60 lines
1.2 KiB
Nix
60 lines
1.2 KiB
Nix
{
|
|
lib,
|
|
config,
|
|
inputs,
|
|
common,
|
|
systemConfig,
|
|
...
|
|
}:
|
|
let
|
|
cfg = config.mailserver;
|
|
passwordHashKey = "mailserver/password-hash";
|
|
in
|
|
{
|
|
imports = [
|
|
inputs.simple-nixos-mailserver.nixosModule
|
|
];
|
|
|
|
mailserver = {
|
|
enable = true;
|
|
# stateVersion = 1; TODO uncomment on 25.11
|
|
fqdn = "mail.${common.domain}";
|
|
domains = [
|
|
common.domain
|
|
];
|
|
|
|
# A list of all login accounts. To create the password hashes, use
|
|
# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
|
|
loginAccounts = {
|
|
"${systemConfig.username}@${common.domain}" = {
|
|
hashedPasswordFile = config.sops.secrets.${passwordHashKey}.path;
|
|
};
|
|
};
|
|
|
|
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
|
|
# down nginx and opens port 80.
|
|
certificateScheme = "acme-nginx";
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
25
|
|
465
|
|
587
|
|
];
|
|
|
|
services.nginx.virtualHosts.${cfg.fqdn}.listen = lib.mkForce [
|
|
{
|
|
addr = "127.0.0.1";
|
|
port = 8003;
|
|
ssl = false;
|
|
}
|
|
{
|
|
addr = "192.168.10.188";
|
|
port = 8003;
|
|
ssl = false;
|
|
}
|
|
];
|
|
|
|
sops.secrets.${passwordHashKey}.neededForUsers = true;
|
|
}
|