blob: ba554ac5e345a818e79e8922aff20d5f346a0874 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
{
extraModules,
pkgs,
vhackPackages,
}: {
mkMailServer = serverName: principal: {
config,
lib,
nodes,
...
}: {
imports =
extraModules
++ [
../../../../../modules
./acme/client.nix
];
environment.systemPackages = [
pkgs.bind
pkgs.openssl
];
networking.nameservers = lib.mkForce [
nodes.name_server.networking.primaryIPAddress
nodes.name_server.networking.primaryIPv6Address
];
age.identityPaths = ["${../secrets/hostKey}"];
vhack = {
stalwart-mail = {
enable = true;
fqdn = "${serverName}.server.com";
admin = "admin@${serverName}.server.com";
security = {
dkimKeys = let
loadKey = name: {
dkimPublicKey = builtins.readFile (../secrets/dkim + "/${name}/public");
dkimPrivateKeyPath = ../secrets/dkim + "/${name}/private.age";
keyAlgorithm = "ed25519-sha256";
};
in {
"mail1.server.com" = loadKey "mail1.server.com";
"mail2.server.com" = loadKey "mail2.server.com";
"alice.com" = loadKey "alice.com";
"bob.com" = loadKey "bob.com";
};
verificationMode = "strict";
allowInsecureSmtp = false;
};
openFirewall = true;
principals = [principal];
};
};
};
}
|
