diff options
| author | Azat Bahawi <azat@bahawi.net> | 2023-09-20 15:26:47 +0300 |
|---|---|---|
| committer | Azat Bahawi <azat@bahawi.net> | 2023-09-20 15:26:47 +0300 |
| commit | 837fc97b30a41d766dd53a2370f6cb1d26364f9a (patch) | |
| tree | 63ae83af789930c9a2035b9f9e43fbee166ab27b /nixosConfigurations/manwe/mailserver.nix | |
| parent | 59858431bc7b80d4114056ea95099066be6e4643 (diff) | |
2023-09-20
Diffstat (limited to 'nixosConfigurations/manwe/mailserver.nix')
| -rw-r--r-- | nixosConfigurations/manwe/mailserver.nix | 112 |
1 files changed, 0 insertions, 112 deletions
diff --git a/nixosConfigurations/manwe/mailserver.nix b/nixosConfigurations/manwe/mailserver.nix deleted file mode 100644 index 389a9a0..0000000 --- a/nixosConfigurations/manwe/mailserver.nix +++ /dev/null @@ -1,112 +0,0 @@ -{ - config, - inputs, - lib, - ... -}: -with lib; { - imports = [inputs.simple-nixos-mailserver.nixosModule]; - - ark.directories = with config.mailserver; [ - "/var/lib/dovecot" - "/var/lib/postfix" - config.security.dhparams.params.dovecot2.path - dkimKeyDirectory - mailDirectory - sieveDirectory - ]; - - secrets = with config.mailserver; { - dkim-key-azahi-cc = { - file = "${inputs.self}/secrets/dkim-key-azahi-cc"; - path = "${dkimKeyDirectory}/${my.domain.azahi}.${dkimSelector}.key"; - owner = config.services.opendkim.user; - inherit (config.services.opendkim) group; - }; - dkim-key-rohan-net = { - file = "${inputs.self}/secrets/dkim-key-rohan-net"; - path = "${dkimKeyDirectory}/${my.domain.rohan}.${dkimSelector}.key"; - owner = config.services.opendkim.user; - inherit (config.services.opendkim) group; - }; - dkim-key-gondor-net = { - file = "${inputs.self}/secrets/dkim-key-gondor-net"; - path = "${dkimKeyDirectory}/${my.domain.gondor}.${dkimSelector}.key"; - owner = config.services.opendkim.user; - inherit (config.services.opendkim) group; - }; - dkim-key-shire-net = { - file = "${inputs.self}/secrets/dkim-key-shire-net"; - path = "${dkimKeyDirectory}/${my.domain.shire}.${dkimSelector}.key"; - owner = config.services.opendkim.user; - inherit (config.services.opendkim) group; - }; - }; - - nixfiles.modules = { - acme.enable = true; - redis.enable = true; - }; - - mailserver = let - cert = config.certs.${my.domain.shire}; - in { - enable = true; - - fqdn = config.networking.domain; - domains = with my.domain; [azahi gondor rohan shire]; - - localDnsResolver = false; - - certificateScheme = "manual"; - certificateFile = "${cert.directory}/fullchain.pem"; - keyFile = "${cert.directory}/key.pem"; - - lmtpSaveToDetailMailbox = "no"; - - redis = with config.services.redis.servers.default; { - address = bind; - inherit port; - password = requirePass; - }; - - loginAccounts = with my.domain; { - "azahi@${shire}" = { - hashedPassword = "@HASHED_PASSWORD@"; - aliases = [ - "@${azahi}" - "@${rohan}" - "@${gondor}" - "abuse@${shire}" - "admin@${shire}" - "ceo@${shire}" - "postmaster@${shire}" - "root@${shire}" - ]; - }; - "samwise@${shire}" = { - hashedPassword = "@HASHED_PASSWORD@"; - aliases = ["chad@${shire}"]; - quota = "1G"; - }; - }; - }; - - # https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/241 - services.redis.servers.rspamd.enable = mkForce false; - systemd.services.rspamd = { - requires = mkForce ["redis-default.service"]; - after = mkForce ["redis-default.service"]; - }; - - services.fail2ban.jails = { - dovecot = { - enabled = true; - settings.mode = "aggressive"; - }; - postfix = { - enabled = true; - settings.mode = "aggressive"; - }; - }; -} |