diff options
| author | polwex <polwex@sortug.com> | 2024-07-21 01:49:04 +0700 |
|---|---|---|
| committer | polwex <polwex@sortug.com> | 2024-07-21 01:49:04 +0700 |
| commit | e64f7a78e01e5fa661471cb518cc71fc33223b5a (patch) | |
| tree | 691c444cf66e2f9d1ee63e4589ed09ec502baa3b /hosts/cloud/span/mail.nix | |
| parent | 0816d59542658a62928050ef5f08e1460e554959 (diff) | |
m
Diffstat (limited to 'hosts/cloud/span/mail.nix')
| -rw-r--r-- | hosts/cloud/span/mail.nix | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/hosts/cloud/span/mail.nix b/hosts/cloud/span/mail.nix new file mode 100644 index 0000000..d020fec --- /dev/null +++ b/hosts/cloud/span/mail.nix @@ -0,0 +1,67 @@ +{ config, pkgs, ... }: { + imports = [ + (builtins.fetchTarball { + url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-23.11/nixos-mailserver-nixos-23.11.tar.gz"; + # To get the sha256 of the nixos-mailserver tarball, we can use the nix-prefetch-url command: + # release="nixos-23.05"; nix-prefetch-url "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${release}/nixos-mailserver-${release}.tar.gz" --unpack + + sha256 = "122vm4n3gkvlkqmlskiq749bhwfd0r71v6vcmg1bbyg4998brvx8"; + }) + ]; + + services.dovecot2.sieve.extensions = [ "fileinto" ]; + mailserver = { + enable = true; + fqdn = "mail.spandrell.ch"; + domains = [ "spandrell.ch" ]; + + # A list of all login accounts. To create the password hashes, use + # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' + loginAccounts = { + "s@spandrell.ch" = { + hashedPasswordFile = "/home/span/mail.key"; + }; + "book@spandrell.ch" = { + hashedPasswordFile = "/home/span/mail.key"; + }; + "site@spandrell.ch" = { + hashedPasswordFile = "/home/span/mail.key"; + }; + "lol@spandrell.ch" = { + hashedPasswordFile = "/home/span/mail.key"; + }; + "sub@spandrell.ch" = { + hashedPasswordFile = "/home/span/mail.key"; + }; + "security@spandrell.ch" = { + hashedPasswordFile = "/home/span/mail.key"; + }; + "parallax@spandrell.ch" = { + hashedPassword = "$2y$12$RVCKyEwpPmQLznKOgtXiBOR3nRy5aT3rFMtypJiDe6xFPfi/r3TXq"; + }; + "finnem@spandrell.ch" = { + hashedPasswordFile = "/home/span/finnem.key"; + }; + }; + + # Use Let's Encrypt certificates. Note that this needs to set up a stripped + # down nginx and opens port 80. + certificateScheme = "acme-nginx"; + }; + security.acme.acceptTerms = true; + security.acme.defaults.email = "security@spandrell.ch"; + services.roundcube = { + enable = true; + # this is the url of the vhost, not necessarily the same as the fqdn of + # the mailserver + hostName = "mail.spandrell.ch"; + extraConfig = '' + # starttls needed for authentication, so the fqdn required to match + # the certificate + $config['smtp_server'] = "tls://${config.mailserver.fqdn}"; + $config['smtp_user'] = "%u"; + $config['smtp_pass'] = "%p"; + ''; + }; + services.nginx.enable = true; +} |