nixfiles/hosts/hetzner-vm/containers/mail/profiles/mailserver.nix

87 lines
2 KiB
Nix
Raw Normal View History

{
pkgs,
2023-09-18 03:56:58 +01:00
hostSecrets,
...
}: let
2023-09-18 03:56:58 +01:00
secrets = hostSecrets;
2023-08-09 15:11:04 +01:00
in {
services.mailserver = {
2023-08-09 15:11:04 +01:00
enable = true;
fqdn = "mail.owo.monster";
domains = ["owo.monster"];
2023-09-18 03:56:58 +01:00
debugMode = true;
2023-08-09 15:11:04 +01:00
2023-09-18 03:56:58 +01:00
sslConfig = {
2023-08-09 15:11:04 +01:00
useACME = false;
cert = "/var/lib/acme/mail.owo.monster/fullchain.pem";
key = "/var/lib/acme/mail.owo.monster/key.pem";
};
2023-09-18 03:56:58 +01:00
rspamd.enable = true;
spf.enable = false;
2023-08-09 15:11:04 +01:00
accounts = {
"chaos@owo.monster" = {
2023-09-18 03:56:58 +01:00
passwordHashFile = "${secrets.chaos_mail_passwd.path}";
2023-08-09 15:11:04 +01:00
aliases = [
"all@owo.monster"
"chaoticryptidz@owo.monster"
];
};
"system@owo.monster" = {
2023-09-18 03:56:58 +01:00
passwordHashFile = "${secrets.system_mail_passwd.path}";
2023-08-09 15:11:04 +01:00
};
2023-09-02 18:17:03 +01:00
"gotosocial@owo.monster" = {
2023-09-18 03:56:58 +01:00
passwordHashFile = "${secrets.gotosocial_mail_passwd.path}";
2023-09-02 18:17:03 +01:00
};
2023-08-09 15:11:04 +01:00
};
2023-09-18 03:56:58 +01:00
extraAliasesFile = "${secrets.private_mail_aliases.path}";
roundcube = {
enable = true;
package = pkgs.roundcube.withPlugins (_plugins:
with pkgs.roundcubePlugins; [
persistent_login
]);
plugins = ["persistent_login"];
# running in container, passing socket to host
forceSSL = false;
enableACME = false;
extraConfig = ''
$config['session_lifetime'] = (60 * 24 * 7 * 2); # 2 Weeks
$config['product_name'] = 'Chaos Mail';
$config['username_domain'] = "owo.monster";
$config['username_domain_forced'] = true;
$config['log_driver'] = 'syslog';
$config['smtp_debug'] = true;
'';
};
2023-08-09 15:11:04 +01:00
};
systemd.tmpfiles.rules = [
2023-08-09 15:11:04 +01:00
"d /var/sockets - nginx nginx"
];
systemd.services.nginx.serviceConfig.ReadWritePaths = [
2023-08-09 15:11:04 +01:00
"/var/sockets"
];
services.nginx.virtualHosts."mail.owo.monster" = {
2023-09-18 03:56:58 +01:00
# running in privateNetwork
# required so nginx doesn't try listening on port 80
2023-08-09 20:53:22 +01:00
listen = [
{
addr = "127.0.0.1";
port = 8089;
}
];
2023-08-09 15:11:04 +01:00
extraConfig = "listen unix:/var/sockets/roundcube.sock;";
};
}