forked from SelfPrivacy/selfprivacy-nixos-config
80 lines
2.0 KiB
Nix
80 lines
2.0 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
let
|
|
sp = config.selfprivacy;
|
|
in
|
|
lib.mkIf sp.modules.simple-nixos-mailserver.enable {
|
|
fileSystems = lib.mkIf sp.useBinds {
|
|
"/var/vmail" = {
|
|
device = "/volumes/${sp.modules.simple-nixos-mailserver.location}/vmail";
|
|
options = [ "bind" "x-systemd.required-by=postfix.service" "x-systemd.before=postfix.service" ];
|
|
};
|
|
"/var/sieve" = {
|
|
device = "/volumes/${sp.modules.simple-nixos-mailserver.location}/sieve";
|
|
options = [ "bind" "x-systemd.required-by=dovecot2.service" "x-systemd.before=dovecot2.service" ];
|
|
};
|
|
};
|
|
|
|
users.users = {
|
|
virtualMail = {
|
|
isNormalUser = false;
|
|
};
|
|
};
|
|
|
|
users.groups.acmereceivers.members = [ "dovecot2" "postfix" "virtualMail" ];
|
|
|
|
mailserver = {
|
|
enable = true;
|
|
fqdn = sp.domain;
|
|
domains = [ sp.domain ];
|
|
localDnsResolver = false;
|
|
|
|
loginAccounts = {
|
|
"${sp.username}@${sp.domain}" = {
|
|
hashedPassword = sp.hashedMasterPassword;
|
|
sieveScript = ''
|
|
require ["fileinto", "mailbox"];
|
|
if header :contains "Chat-Version" "1.0" {
|
|
fileinto :create "DeltaChat";
|
|
stop;
|
|
}
|
|
'';
|
|
};
|
|
};
|
|
|
|
extraVirtualAliases = {
|
|
"admin@${sp.domain}" = "${sp.username}@${sp.domain}";
|
|
};
|
|
|
|
certificateScheme = "acme";
|
|
|
|
enableImap = true;
|
|
enableImapSsl = true;
|
|
enablePop3 = false;
|
|
enablePop3Ssl = false;
|
|
dkimSelector = "selector";
|
|
|
|
enableManageSieve = true;
|
|
|
|
virusScanning = false;
|
|
};
|
|
|
|
services.roundcube = {
|
|
enable = true;
|
|
# this is the url of the vhost, not necessarily the same as the fqdn of
|
|
# the mailserver
|
|
hostName = "cube.bloodwine.cyou";
|
|
# extraConfig = ''
|
|
# starttls needed for authentication, so the fqdn required to match
|
|
# the certificate
|
|
# $config['smtp_server'] = "tls://${config.mailserver.fqdn}";
|
|
# $config['smtp_user'] = "%u";
|
|
# $config['smtp_pass'] = "%p";
|
|
# '';
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
}
|