2023-12-29 10:23:10 +01:00
|
|
|
{ ... }:
|
|
|
|
let
|
|
|
|
root_host = "grimmauld.de";
|
|
|
|
mail_host = "mail.${root_host}";
|
|
|
|
in {
|
|
|
|
security.acme.certs."${root_host}".extraDomainNames = [ mail_host ];
|
|
|
|
|
2024-02-03 11:51:15 +01:00
|
|
|
# services.dovecot2.sieve.extensions = [ "fileinto" ]; # sives break without this for some reason
|
2023-12-29 10:23:10 +01:00
|
|
|
mailserver = {
|
|
|
|
enable = true;
|
|
|
|
fqdn = mail_host;
|
|
|
|
domains = [ root_host ];
|
|
|
|
|
|
|
|
# A list of all login accounts. To create the password hashes, use
|
|
|
|
# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
|
|
|
|
loginAccounts = {
|
|
|
|
"contact@${root_host}" = {
|
|
|
|
hashedPasswordFile = ./mailpass/contact;
|
|
|
|
aliases = ["kontakt@${root_host}"];
|
|
|
|
};
|
2023-12-30 11:01:06 +01:00
|
|
|
"admin@${root_host}" = {
|
|
|
|
hashedPasswordFile = ./mailpass/admin;
|
|
|
|
};
|
2024-02-03 11:51:15 +01:00
|
|
|
"grimmauld@${root_host}" = {
|
|
|
|
hashedPasswordFile = ./mailpass/grimmauld;
|
|
|
|
};
|
2023-12-29 10:23:10 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
|
|
|
|
# down nginx and opens port 80.
|
|
|
|
certificateScheme = "manual";
|
|
|
|
certificateFile = "/var/lib/acme/${root_host}/fullchain.pem";
|
|
|
|
keyFile = "/var/lib/acme/${root_host}/key.pem";
|
|
|
|
};
|
2023-12-29 10:41:25 +01:00
|
|
|
|
|
|
|
services.nginx = {
|
|
|
|
enable = true;
|
|
|
|
virtualHosts."${mail_host}" = { # you should NOT be here from a browser :P
|
|
|
|
serverName = mail_host;
|
|
|
|
forceSSL = true;
|
|
|
|
useACMEHost = root_host;
|
|
|
|
locations."/" = {
|
|
|
|
return = "307 https://${root_host}";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
2023-12-29 10:23:10 +01:00
|
|
|
}
|