62 lines
1.5 KiB
Nix
62 lines
1.5 KiB
Nix
|
{host_secrets, ...}: let
|
||
|
secrets = host_secrets;
|
||
|
in {
|
||
|
config.mailserver = {
|
||
|
enable = true;
|
||
|
fqdn = "mail.owo.monster";
|
||
|
domains = ["owo.monster"];
|
||
|
|
||
|
ssl_config = {
|
||
|
useACME = false;
|
||
|
cert = "/var/lib/acme/mail.owo.monster/fullchain.pem";
|
||
|
key = "/var/lib/acme/mail.owo.monster/key.pem";
|
||
|
};
|
||
|
|
||
|
enable_roundcube = true;
|
||
|
force_roundcube_ssl = false;
|
||
|
force_roundcube_acme = false;
|
||
|
|
||
|
debug_mode = true;
|
||
|
|
||
|
extra_roundcube_config = ''
|
||
|
$config['session_lifetime'] = (60 * 24 * 7 * 2); # 2 Weeks
|
||
|
$config['product_name'] = 'Chaos Mail';
|
||
|
$config['username_domain'] = "owo.monster";
|
||
|
$config['username_domain_forced'] = true;
|
||
|
'';
|
||
|
|
||
|
extra_aliases_file = "${secrets.private_mail_aliases.path}";
|
||
|
|
||
|
accounts = {
|
||
|
"chaos@owo.monster" = {
|
||
|
name = "chaos@owo.monster";
|
||
|
passwordFile = "${secrets.chaos_mail_passwd.path}";
|
||
|
aliases = [
|
||
|
"all@owo.monster"
|
||
|
"chaoticryptidz@owo.monster"
|
||
|
];
|
||
|
sieveScript = null;
|
||
|
};
|
||
|
|
||
|
"system@owo.monster" = {
|
||
|
name = "system@owo.monster";
|
||
|
passwordFile = "${secrets.system_mail_passwd.path}";
|
||
|
aliases = [];
|
||
|
sieveScript = null;
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
|
||
|
config.systemd.tmpfiles.rules = [
|
||
|
"d /var/sockets - nginx nginx"
|
||
|
];
|
||
|
|
||
|
config.systemd.services.nginx.serviceConfig.ReadWritePaths = [
|
||
|
"/var/sockets"
|
||
|
];
|
||
|
|
||
|
config.services.nginx.virtualHosts."mail.owo.monster" = {
|
||
|
extraConfig = "listen unix:/var/sockets/roundcube.sock;";
|
||
|
};
|
||
|
}
|