05$THIS_PASSWORD_HASH_IS_NOT_REAL,_PLEASE_CHANGE_IT_..._"; # TODO change + }; + }; + #}}} +} |