def
/
selfprivacy-nixos-config
forked from SelfPrivacy/selfprivacy-nixos-config
1
0
Fork 0
Code Pull Requests Activity
selfprivacy-nixos-config/sp-modules/simple-nixos-mailserver/config.nix

80 lines
2.0 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
let
sp = config.selfprivacy;
in
lib.mkIf sp.modules.simple-nixos-mailserver.enable {
fileSystems = lib.mkIf sp.useBinds {
"/var/vmail" = {
device = "/volumes/${sp.modules.simple-nixos-mailserver.location}/vmail";
options = [ "bind" "x-systemd.required-by=postfix.service" "x-systemd.before=postfix.service" ];
};
"/var/sieve" = {
device = "/volumes/${sp.modules.simple-nixos-mailserver.location}/sieve";
options = [ "bind" "x-systemd.required-by=dovecot2.service" "x-systemd.before=dovecot2.service" ];
};
};
users.users = {
virtualMail = {
isNormalUser = false;
};
};
users.groups.acmereceivers.members = [ "dovecot2" "postfix" "virtualMail" ];
mailserver = {
enable = true;
fqdn = sp.domain;
domains = [ sp.domain ];
localDnsResolver = false;
loginAccounts = {
"${sp.username}@${sp.domain}" = {
hashedPassword = sp.hashedMasterPassword;
sieveScript = ''
require ["fileinto", "mailbox"];
if header :contains "Chat-Version" "1.0" {
fileinto :create "DeltaChat";
stop;
}
'';
};
};
extraVirtualAliases = {
"admin@${sp.domain}" = "${sp.username}@${sp.domain}";
};
certificateScheme = "acme";
enableImap = true;
enableImapSsl = true;
enablePop3 = false;
enablePop3Ssl = false;
dkimSelector = "selector";
enableManageSieve = true;
virusScanning = false;
};
services.roundcube = {
enable = true;
# this is the url of the vhost, not necessarily the same as the fqdn of
# the mailserver
hostName = "cube.bloodwine.cyou";
# extraConfig = ''
# starttls needed for authentication, so the fqdn required to match
# the certificate
# $config['smtp_server'] = "tls://${config.mailserver.fqdn}";
# $config['smtp_user'] = "%u";
# $config['smtp_pass'] = "%p";
# '';
services.nginx = {
enable = true;
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
}
View Git Blame Copy Permalink