{pkgs, outputs, ...}: rec { # Mail server mailserver = rec { enable = true; enableManageSieve = true; domains = [ "${outputs.secrets.jimDomain}" ]; fqdn = "mx.${outputs.secrets.jimDomain}"; certificateScheme = "acme-nginx"; localDnsResolver = false; redis.port = 1515; # Dmarc info dmarcReporting = { enable = true; domain = "${outputs.secrets.jimDomain}"; localpart = "noreply"; organizationName = "Jimbo's Files"; }; # A list of accounts, passwords generated with nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' loginAccounts = { "noreply@${outputs.secrets.jimDomain}" = { hashedPasswordFile = pkgs.writeText "noreply" outputs.secrets.noreplyMailHash; sendOnly = true; }; "jimbo@${outputs.secrets.jimDomain}" = { hashedPasswordFile = pkgs.writeText "jimbo" outputs.secrets.jimboMailHash; aliases = [ "canada@${outputs.secrets.jimDomain}" "contact@${outputs.secrets.jimDomain}" ]; }; "lunamoonlight@${outputs.secrets.jimDomain}" = { hashedPasswordFile = pkgs.writeText "luna" outputs.secrets.lunaMailHash; aliases = [ "us@${outputs.secrets.jimDomain}" "contact@${outputs.secrets.jimDomain}" ]; }; "freecorn1854@${outputs.secrets.jimDomain}" = { hashedPasswordFile = pkgs.writeText "freecorn" outputs.secrets.freecornMailHash; aliases = [ "canada@${outputs.secrets.jimDomain}" "contact@${outputs.secrets.jimDomain}" ]; }; "tinyattack09@${outputs.secrets.jimDomain}" = { hashedPasswordFile = pkgs.writeText "tiny" outputs.secrets.tinyMailHash; }; }; }; # Related services services = { # Roundcube mail server roundcube = { enable = true; hostName = "mail.${outputs.secrets.jimDomain}"; extraConfig = '' $config['smtp_server'] = "tls://${mailserver.fqdn}"; $config['smtp_user'] = "%u"; $config['smtp_pass'] = "%p"; ''; }; # Force the mailserver to use a different redis port redis.servers.rspamd.port = 1515; # The hostname mail ports use nginx.virtualHosts."mx.${outputs.secrets.jimDomain}" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:1390"; proxyWebsockets = true; }; }; }; }