diff options
Diffstat (limited to 'configurations/manwe/mailserver.nix')
| -rw-r--r-- | configurations/manwe/mailserver.nix | 96 |
1 files changed, 96 insertions, 0 deletions
diff --git a/configurations/manwe/mailserver.nix b/configurations/manwe/mailserver.nix new file mode 100644 index 0000000..60a917b --- /dev/null +++ b/configurations/manwe/mailserver.nix @@ -0,0 +1,96 @@ +{ + config, + inputs, + lib, + ... +}: +with lib; { + imports = [inputs.simple-nixos-mailserver.nixosModule]; + + config = { + secrets = { + dkim-key-azahi-cc = { + file = "${inputs.self}/secrets/dkim-key-azahi-cc"; + path = "/var/dkim/${my.domain.azahi}.${config.mailserver.dkimSelector}.key"; + owner = "opendkim"; + group = "opendkim"; + }; + dkim-key-rohan-net = { + file = "${inputs.self}/secrets/dkim-key-rohan-net"; + path = "/var/dkim/${my.domain.rohan}.${config.mailserver.dkimSelector}.key"; + owner = "opendkim"; + group = "opendkim"; + }; + dkim-key-gondor-net = { + file = "${inputs.self}/secrets/dkim-key-gondor-net"; + path = "/var/dkim/${my.domain.gondor}.${config.mailserver.dkimSelector}.key"; + owner = "opendkim"; + group = "opendkim"; + }; + dkim-key-shire-me = { + file = "${inputs.self}/secrets/dkim-key-shire-me"; + path = "/var/dkim/${my.domain.shire}.${config.mailserver.dkimSelector}.key"; + owner = "opendkim"; + group = "opendkim"; + }; + }; + + nixfiles.modules.acme.enable = true; + + mailserver = let + cert = config.certs.${my.domain.shire}; + in { + enable = true; + + fqdn = config.networking.domain; + domains = with my.domain; [azahi gondor rohan shire]; + + localDnsResolver = false; + + certificateScheme = 1; + certificateFile = "${cert.directory}/fullchain.pem"; + keyFile = "${cert.directory}/key.pem"; + + lmtpSaveToDetailMailbox = "no"; + + loginAccounts = with my.domain; { + "azahi@${shire}" = { + hashedPassword = "[REDACTED]"; + aliases = [ + "@${azahi}" + "@${rohan}" + "@${gondor}" + "abuse@${shire}" + "admin@${shire}" + "ceo@${shire}" + "postmaster@${shire}" + ]; + }; + "samwise@${shire}" = { + hashedPassword = "[REDACTED]"; + aliases = ["chad@${shire}"]; + quota = "1G"; + }; + "pippin@${shire}" = { + hashedPassword = "[REDACTED]"; + quota = "1G"; + }; + "meriadoc@${shire}" = { + hashedPassword = "[REDACTED]"; + quota = "1G"; + }; + }; + }; + + services.fail2ban.jails = { + dovecot = '' + enabled = true + mode = aggressive + ''; + postfix = '' + enabled = true + mode = aggressive + ''; + }; + }; +} |