diff options
author | Azat Bahawi <azat@bahawi.net> | 2024-03-31 21:29:27 +0300 |
---|---|---|
committer | Azat Bahawi <azat@bahawi.net> | 2024-03-31 21:29:27 +0300 |
commit | 9a5427e3a0c0ccf2a82dc503149a26b23fbd6004 (patch) | |
tree | f28beec29deeea36038615a8fb98a810891940b5 /nixosConfigurations/manwe/mailserver/default.nix | |
parent | 2024-03-19 (diff) |
2024-03-31
Diffstat (limited to '')
-rw-r--r-- | nixosConfigurations/manwe/mailserver/default.nix | 72 |
1 files changed, 40 insertions, 32 deletions
diff --git a/nixosConfigurations/manwe/mailserver/default.nix b/nixosConfigurations/manwe/mailserver/default.nix index 56dabce..822de6f 100644 --- a/nixosConfigurations/manwe/mailserver/default.nix +++ b/nixosConfigurations/manwe/mailserver/default.nix @@ -4,8 +4,9 @@ lib, ... }: -with lib; { - imports = [inputs.mailserver.nixosModule]; +with lib; +{ + imports = [ inputs.mailserver.nixosModule ]; ark.directories = with config.mailserver; [ "/var/lib/dovecot" @@ -48,40 +49,47 @@ with lib; { redis.enable = true; }; - mailserver = let - cert = config.certs.${my.domain.shire}; - in { - enable = true; + mailserver = + let + cert = config.certs.${my.domain.shire}; + in + { + enable = true; - # Disable potentially insecure[1] STARTTLS connections. SSL-only connections - # are still enabled by default. - # - # [1]: https://www.rfc-editor.org/rfc/rfc3207#section-6 - enableImap = false; - enablePop3 = false; - enableSubmission = false; + # Disable potentially insecure[1] STARTTLS connections. SSL-only connections + # are still enabled by default. + # + # [1]: https://www.rfc-editor.org/rfc/rfc3207#section-6 + enableImap = false; + enablePop3 = false; + enableSubmission = false; - fqdn = config.networking.domain; - domains = with my.domain; [azahi gondor rohan shire]; + fqdn = config.networking.domain; + domains = with my.domain; [ + azahi + gondor + rohan + shire + ]; - localDnsResolver = false; + localDnsResolver = false; - certificateScheme = "manual"; - certificateFile = "${cert.directory}/fullchain.pem"; - keyFile = "${cert.directory}/key.pem"; + certificateScheme = "manual"; + certificateFile = "${cert.directory}/fullchain.pem"; + keyFile = "${cert.directory}/key.pem"; - lmtpSaveToDetailMailbox = "no"; + lmtpSaveToDetailMailbox = "no"; - redis = with config.services.redis.servers.default; { - address = bind; - inherit port; - password = requirePass; - }; + redis = with config.services.redis.servers.default; { + address = bind; + inherit port; + password = requirePass; + }; - # Just a list of accounts with aliases and hasedPasswords. Not necessarily - # secret, but kept from prying eyes. - loginAccounts = import ./hidden.nix lib; - }; + # Just a list of accounts with aliases and hasedPasswords. Not necessarily + # secret, but kept from prying eyes. + loginAccounts = import ./hidden.nix lib; + }; services = { fail2ban.jails = { @@ -96,14 +104,14 @@ with lib; { }; # https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/275#note_1746383655 - dovecot2.sieve.extensions = ["fileinto"]; + dovecot2.sieve.extensions = [ "fileinto" ]; # https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/241 redis.servers.rspamd.enable = mkForce false; }; systemd.services.rspamd = { - requires = mkForce ["redis-default.service"]; - after = mkForce ["redis-default.service"]; + requires = mkForce [ "redis-default.service" ]; + after = mkForce [ "redis-default.service" ]; }; } |