2023-09-08 21:29:08 +01:00
|
|
|
{
|
|
|
|
pkgs,
|
2023-09-18 03:56:58 +01:00
|
|
|
hostSecrets,
|
2023-09-08 21:29:08 +01:00
|
|
|
...
|
|
|
|
}: let
|
2023-09-18 03:56:58 +01:00
|
|
|
secrets = hostSecrets;
|
2023-08-09 15:11:04 +01:00
|
|
|
in {
|
2023-09-08 21:29:08 +01:00
|
|
|
services.mailserver = {
|
2023-08-09 15:11:04 +01:00
|
|
|
enable = true;
|
|
|
|
fqdn = "mail.owo.monster";
|
|
|
|
domains = ["owo.monster"];
|
2023-09-18 03:56:58 +01:00
|
|
|
debugMode = true;
|
2023-08-09 15:11:04 +01:00
|
|
|
|
2023-09-18 03:56:58 +01:00
|
|
|
sslConfig = {
|
2023-08-09 15:11:04 +01:00
|
|
|
useACME = false;
|
|
|
|
cert = "/var/lib/acme/mail.owo.monster/fullchain.pem";
|
|
|
|
key = "/var/lib/acme/mail.owo.monster/key.pem";
|
|
|
|
};
|
|
|
|
|
2023-09-18 03:56:58 +01:00
|
|
|
rspamd.enable = true;
|
|
|
|
spf.enable = false;
|
2023-08-09 15:11:04 +01:00
|
|
|
|
|
|
|
accounts = {
|
|
|
|
"chaos@owo.monster" = {
|
2023-09-18 03:56:58 +01:00
|
|
|
passwordHashFile = "${secrets.chaos_mail_passwd.path}";
|
2023-08-09 15:11:04 +01:00
|
|
|
aliases = [
|
|
|
|
"all@owo.monster"
|
|
|
|
"chaoticryptidz@owo.monster"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
|
|
|
"system@owo.monster" = {
|
2023-09-18 03:56:58 +01:00
|
|
|
passwordHashFile = "${secrets.system_mail_passwd.path}";
|
2023-08-09 15:11:04 +01:00
|
|
|
};
|
2023-09-02 18:17:03 +01:00
|
|
|
|
|
|
|
"gotosocial@owo.monster" = {
|
2023-09-18 03:56:58 +01:00
|
|
|
passwordHashFile = "${secrets.gotosocial_mail_passwd.path}";
|
2023-09-02 18:17:03 +01:00
|
|
|
};
|
2023-08-09 15:11:04 +01:00
|
|
|
};
|
2023-09-18 03:56:58 +01:00
|
|
|
|
|
|
|
extraAliasesFile = "${secrets.private_mail_aliases.path}";
|
|
|
|
|
|
|
|
roundcube = {
|
|
|
|
enable = true;
|
|
|
|
|
|
|
|
package = pkgs.roundcube.withPlugins (_plugins:
|
|
|
|
with pkgs.roundcubePlugins; [
|
|
|
|
persistent_login
|
|
|
|
]);
|
|
|
|
plugins = ["persistent_login"];
|
|
|
|
|
|
|
|
# running in container, passing socket to host
|
|
|
|
forceSSL = false;
|
|
|
|
enableACME = false;
|
|
|
|
|
|
|
|
extraConfig = ''
|
|
|
|
$config['session_lifetime'] = (60 * 24 * 7 * 2); # 2 Weeks
|
|
|
|
$config['product_name'] = 'Chaos Mail';
|
|
|
|
$config['username_domain'] = "owo.monster";
|
|
|
|
$config['username_domain_forced'] = true;
|
|
|
|
$config['log_driver'] = 'syslog';
|
|
|
|
$config['smtp_debug'] = true;
|
|
|
|
'';
|
|
|
|
};
|
2023-08-09 15:11:04 +01:00
|
|
|
};
|
|
|
|
|
2023-09-08 21:29:08 +01:00
|
|
|
systemd.tmpfiles.rules = [
|
2023-08-09 15:11:04 +01:00
|
|
|
"d /var/sockets - nginx nginx"
|
|
|
|
];
|
|
|
|
|
2023-09-08 21:29:08 +01:00
|
|
|
systemd.services.nginx.serviceConfig.ReadWritePaths = [
|
2023-08-09 15:11:04 +01:00
|
|
|
"/var/sockets"
|
|
|
|
];
|
|
|
|
|
2023-09-08 21:29:08 +01:00
|
|
|
services.nginx.virtualHosts."mail.owo.monster" = {
|
2023-09-18 03:56:58 +01:00
|
|
|
# running in privateNetwork
|
|
|
|
# required so nginx doesn't try listening on port 80
|
2023-08-09 20:53:22 +01:00
|
|
|
listen = [
|
|
|
|
{
|
|
|
|
addr = "127.0.0.1";
|
|
|
|
port = 8089;
|
|
|
|
}
|
|
|
|
];
|
2023-08-09 15:11:04 +01:00
|
|
|
extraConfig = "listen unix:/var/sockets/roundcube.sock;";
|
|
|
|
};
|
|
|
|
}
|