blob: 83713f93ec414acf63ef50d962d7594e7e7f3f50 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
{
config,
inputs,
lib,
...
}:
with lib; {
imports = [inputs.simple-nixos-mailserver.nixosModule];
config = {
secrets = {
dkim-key-azahi-cc = {
file = "${inputs.self}/secrets/dkim-key-azahi-cc";
path = "/var/dkim/${my.domain.azahi}.${config.mailserver.dkimSelector}.key";
owner = "opendkim";
group = "opendkim";
};
dkim-key-rohan-net = {
file = "${inputs.self}/secrets/dkim-key-rohan-net";
path = "/var/dkim/${my.domain.rohan}.${config.mailserver.dkimSelector}.key";
owner = "opendkim";
group = "opendkim";
};
dkim-key-gondor-net = {
file = "${inputs.self}/secrets/dkim-key-gondor-net";
path = "/var/dkim/${my.domain.gondor}.${config.mailserver.dkimSelector}.key";
owner = "opendkim";
group = "opendkim";
};
dkim-key-shire-me = {
file = "${inputs.self}/secrets/dkim-key-shire-me";
path = "/var/dkim/${my.domain.shire}.${config.mailserver.dkimSelector}.key";
owner = "opendkim";
group = "opendkim";
};
};
nixfiles.modules.acme.enable = true;
mailserver = let
cert = config.certs.${my.domain.shire};
in {
enable = true;
fqdn = config.networking.domain;
domains = with my.domain; [azahi gondor rohan shire];
localDnsResolver = false;
certificateScheme = 1;
certificateFile = "${cert.directory}/fullchain.pem";
keyFile = "${cert.directory}/key.pem";
lmtpSaveToDetailMailbox = "no";
loginAccounts = with my.domain; {
"azahi@${shire}" = {
hashedPassword = "@HASHED_PASSWORD@";
aliases = [
"@${azahi}"
"@${rohan}"
"@${gondor}"
"abuse@${shire}"
"admin@${shire}"
"ceo@${shire}"
"postmaster@${shire}"
];
};
"samwise@${shire}" = {
hashedPassword = "@HASHED_PASSWORD@";
aliases = ["chad@${shire}"];
quota = "1G";
};
"pippin@${shire}" = {
hashedPassword = "@HASHED_PASSWORD@";
quota = "1G";
};
"meriadoc@${shire}" = {
hashedPassword = "@HASHED_PASSWORD@";
quota = "1G";
};
};
};
services.fail2ban.jails = {
dovecot = ''
enabled = true
mode = aggressive
'';
postfix = ''
enabled = true
mode = aggressive
'';
};
};
}
|
