about summary refs log tree commit diff
path: root/nixosConfigurations/manwe/mailserver
diff options
context:
space:
mode:
Diffstat (limited to 'nixosConfigurations/manwe/mailserver')
-rw-r--r--nixosConfigurations/manwe/mailserver/default.nix113
1 files changed, 0 insertions, 113 deletions
diff --git a/nixosConfigurations/manwe/mailserver/default.nix b/nixosConfigurations/manwe/mailserver/default.nix
deleted file mode 100644
index cc8b41d..0000000
--- a/nixosConfigurations/manwe/mailserver/default.nix
+++ /dev/null
@@ -1,113 +0,0 @@
-{
-  config,
-  inputs,
-  lib,
-  ...
-}:
-with lib;
-{
-  imports = [ inputs.mailserver.nixosModule ] ++ attrValues (modulesIn ./.);
-
-  ark.directories = with config.mailserver; [
-    "/var/lib/dovecot"
-    "/var/lib/postfix"
-    config.security.dhparams.params.dovecot2.path
-    dkimKeyDirectory
-    mailDirectory
-    sieveDirectory
-  ];
-
-  secrets = with config.mailserver; {
-    dkim-key-azahi-cc = {
-      file = "${inputs.self}/secrets/dkim-key-azahi-cc";
-      path = "${dkimKeyDirectory}/${my.domain.azahi}.${dkimSelector}.key";
-      owner = config.services.opendkim.user;
-      inherit (config.services.opendkim) group;
-    };
-    dkim-key-rohan-net = {
-      file = "${inputs.self}/secrets/dkim-key-rohan-net";
-      path = "${dkimKeyDirectory}/${my.domain.rohan}.${dkimSelector}.key";
-      owner = config.services.opendkim.user;
-      inherit (config.services.opendkim) group;
-    };
-    dkim-key-gondor-net = {
-      file = "${inputs.self}/secrets/dkim-key-gondor-net";
-      path = "${dkimKeyDirectory}/${my.domain.gondor}.${dkimSelector}.key";
-      owner = config.services.opendkim.user;
-      inherit (config.services.opendkim) group;
-    };
-    dkim-key-shire-net = {
-      file = "${inputs.self}/secrets/dkim-key-shire-net";
-      path = "${dkimKeyDirectory}/${my.domain.shire}.${dkimSelector}.key";
-      owner = config.services.opendkim.user;
-      inherit (config.services.opendkim) group;
-    };
-  };
-
-  nixfiles.modules = {
-    acme.enable = true;
-    redis.enable = true;
-  };
-
-  mailserver =
-    let
-      cert = config.certs.${my.domain.shire};
-    in
-    {
-      enable = true;
-
-      # Disable potentially insecure[1] STARTTLS connections. SSL-only connections
-      # are still enabled by default.
-      #
-      # [1]: https://www.rfc-editor.org/rfc/rfc3207#section-6
-      enableImap = false;
-      enablePop3 = false;
-      enableSubmission = false;
-
-      fqdn = config.networking.domain;
-      domains = with my.domain; [
-        azahi
-        gondor
-        rohan
-        shire
-      ];
-
-      localDnsResolver = false;
-
-      certificateScheme = "manual";
-      certificateFile = "${cert.directory}/fullchain.pem";
-      keyFile = "${cert.directory}/key.pem";
-
-      lmtpSaveToDetailMailbox = "no";
-
-      redis = with config.services.redis.servers.default; {
-        address = bind;
-        inherit port;
-        password = requirePass;
-      };
-    };
-
-  services = {
-    fail2ban.jails = {
-      dovecot = {
-        enabled = true;
-        settings.mode = "aggressive";
-      };
-      postfix = {
-        enabled = true;
-        settings.mode = "aggressive";
-      };
-    };
-
-    # https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/275#note_1746383655
-    dovecot2.sieve.extensions = [ "fileinto" ];
-
-    # https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/241
-    redis.servers.rspamd.enable = mkForce false;
-  };
-
-  systemd.services.rspamd = {
-    requires = mkForce [ "redis-default.service" ];
-    after = mkForce [ "redis-default.service" ];
-  };
-}

Consider giving Nix/NixOS a try! <3