blob: 09a070dadd824885824c4a8f1492c03e550dabf9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
{
mailserver = {
enable = true;
fqdn = "mail.sortug.com";
domains = [ "sortug.com" ];
# A list of all login accounts. To create the password hashes, use
# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
loginAccounts = {
"zh@sortug.com" = {
hashedPasswordFile = "/home/y/mail.key";
};
"jp@sortug.com" = {
hashedPasswordFile = "/home/y/mail.key";
};
"th@sortug.com" = {
hashedPasswordFile = "/home/y/mail.key";
};
"bd@sortug.com" = {
hashedPasswordFile = "/home/y/mail.key";
};
"info@sortug.com" = {
hashedPasswordFile = "/home/y/mail.key";
};
"admin@sortug.com" = { # legal and banking
hashedPasswordFile = "/home/y/mail.key";
};
"internal@sortug.com" = {
hashedPasswordFile = "/home/y/mail.key";
};
"billing@sortug.com" = {
hashedPasswordFile = "/home/y/mail.key";
};
"polwex@sortug.com" = {
hashedPasswordFile = "/home/y/mail2.key";
};
"kinode@sortug.com" = {
hashedPasswordFile = "/home/y/mail.key";
};
"hosting@sortug.com" = {
hashedPasswordFile = "/home/y/mail.key";
};
"support@sortug.com" = {
hashedPasswordFile = "/home/y/mail.key";
};
};
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
# down nginx and opens port 80.
certificateScheme = "acme-nginx";
};
security.acme.acceptTerms = true;
security.acme.defaults.email = "security@sortug.com";
# services.roundcube = {
# enable = true;
# # this is the url of the vhost, not necessarily the same as the fqdn of
# # the mailserver
# hostName = "mail.sortug.com";
# extraConfig = ''
# # starttls needed for authentication, so the fqdn required to match
# # the certificate
# $config['smtp_server'] = "tls://${config.mailserver.fqdn}";
# $config['smtp_user'] = "%u";
# $config['smtp_pass'] = "%p";
# '';
# };
services.nginx.enable = true;
}
|
