moritz/clan
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
clan/machines/moritz-server/mail-server.nix

73 lines
2.1 KiB
Nix
Raw Blame History

{
inputs,
pkgs,
config,
...
}: {
imports = [
inputs.nixos-mailserver.nixosModules.default
./reverse-proxy.nix
];
mailserver = {
enable = true;
fqdn = "mail.moritz.foo";
domains = ["moritz.foo"];
fullTextSearch = {
enable = true;
# index new email as they arrive
autoIndex = true;
enforced = "body";
memoryLimit = 500; # in MiB
};
loginAccounts = {
"main@moritz.foo" = {
hashedPasswordFile = config.clan.core.vars.generators.mail-server.files.main-password-hash.path;
aliases = ["@moritz.foo"];
};
};
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
# down nginx and opens port 80.
certificateScheme = "acme";
acmeCertificateName = "any.moritz.foo";
};
clan.core.vars.generators.mail-server = {
prompts.main-password.type = "hidden";
prompts.main-password.persist = true;
prompts.main-password.description = "You can autogenerate a password, if you leave this prompt blank.";
files.main-password.deploy = false;
files.main-password-hash = {};
runtimeInputs = [
pkgs.coreutils
pkgs.xkcdpass
pkgs.mkpasswd
];
script = ''
prompt_value=$(cat "$prompts"/main-password)
if [[ -n "''${prompt_value-}" ]]; then
echo "$prompt_value" | tr -d "\n" > "$out"/main-password
else
xkcdpass --numwords 3 --delimiter - --count 1 | tr -d "\n" > "$out"/main-password
fi
mkpasswd -s -m sha-512 < "$out"/main-password | tr -d "\n" > "$out"/main-password-hash
'';
};
services.roundcube = {
enable = true;
hostName = "webmail.moritz.foo";
extraConfig = ''
# starttls needed for authentication, so the fqdn required to match
# the certificate
$config['smtp_host'] = "tls://${config.mailserver.fqdn}";
$config['smtp_user'] = "%u";
$config['smtp_pass'] = "%p";
'';
};
services.nginx.virtualHosts."webmail.moritz.foo".enableACME = false;
services.nginx.virtualHosts."webmail.moritz.foo".useACMEHost = "any.moritz.foo";
}
Reference in a new issue View git blame Copy permalink