diff options
Diffstat (limited to 'hosts/cloud/sortug')
| -rw-r--r-- | hosts/cloud/sortug/configuration.nix | 4 | ||||
| -rw-r--r-- | hosts/cloud/sortug/mail.nix | 77 |
2 files changed, 79 insertions, 2 deletions
diff --git a/hosts/cloud/sortug/configuration.nix b/hosts/cloud/sortug/configuration.nix index d409f83..87dca09 100644 --- a/hosts/cloud/sortug/configuration.nix +++ b/hosts/cloud/sortug/configuration.nix @@ -17,8 +17,7 @@ ./minio.nix # ./coturn.nix ./disk-config.nix - ../sing/mail.nix - # ./mail.nix + ./mail.nix ]; boot = { @@ -92,4 +91,5 @@ }; }; system.stateVersion = "24.05"; # Did you read the comment? + users.users.y.openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+qXhCHNrSZmy4HEXaFn6xAp1w2GzQBMOfVdbR3E81Q cloudboxes"]; } diff --git a/hosts/cloud/sortug/mail.nix b/hosts/cloud/sortug/mail.nix new file mode 100644 index 0000000..ef10866 --- /dev/null +++ b/hosts/cloud/sortug/mail.nix @@ -0,0 +1,77 @@ +{ + config, + pkgs, + ... +}: { + # services.dovecot2.sieve.extensions = ["fileinto"]; + mailserver = { + enable = true; + fqdn = "mail.sortug.com"; + domains = ["sortug.com" "yago.onl"]; + # workaround + # A list of all login accounts. To create the password hashes, use + # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' + loginAccounts = { + "zh@sortug.com" = { + hashedPasswordFile = "/home/y/mail.key"; + }; + "jp@sortug.com" = { + hashedPasswordFile = "/home/y/mail.key"; + }; + "th@sortug.com" = { + hashedPasswordFile = "/home/y/mail.key"; + }; + "bd@sortug.com" = { + hashedPasswordFile = "/home/y/mail.key"; + }; + "info@sortug.com" = { + hashedPasswordFile = "/home/y/mail.key"; + }; + "admin@sortug.com" = { + # legal and banking + hashedPasswordFile = "/home/y/mail.key"; + }; + "internal@sortug.com" = { + hashedPasswordFile = "/home/y/mail.key"; + }; + "billing@sortug.com" = { + hashedPasswordFile = "/home/y/mail.key"; + }; + "polwex@sortug.com" = { + hashedPasswordFile = "/home/y/mail.key"; + }; + "kinode@sortug.com" = { + hashedPasswordFile = "/home/y/mail.key"; + }; + "hosting@sortug.com" = { + hashedPasswordFile = "/home/y/mail.key"; + }; + "support@sortug.com" = { + hashedPasswordFile = "/home/y/mail.key"; + }; + "sub@yago.onl" = { + hashedPasswordFile = "/home/y/mail.key"; + }; + }; + + # Use Let's Encrypt certificates. Note that this needs to set up a stripped + # down nginx and opens port 80. + certificateScheme = "acme-nginx"; + }; + security.acme.acceptTerms = true; + security.acme.defaults.email = "security@sortug.com"; + services.roundcube = { + enable = true; + # this is the url of the vhost, not necessarily the same as the fqdn of + # the mailserver + hostName = "mail.sortug.com"; + extraConfig = '' + # starttls needed for authentication, so the fqdn required to match + # the certificate + $config['smtp_server'] = "tls://${config.mailserver.fqdn}"; + $config['smtp_user'] = "%u"; + $config['smtp_pass'] = "%p"; + ''; + }; + services.nginx.enable = true; +} |