2024-05-08 21:50:08 +02:00
|
|
|
{ config, ... }:
|
2024-05-08 21:49:37 +02:00
|
|
|
let
|
|
|
|
inherit (config.networking) domain;
|
|
|
|
mail_host = "mail.${domain}";
|
2024-05-08 21:50:08 +02:00
|
|
|
in
|
|
|
|
{
|
2024-05-08 21:49:37 +02:00
|
|
|
security.acme.certs."${domain}".extraDomainNames = [ mail_host ];
|
|
|
|
|
2024-05-08 21:50:08 +02:00
|
|
|
# services.dovecot2.sieve.extensions = [ "fileinto" ]; # sives break without this for some reason
|
2024-05-08 21:49:37 +02:00
|
|
|
mailserver = {
|
|
|
|
enable = true;
|
|
|
|
fqdn = mail_host;
|
|
|
|
domains = [ domain ];
|
|
|
|
|
|
|
|
# A list of all login accounts. To create the password hashes, use
|
|
|
|
# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
|
|
|
|
loginAccounts = {
|
|
|
|
"contact@${domain}" = {
|
|
|
|
hashedPasswordFile = ./mailpass/contact;
|
2024-05-08 21:50:08 +02:00
|
|
|
aliases = [ "kontakt@${domain}" ];
|
2024-05-08 21:49:37 +02:00
|
|
|
};
|
|
|
|
"admin@${domain}" = {
|
|
|
|
hashedPasswordFile = ./mailpass/admin;
|
|
|
|
};
|
|
|
|
"grimmauld@${domain}" = {
|
|
|
|
hashedPasswordFile = ./mailpass/grimmauld;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
|
|
|
|
# down nginx and opens port 80.
|
|
|
|
certificateScheme = "manual";
|
|
|
|
certificateFile = "/var/lib/acme/${domain}/fullchain.pem";
|
|
|
|
keyFile = "/var/lib/acme/${domain}/key.pem";
|
|
|
|
};
|
|
|
|
|
2024-05-08 21:50:08 +02:00
|
|
|
services.nginx = {
|
2024-05-08 21:49:37 +02:00
|
|
|
enable = true;
|
2024-05-08 21:50:08 +02:00
|
|
|
virtualHosts."${mail_host}" = {
|
|
|
|
# you should NOT be here from a browser :P
|
2024-05-08 21:49:37 +02:00
|
|
|
serverName = mail_host;
|
|
|
|
forceSSL = true;
|
|
|
|
useACMEHost = domain;
|
|
|
|
locations."/" = {
|
|
|
|
return = "307 https://${domain}";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|