about summary refs log tree commit diff
path: root/nixosConfigurations/manwe/mailserver
diff options
context:
space:
mode:
authorAzat Bahawi <azat@bahawi.net>2024-03-31 21:29:27 +0300
committerAzat Bahawi <azat@bahawi.net>2024-03-31 21:29:27 +0300
commit9a5427e3a0c0ccf2a82dc503149a26b23fbd6004 (patch)
treef28beec29deeea36038615a8fb98a810891940b5 /nixosConfigurations/manwe/mailserver
parent2024-03-19 (diff)
2024-03-31
Diffstat (limited to 'nixosConfigurations/manwe/mailserver')
-rw-r--r--nixosConfigurations/manwe/mailserver/default.nix72
1 files changed, 40 insertions, 32 deletions
diff --git a/nixosConfigurations/manwe/mailserver/default.nix b/nixosConfigurations/manwe/mailserver/default.nix
index 56dabce..822de6f 100644
--- a/nixosConfigurations/manwe/mailserver/default.nix
+++ b/nixosConfigurations/manwe/mailserver/default.nix
@@ -4,8 +4,9 @@
   lib,
   ...
 }:
-with lib; {
-  imports = [inputs.mailserver.nixosModule];
+with lib;
+{
+  imports = [ inputs.mailserver.nixosModule ];
 
   ark.directories = with config.mailserver; [
     "/var/lib/dovecot"
@@ -48,40 +49,47 @@ with lib; {
     redis.enable = true;
   };
 
-  mailserver = let
-    cert = config.certs.${my.domain.shire};
-  in {
-    enable = true;
+  mailserver =
+    let
+      cert = config.certs.${my.domain.shire};
+    in
+    {
+      enable = true;
 
-    # Disable potentially insecure[1] STARTTLS connections. SSL-only connections
-    # are still enabled by default.
-    #
-    # [1]: https://www.rfc-editor.org/rfc/rfc3207#section-6
-    enableImap = false;
-    enablePop3 = false;
-    enableSubmission = false;
+      # Disable potentially insecure[1] STARTTLS connections. SSL-only connections
+      # are still enabled by default.
+      #
+      # [1]: https://www.rfc-editor.org/rfc/rfc3207#section-6
+      enableImap = false;
+      enablePop3 = false;
+      enableSubmission = false;
 
-    fqdn = config.networking.domain;
-    domains = with my.domain; [azahi gondor rohan shire];
+      fqdn = config.networking.domain;
+      domains = with my.domain; [
+        azahi
+        gondor
+        rohan
+        shire
+      ];
 
-    localDnsResolver = false;
+      localDnsResolver = false;
 
-    certificateScheme = "manual";
-    certificateFile = "${cert.directory}/fullchain.pem";
-    keyFile = "${cert.directory}/key.pem";
+      certificateScheme = "manual";
+      certificateFile = "${cert.directory}/fullchain.pem";
+      keyFile = "${cert.directory}/key.pem";
 
-    lmtpSaveToDetailMailbox = "no";
+      lmtpSaveToDetailMailbox = "no";
 
-    redis = with config.services.redis.servers.default; {
-      address = bind;
-      inherit port;
-      password = requirePass;
-    };
+      redis = with config.services.redis.servers.default; {
+        address = bind;
+        inherit port;
+        password = requirePass;
+      };
 
-    # Just a list of accounts with aliases and hasedPasswords. Not necessarily
-    # secret, but kept from prying eyes.
-    loginAccounts = import ./hidden.nix lib;
-  };
+      # Just a list of accounts with aliases and hasedPasswords. Not necessarily
+      # secret, but kept from prying eyes.
+      loginAccounts = import ./hidden.nix lib;
+    };
 
   services = {
     fail2ban.jails = {
@@ -96,14 +104,14 @@ with lib; {
     };
 
     # https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/275#note_1746383655
-    dovecot2.sieve.extensions = ["fileinto"];
+    dovecot2.sieve.extensions = [ "fileinto" ];
 
     # https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/241
     redis.servers.rspamd.enable = mkForce false;
   };
 
   systemd.services.rspamd = {
-    requires = mkForce ["redis-default.service"];
-    after = mkForce ["redis-default.service"];
+    requires = mkForce [ "redis-default.service" ];
+    after = mkForce [ "redis-default.service" ];
   };
 }

Consider giving Nix/NixOS a try! <3