From 5c28c5d242c60c0fdceffa88a33c65d540e1c8b7 Mon Sep 17 00:00:00 2001
From: Benedikt Peetz <benedikt.peetz@b-peetz.de>
Date: Fri, 21 Mar 2025 12:26:14 +0100
Subject: hosts/server2: Setup stalwalt-mail on mail.vhack.eu for
 soispha@vhack.eu

We need to actually test stalwart out in the real world, because the
test can never actually capture all the weird things people do with
their mail setup.

Refs: #6ea08aa
---
 hosts/by-name/server2/configuration.nix | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

(limited to 'hosts/by-name/server2/configuration.nix')

diff --git a/hosts/by-name/server2/configuration.nix b/hosts/by-name/server2/configuration.nix
index 5fe635a..cbc1ff3 100644
--- a/hosts/by-name/server2/configuration.nix
+++ b/hosts/by-name/server2/configuration.nix
@@ -57,6 +57,37 @@
       enable = true;
       fqdn = "mail.foss-syndicate.org";
     };
+    stalwart-mail = {
+      enable = true;
+      fqdn = "mail.vhack.eu";
+      admin = "admin@vhack.eu";
+      security = {
+        dkimKeys = let
+          loadKey = name: {
+            dkimPublicKey = builtins.readFile (./secrets/dkim + "/${name}/public");
+            dkimPrivateKeyPath = ./secrets/dkim + "/${name}/private.age";
+            keyAlgorithm = "ed25519-sha256";
+          };
+        in {
+          "mail.vhack.eu" = loadKey "vhack.eu";
+        };
+        verificationMode = "strict";
+      };
+      openFirewall = true;
+      principals = [
+        {
+          class = "individual";
+          name = "soispha";
+          secret = "$2b$05$XX36sJuHNbTFvi8DFldscOeQBHahluSkiUqD9QGzQaET7NJusSuQW";
+          email = [
+            "soispha@vhack.eu"
+            "abuse@vhack.eu"
+            "postmaster@vhack.eu"
+            "admin@vhack.eu"
+          ];
+        }
+      ];
+    };
     nginx = {
       enable = true;
       redirects = {
-- 
cgit 1.4.1