2024-05-08 21:50:08 +02:00
|
|
|
{ config, ... }:
|
2024-05-08 21:49:37 +02:00
|
|
|
let
|
2024-05-09 14:55:02 +02:00
|
|
|
inherit (config.serverConfig) ports vhosts;
|
2024-05-08 21:49:37 +02:00
|
|
|
inherit (config.networking) domain;
|
2024-05-08 21:50:08 +02:00
|
|
|
in
|
|
|
|
{
|
|
|
|
# services.dovecot2.sieve.extensions = [ "fileinto" ]; # sives break without this for some reason
|
2024-05-08 21:49:37 +02:00
|
|
|
mailserver = {
|
|
|
|
enable = true;
|
2024-05-09 14:55:02 +02:00
|
|
|
fqdn = vhosts.mail_host.host;
|
2024-05-08 21:49:37 +02:00
|
|
|
domains = [ domain ];
|
|
|
|
|
|
|
|
# A list of all login accounts. To create the password hashes, use
|
|
|
|
# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
|
|
|
|
loginAccounts = {
|
|
|
|
"contact@${domain}" = {
|
|
|
|
hashedPasswordFile = ./mailpass/contact;
|
2024-05-08 21:50:08 +02:00
|
|
|
aliases = [ "kontakt@${domain}" ];
|
2024-05-08 21:49:37 +02:00
|
|
|
};
|
|
|
|
"admin@${domain}" = {
|
|
|
|
hashedPasswordFile = ./mailpass/admin;
|
|
|
|
};
|
|
|
|
"grimmauld@${domain}" = {
|
|
|
|
hashedPasswordFile = ./mailpass/grimmauld;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
|
|
|
|
# down nginx and opens port 80.
|
|
|
|
certificateScheme = "manual";
|
|
|
|
certificateFile = "/var/lib/acme/${domain}/fullchain.pem";
|
|
|
|
keyFile = "/var/lib/acme/${domain}/key.pem";
|
|
|
|
};
|
|
|
|
}
|