{ config, pkgs, ... }: { # services.dovecot2.sieve.extensions = ["fileinto"]; mailserver = { enable = true; stateVersion = 3; fqdn = "mail.sortug.com"; domains = ["sortug.com" "yago.onl"]; # workaround # A list of all login accounts. To create the password hashes, use # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' loginAccounts = { "zh@sortug.com" = { hashedPasswordFile = "/home/y/mail.key"; }; "jp@sortug.com" = { hashedPasswordFile = "/home/y/mail.key"; }; "th@sortug.com" = { hashedPasswordFile = "/home/y/mail.key"; }; "bd@sortug.com" = { hashedPasswordFile = "/home/y/mail.key"; }; "info@sortug.com" = { hashedPasswordFile = "/home/y/mail.key"; }; "admin@sortug.com" = { # legal and banking hashedPasswordFile = "/home/y/mail.key"; }; "internal@sortug.com" = { hashedPasswordFile = "/home/y/mail.key"; }; "billing@sortug.com" = { hashedPasswordFile = "/home/y/mail.key"; }; "polwex@sortug.com" = { hashedPasswordFile = "/home/y/mail.key"; }; "kinode@sortug.com" = { hashedPasswordFile = "/home/y/mail.key"; }; "hosting@sortug.com" = { hashedPasswordFile = "/home/y/mail.key"; }; "support@sortug.com" = { hashedPasswordFile = "/home/y/mail.key"; }; "sub@yago.onl" = { hashedPasswordFile = "/home/y/mail.key"; }; }; # Use Let's Encrypt certificates. Note that this needs to set up a stripped # down nginx and opens port 80. certificateScheme = "acme-nginx"; }; security.acme.acceptTerms = true; security.acme.defaults.email = "security@sortug.com"; services.roundcube = { enable = true; # this is the url of the vhost, not necessarily the same as the fqdn of # the mailserver hostName = "mail.sortug.com"; extraConfig = '' # starttls needed for authentication, so the fqdn required to match # the certificate $config['smtp_server'] = "tls://${config.mailserver.fqdn}"; $config['smtp_user'] = "%u"; $config['smtp_pass'] = "%p"; ''; }; services.nginx.enable = true; }