54 lines
1.5 KiB
Nix
54 lines
1.5 KiB
Nix
{config, ...}: {
|
|
mailserver = {
|
|
enable = true;
|
|
stateVersion = 3;
|
|
|
|
# domain bs
|
|
fqdn = "mail.${config.networking.domain}";
|
|
domains = ["${config.networking.domain}"];
|
|
x509.useACMEHost = config.mailserver.fqdn;
|
|
|
|
loginAccounts = {
|
|
# test acc
|
|
"test@${config.networking.domain}" = {
|
|
hashedPasswordFile = builtins.toString config.age.secrets.mailserver-acc-test-pw.path;
|
|
};
|
|
"admin@${config.networking.domain}" = {
|
|
hashedPasswordFile = builtins.toString config.age.secrets.mailserver-acc-admin-pw.path;
|
|
aliases = ["@${config.networking.domain}"];
|
|
};
|
|
};
|
|
};
|
|
|
|
# put dkim key into /etc for declarability
|
|
mailserver.dkimKeyDirectory = "/etc/dkim";
|
|
environment.etc."dkim/${config.networking.domain}.${config.mailserver.dkimSelector}.key".source =
|
|
config.age.secrets."dkim-${config.networking.domain}.${config.mailserver.dkimSelector}.key".path;
|
|
|
|
# does acme for me
|
|
services.nginx = {
|
|
enable = true;
|
|
virtualHosts = {
|
|
"mail.${config.networking.domain}" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
};
|
|
};
|
|
};
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults.email = "mtgmonket@gmail.com";
|
|
};
|
|
|
|
# persist directories per the backup guidelines
|
|
environment.persistence."/persist" = {
|
|
directories = [
|
|
# not needed bc the dkim dir is declared
|
|
# "/var/dkim"
|
|
"/var/vmail"
|
|
"/var/lib/redis-rspamd"
|
|
"/var/lib/acme"
|
|
];
|
|
};
|
|
}
|