{ config, inputs, lib, ... }: with lib; { imports = [inputs.simple-nixos-mailserver.nixosModule]; secrets = { dkim-key-azahi-cc = { file = "${inputs.self}/secrets/dkim-key-azahi-cc"; path = "/var/dkim/${my.domain.azahi}.${config.mailserver.dkimSelector}.key"; owner = "opendkim"; group = "opendkim"; }; dkim-key-rohan-net = { file = "${inputs.self}/secrets/dkim-key-rohan-net"; path = "/var/dkim/${my.domain.rohan}.${config.mailserver.dkimSelector}.key"; owner = "opendkim"; group = "opendkim"; }; dkim-key-gondor-net = { file = "${inputs.self}/secrets/dkim-key-gondor-net"; path = "/var/dkim/${my.domain.gondor}.${config.mailserver.dkimSelector}.key"; owner = "opendkim"; group = "opendkim"; }; dkim-key-shire-net = { file = "${inputs.self}/secrets/dkim-key-shire-net"; path = "/var/dkim/${my.domain.shire}.${config.mailserver.dkimSelector}.key"; owner = "opendkim"; group = "opendkim"; }; }; nixfiles.modules.acme.enable = true; mailserver = let cert = config.certs.${my.domain.shire}; in { enable = true; fqdn = config.networking.domain; domains = with my.domain; [azahi gondor rohan shire]; localDnsResolver = false; certificateScheme = 1; certificateFile = "${cert.directory}/fullchain.pem"; keyFile = "${cert.directory}/key.pem"; lmtpSaveToDetailMailbox = "no"; loginAccounts = with my.domain; { "azahi@${shire}" = { hashedPassword = "@HASHED_PASSWORD@"; aliases = [ "@${azahi}" "@${rohan}" "@${gondor}" "abuse@${shire}" "admin@${shire}" "ceo@${shire}" "postmaster@${shire}" "root@${shire}" ]; }; "samwise@${shire}" = { hashedPassword = "@HASHED_PASSWORD@"; aliases = ["chad@${shire}"]; quota = "1G"; }; }; }; services.fail2ban.jails = { dovecot = '' enabled = true mode = aggressive ''; postfix = '' enabled = true mode = aggressive ''; }; }