{ config, lib, ... }: let cfg = config.vhack.mail; all_admins = [ "sils@vhack.eu" "soispha@vhack.eu" "nightingale@vhack.eu" ]; in { options.vhack.mail = { enable = lib.mkEnableOption "sophisticated mail setup with simple-nixos-mailserver"; fqdn = lib.mkOption { type = lib.types.str; description = "The fqdn mailserver should be served on."; }; }; config = lib.mkIf cfg.enable { vhack.persist.directories = [ { directory = "/var/lib/mail/backup"; user = "virtualMail"; group = "virtualMail"; mode = "0700"; } { directory = "/var/lib/mail/sieve"; user = "virtualMail"; group = "virtualMail"; mode = "0700"; } { directory = "/var/lib/mail/vmail"; user = "virtualMail"; group = "virtualMail"; mode = "0700"; } { directory = "/var/lib/mail/dkim"; user = "opendkim"; group = "opendkim"; mode = "0700"; } { directory = "/var/lib/postfix/data"; user = "postfix"; group = "postfix"; mode = "0700"; } { directory = "/var/lib/postfix/queue"; user = "postfix"; group = "postfix"; mode = "0700"; } { directory = "/var/lib/rspamd"; user = "rspamd"; group = "rspamd"; mode = "0700"; } ]; vhack.nginx.enable = true; security.acme.certs = { "${cfg.fqdn}" = { domain = cfg.fqdn; }; }; mailserver = { enable = true; inherit (cfg) fqdn; useFsLayout = true; extraVirtualAliases = { "abuse@vhack.eu" = all_admins; "postmaster@vhack.eu" = all_admins; "admin@vhack.eu" = all_admins; }; mailDirectory = "/var/lib/mail/vmail"; dkimKeyDirectory = "/var/lib/mail/dkim"; sieveDirectory = "/var/lib/mail/sieve"; backup.snapshotRoot = "/var/lib/mail/backup"; enableImap = false; enableImapSsl = true; enablePop3 = false; enablePop3Ssl = true; # SMTP enableSubmission = false; enableSubmissionSsl = true; openFirewall = true; keyFile = "/var/lib/acme/${cfg.fqdn}/key.pem"; certificateScheme = "acme"; certificateFile = "/var/lib/acme/${cfg.fqdn}/fullchain.pem"; domains = [ "vhack.eu" "s-schoeffel.de" "b-peetz.de" "sils.li" "nightingale.sils.li" "sils.sils.li" ]; loginAccounts = { "sils@vhack.eu" = { hashedPassword = "$2b$05$RW/Svgk7iGxvP5W7ZwUZ1e.a3fj4fteevb2MtfFYYD0d1DQ17y9Fm"; }; "soispha@vhack.eu" = { hashedPassword = "$2b$05$XX36sJuHNbTFvi8DFldscOeQBHahluSkiUqD9QGzQaET7NJusSuQW"; }; "benedikt.peetz@b-peetz.de" = { hashedPassword = "$2b$05$MfET8utot2OolPZNASqoDe4VXNoG2chnEWhdfQ2E92mit0TvI2gBy"; aliases = ["@b-peetz.de"]; }; "silas.schoeffel@s-schoeffel.de" = { hashedPassword = "$2b$05$Qb8rl7ncpCcTbsSdsduJBuOITp8RTD6sfOTjuxJsVtD9vjAYY9n8e"; aliases = ["@s-schoeffel.de"]; }; "nightingale@vhack.eu" = { hashedPassword = "$2b$05$nDKVVq1EktKXWqGFhnOLP.plLovXFyvWSuptK9GIkxA5DScKFx6YS"; aliases = [ "@nightingale.sils.li" ]; }; "sils@sils.li" = { hashedPassword = "$2b$05$Ebzh2ZhuWkz1p4tqJ172IejNZg10FtCxPDY4k6umYrpirXg7ezIRq"; aliases = [ "@sils.sils.li" "@sils.li" ]; }; # Mail-Account used by hosted software "mastodon@vhack.eu" = { hashedPassword = "$2b$05$pSby3x2p3cHg0FyAE8IiJ.nYUqtAIR10JA8HNpHwMAiLXqc.ltSK."; }; "peertube@vhack.eu" = { hashedPassword = "$y$j9T$hyWQ8Awd2Xrc6qsK.2hwE1$LxACfaeW.yHGbkQL95dWtID9.zXL/aMwT6lp.yU/0g0"; }; }; }; users = { users = { knot-resolver.uid = config.vhack.constants.ids.uids.knot-resolver; redis-rspamd.uid = config.vhack.constants.ids.uids.redis-rspamd; rspamd.uid = config.vhack.constants.ids.uids.rspamd; }; groups = { knot-resolver.gid = lib.mkForce config.vhack.constants.ids.gids.knot-resolver; redis-rspamd.gid = config.vhack.constants.ids.gids.redis-rspamd; rspamd.gid = config.vhack.constants.ids.gids.rspamd; }; }; }; }