84 lines
2.3 KiB
Nix
84 lines
2.3 KiB
Nix
nixos-unstable: { config, ... }:
|
|
let
|
|
#certs = import "${nixos-unstable.path}/nixos/tests/common/acme/server/snakeoil-certs.nix";
|
|
#domain = certs.domain;
|
|
domain = config.services.userdata.domain;
|
|
in
|
|
{
|
|
networking.firewall.allowedTCPPorts = [ 143 587 ];
|
|
|
|
#security.pki.certificateFiles = [ certs.ca.cert ];
|
|
|
|
services.stalwart-mail.enable = true;
|
|
services.stalwart-mail.package = nixos-unstable.stalwart-mail;
|
|
services.stalwart-mail.settings = {
|
|
server.hostname = domain;
|
|
|
|
certificate."meow" = {
|
|
#cert = "file://${certs.${domain}.cert}";
|
|
#private-key = "file://${certs.${domain}.key}";
|
|
cert = "file:///var/lib/acme/${domain}/fullchain.pem";
|
|
private-key = "file:///var/lib/acme/${domain}/key.pem";
|
|
};
|
|
|
|
server.tls = {
|
|
certificate = "meow";
|
|
enable = true;
|
|
implicit = false;
|
|
};
|
|
|
|
server.listener = {
|
|
"smtp-submission" = {
|
|
bind = [ "0.0.0.0:587" ];
|
|
protocol = "smtp";
|
|
};
|
|
|
|
"imap" = {
|
|
bind = [ "0.0.0.0:143" ];
|
|
protocol = "imap";
|
|
};
|
|
};
|
|
session.auth.mechanisms = [ "PLAIN" ];
|
|
session.auth.directory = "in-memory";
|
|
jmap.directory = "in-memory"; # shared with imap
|
|
|
|
session.rcpt.directory = "in-memory";
|
|
queue.outbound.next-hop = [ "local" ];
|
|
|
|
directory."in-memory" = {
|
|
type = "memory";
|
|
users = [
|
|
{
|
|
name = "alice";
|
|
secret = "BAAfdWJ2";
|
|
email = [ "alice@${domain}" ];
|
|
}
|
|
{
|
|
name = "bob";
|
|
secret = "6eeuHZS3";
|
|
email = [ "bob@${domain}" ];
|
|
}
|
|
];
|
|
};
|
|
|
|
#auth.dkim = {
|
|
# #sign = [ { if = "listener"; ne = "smtp"; then = ["rsa"]; }
|
|
# # { else = ["rsa"]; } ];
|
|
# sign = [ "rsa" ];
|
|
#};
|
|
#signature."rsa" = {
|
|
# private-key = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4xFGe+tfbZbYTvDPTnoTGiV8NUOY1747fBK04X0VriBN/taRbiqyL/rzczErCKBL+R2Hr6A3ptS+zDWN/7L/PJw3QWhB5M5YWQTdMKYLXwmQlldGmp107iKzVpg2m3Qv4ipXgrzkSDLbt/snf77sCPOGZNp2SJ5DOzyKETOq0RwIDAQAB";
|
|
# domain = "${domain}";
|
|
# selector = "rsa_default";
|
|
# headers = ["From" "To" "Date" "Subject" "Message-ID"];
|
|
# algorithm = "rsa-sha256";
|
|
# canonicalization = "relaxed/relaxed";
|
|
# expire = "10d";
|
|
# set-body-length = false;
|
|
# report = true;
|
|
#};
|
|
|
|
};
|
|
}
|
|
|