grimm-nixos-laptop/modules/email.nix

50 lines
1.3 KiB
Nix
Raw Normal View History

2024-05-08 21:50:08 +02:00
{ config, ... }:
2024-05-08 21:49:37 +02:00
let
inherit (config.networking) domain;
mail_host = "mail.${domain}";
2024-05-08 21:50:08 +02:00
in
{
2024-05-08 21:49:37 +02:00
security.acme.certs."${domain}".extraDomainNames = [ mail_host ];
2024-05-08 21:50:08 +02:00
# services.dovecot2.sieve.extensions = [ "fileinto" ]; # sives break without this for some reason
2024-05-08 21:49:37 +02:00
mailserver = {
enable = true;
fqdn = mail_host;
domains = [ domain ];
# A list of all login accounts. To create the password hashes, use
# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
loginAccounts = {
"contact@${domain}" = {
hashedPasswordFile = ./mailpass/contact;
2024-05-08 21:50:08 +02:00
aliases = [ "kontakt@${domain}" ];
2024-05-08 21:49:37 +02:00
};
"admin@${domain}" = {
hashedPasswordFile = ./mailpass/admin;
};
"grimmauld@${domain}" = {
hashedPasswordFile = ./mailpass/grimmauld;
};
};
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
# down nginx and opens port 80.
certificateScheme = "manual";
certificateFile = "/var/lib/acme/${domain}/fullchain.pem";
keyFile = "/var/lib/acme/${domain}/key.pem";
};
2024-05-08 21:50:08 +02:00
services.nginx = {
2024-05-08 21:49:37 +02:00
enable = true;
2024-05-08 21:50:08 +02:00
virtualHosts."${mail_host}" = {
# you should NOT be here from a browser :P
2024-05-08 21:49:37 +02:00
serverName = mail_host;
forceSSL = true;
useACMEHost = domain;
locations."/" = {
return = "307 https://${domain}";
};
};
};
}