55 lines
1.5 KiB
Nix
55 lines
1.5 KiB
Nix
{config, ...}: {
|
|
mailserver = {
|
|
enable = true;
|
|
stateVersion = 3;
|
|
|
|
# domain bs
|
|
fqdn = "mail.${config.networking.domain}";
|
|
domains = ["${config.networking.domain}"];
|
|
x509.useACMEHost = config.mailserver.fqdn;
|
|
|
|
loginAccounts = {
|
|
# test acc
|
|
"test@${config.networking.domain}" = {
|
|
hashedPasswordFile = builtins.toString config.age.secrets.mailserver-acc-test-pw.path;
|
|
};
|
|
"admin@${config.networking.domain}" = {
|
|
hashedPasswordFile = builtins.toString config.age.secrets.mailserver-acc-admin-pw.path;
|
|
aliases = ["@${config.networking.domain}"];
|
|
};
|
|
};
|
|
};
|
|
|
|
# put dkim key into /etc for declarability
|
|
mailserver.dkimKeyDirectory = "/etc/dkim";
|
|
environment.etc."dkim/${config.networking.domain}.${config.mailserver.dkimSelector}.key" = {
|
|
source = config.age.secrets."dkim-${config.networking.domain}.${config.mailserver.dkimSelector}.key".path;
|
|
mode = "600";
|
|
user = config.services.rspamd.user;
|
|
group = config.services.rspamd.group;
|
|
};
|
|
|
|
# does acme for me
|
|
services.nginx = {
|
|
enable = true;
|
|
virtualHosts = {
|
|
"mail.${config.networking.domain}" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
};
|
|
"matrix.${config.networking.domain}" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
};
|
|
"${config.networking.domain}" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
};
|
|
};
|
|
};
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults.email = "mtgmonket@gmail.com";
|
|
};
|
|
}
|