alexoundos
/
selfprivacy-nixos-config
forked from SelfPrivacy/selfprivacy-nixos-config
1
0
Fork 0
Code Pull Requests Activity
selfprivacy-nixos-config/stalwart.nix

84 lines
2.3 KiB
Nix
Raw Blame History

nixos-unstable: { config, ... }:
let
#certs = import "${nixos-unstable.path}/nixos/tests/common/acme/server/snakeoil-certs.nix";
#domain = certs.domain;
domain = config.services.userdata.domain;
in
{
networking.firewall.allowedTCPPorts = [ 143 587 ];
#security.pki.certificateFiles = [ certs.ca.cert ];
services.stalwart-mail.enable = true;
services.stalwart-mail.package = nixos-unstable.stalwart-mail;
services.stalwart-mail.settings = {
server.hostname = domain;
certificate."meow" = {
#cert = "file://${certs.${domain}.cert}";
#private-key = "file://${certs.${domain}.key}";
cert = "file:///var/lib/acme/${domain}/fullchain.pem";
private-key = "file:///var/lib/acme/${domain}/key.pem";
};
server.tls = {
certificate = "meow";
enable = true;
implicit = false;
};
server.listener = {
"smtp-submission" = {
bind = [ "0.0.0.0:587" ];
protocol = "smtp";
};
"imap" = {
bind = [ "0.0.0.0:143" ];
protocol = "imap";
};
};
session.auth.mechanisms = [ "PLAIN" ];
session.auth.directory = "in-memory";
jmap.directory = "in-memory"; # shared with imap
session.rcpt.directory = "in-memory";
queue.outbound.next-hop = [ "local" ];
directory."in-memory" = {
type = "memory";
users = [
{
name = "alice";
secret = "BAAfdWJ2";
email = [ "alice@${domain}" ];
}
{
name = "bob";
secret = "6eeuHZS3";
email = [ "bob@${domain}" ];
}
];
};
#auth.dkim = {
# #sign = [ { if = "listener"; ne = "smtp"; then = ["rsa"]; }
# # { else = ["rsa"]; } ];
# sign = [ "rsa" ];
#};
#signature."rsa" = {
# private-key = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4xFGe+tfbZbYTvDPTnoTGiV8NUOY1747fBK04X0VriBN/taRbiqyL/rzczErCKBL+R2Hr6A3ptS+zDWN/7L/PJw3QWhB5M5YWQTdMKYLXwmQlldGmp107iKzVpg2m3Qv4ipXgrzkSDLbt/snf77sCPOGZNp2SJ5DOzyKETOq0RwIDAQAB";
# domain = "${domain}";
# selector = "rsa_default";
# headers = ["From" "To" "Date" "Subject" "Message-ID"];
# algorithm = "rsa-sha256";
# canonicalization = "relaxed/relaxed";
# expire = "10d";
# set-body-length = false;
# report = true;
#};
};
}
View Git Blame Copy Permalink