NixOS-Config/system/server/mailserver.nix

69 lines
2.1 KiB
Nix
Raw Normal View History

{pkgs, outputs, ...}: rec {
2024-08-24 22:16:51 -04:00
# Mail server
mailserver = rec {
enable = true;
2024-09-18 13:49:57 -04:00
openFirewall = false;
domains = [ "${outputs.secrets.jimDomain}" ];
fqdn = "mx.${outputs.secrets.jimDomain}";
2024-08-24 22:16:51 -04:00
certificateScheme = "acme-nginx";
localDnsResolver = false;
redis.port = 1515;
# Dmarc info
dmarcReporting = {
enable = true;
domain = "${outputs.secrets.jimDomain}";
localpart = "noreply";
organizationName = "Jimbo's Files";
};
2024-08-24 22:16:51 -04:00
# A list of accounts, passwords generated with nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
loginAccounts = {
"noreply@${outputs.secrets.jimDomain}" = {
hashedPasswordFile = pkgs.writeText "noreply" outputs.secrets.noreplyMailHash;
2024-08-24 22:16:51 -04:00
sendOnly = true;
};
"jimbo@${outputs.secrets.jimDomain}" = {
hashedPasswordFile = pkgs.writeText "jimbo" outputs.secrets.jimboMailHash;
2024-09-18 13:49:57 -04:00
aliases = [ "james@${outputs.secrets.jimDomain}" "contact@${outputs.secrets.jimDomain}" ];
2024-08-24 22:16:51 -04:00
};
"lunamoonlight@${outputs.secrets.jimDomain}" = {
hashedPasswordFile = pkgs.writeText "luna" outputs.secrets.lunaMailHash;
2024-08-24 22:16:51 -04:00
};
"freecorn1854@${outputs.secrets.jimDomain}" = {
hashedPasswordFile = pkgs.writeText "freecorn" outputs.secrets.freecornMailHash;
2024-08-24 22:16:51 -04:00
};
"tinyattack09@${outputs.secrets.jimDomain}" = {
hashedPasswordFile = pkgs.writeText "tiny" outputs.secrets.tinyMailHash;
2024-08-24 22:16:51 -04:00
};
};
};
# Related services
services = {
# Roundcube mail server
roundcube = {
enable = true;
hostName = "mail.${outputs.secrets.jimDomain}";
2024-08-24 22:16:51 -04:00
extraConfig = ''
$config['smtp_server'] = "tls://${mailserver.fqdn}";
$config['smtp_user'] = "%u";
$config['smtp_pass'] = "%p";
'';
};
# Force the mailserver to use a different redis port
redis.servers.rspamd.port = 1515;
# The hostname mail ports use
nginx.virtualHosts."mx.${outputs.secrets.jimDomain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:1390";
proxyWebsockets = true;
};
};
2024-08-24 22:16:51 -04:00
};
}