{ config, pkgs, ... }: { mailserver = { enable = true; fqdn = "mail.sortug.com"; domains = ["sortug.com"]; # A list of all login accounts. To create the password hashes, use # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' loginAccounts = { "zh@sortug.com" = { hashedPasswordFile = "/home/y/mail.key"; }; "jp@sortug.com" = { hashedPasswordFile = "/home/y/mail.key"; }; "th@sortug.com" = { hashedPasswordFile = "/home/y/mail.key"; }; "bd@sortug.com" = { hashedPasswordFile = "/home/y/mail.key"; }; "info@sortug.com" = { hashedPasswordFile = "/home/y/mail.key"; }; "admin@sortug.com" = { # legal and banking hashedPasswordFile = "/home/y/mail.key"; }; "internal@sortug.com" = { hashedPasswordFile = "/home/y/mail.key"; }; "billing@sortug.com" = { hashedPasswordFile = "/home/y/mail.key"; }; "polwex@sortug.com" = { hashedPasswordFile = "/home/y/mail2.key"; }; "kinode@sortug.com" = { hashedPasswordFile = "/home/y/mail.key"; }; "hosting@sortug.com" = { hashedPasswordFile = "/home/y/mail.key"; }; "support@sortug.com" = { hashedPasswordFile = "/home/y/mail.key"; }; }; # Use Let's Encrypt certificates. Note that this needs to set up a stripped # down nginx and opens port 80. certificateScheme = "acme-nginx"; }; security.acme.acceptTerms = true; security.acme.defaults.email = "security@sortug.com"; # services.roundcube = { # enable = true; # # this is the url of the vhost, not necessarily the same as the fqdn of # # the mailserver # hostName = "mail.sortug.com"; # extraConfig = '' # # starttls needed for authentication, so the fqdn required to match # # the certificate # $config['smtp_server'] = "tls://${config.mailserver.fqdn}"; # $config['smtp_user'] = "%u"; # $config['smtp_pass'] = "%p"; # ''; # }; services.nginx.enable = true; }