dotfiles/system/hosts/server/mailserver.nix

61 lines
1.7 KiB
Nix
Raw Permalink Normal View History

2023-05-17 06:29:03 +07:00
{ config
, pkgs
2023-12-18 08:48:49 +07:00
, inputs
2023-05-17 06:29:03 +07:00
, ... }:
let
cfg = config.server;
in {
2023-12-18 08:48:49 +07:00
imports = [ inputs.nixos-mailserver.nixosModules.default ];
2023-05-17 06:29:03 +07:00
impermanence.directories = [
{ directory = config.mailserver.dkimKeyDirectory; user = "opendkim"; group = "opendkim"; mode = "0755"; }
{ directory = config.mailserver.mailDirectory; user = "virtualMail"; group = "virtualMail"; mode = "0700"; }
];
# roundcube
# TODO: fix sending mail via roundcube
services.nginx.virtualHosts."mail.${cfg.domainName}" = {
quic = true;
2023-05-17 06:29:03 +07:00
enableACME = true;
forceSSL = true;
2023-05-17 06:29:03 +07:00
};
services.roundcube = {
enable = true;
package = pkgs.roundcube.withPlugins (plugins: [ plugins.persistent_login ]);
dicts = with pkgs.aspellDicts; [ en ru ];
hostName = "mail.${cfg.domainName}";
maxAttachmentSize = 100;
plugins = [ "persistent_login" ];
};
mailserver = {
enable = true;
fqdn = "mail.${cfg.domainName}";
domains = [ cfg.domainName ];
certificateScheme = "acme";
2023-05-26 01:42:55 +07:00
# actually this just means don't run kresd, unbound is used as the local dns resolver instead
2023-05-17 06:29:03 +07:00
localDnsResolver = false;
recipientDelimiter = "-";
lmtpSaveToDetailMailbox = "no";
hierarchySeparator = "/";
};
# Only allow local connections to noreply account
mailserver.loginAccounts."noreply@${cfg.domainName}" = {
# password is set in private.nix
hashedPassword = cfg.hashedNoreplyPassword;
sendOnly = true;
};
services.dovecot2.extraConfig =
let
passwd = builtins.toFile "dovecot2-local-passwd" ''
noreply@${cfg.domainName}:{plain}${cfg.unhashedNoreplyPassword}::::::allow_nets=local,127.0.0.0/8,::1
'';
in ''
passdb {
driver = passwd-file
args = ${passwd}
}
'';
}