2023-05-17 06:29:03 +07:00
|
|
|
{ config
|
|
|
|
, pkgs
|
2023-12-18 08:48:49 +07:00
|
|
|
, inputs
|
2023-05-17 06:29:03 +07:00
|
|
|
, ... }:
|
|
|
|
|
|
|
|
let
|
|
|
|
cfg = config.server;
|
|
|
|
in {
|
2023-12-18 08:48:49 +07:00
|
|
|
imports = [ inputs.nixos-mailserver.nixosModules.default ];
|
|
|
|
|
2023-05-17 06:29:03 +07:00
|
|
|
impermanence.directories = [
|
|
|
|
{ directory = config.mailserver.dkimKeyDirectory; user = "opendkim"; group = "opendkim"; mode = "0755"; }
|
|
|
|
{ directory = config.mailserver.mailDirectory; user = "virtualMail"; group = "virtualMail"; mode = "0700"; }
|
|
|
|
];
|
|
|
|
|
|
|
|
# roundcube
|
|
|
|
# TODO: fix sending mail via roundcube
|
|
|
|
services.nginx.virtualHosts."mail.${cfg.domainName}" = {
|
2023-07-28 09:59:47 +07:00
|
|
|
quic = true;
|
2023-05-17 06:29:03 +07:00
|
|
|
enableACME = true;
|
2023-07-28 09:59:47 +07:00
|
|
|
forceSSL = true;
|
2023-05-17 06:29:03 +07:00
|
|
|
};
|
|
|
|
services.roundcube = {
|
|
|
|
enable = true;
|
|
|
|
package = pkgs.roundcube.withPlugins (plugins: [ plugins.persistent_login ]);
|
|
|
|
dicts = with pkgs.aspellDicts; [ en ru ];
|
|
|
|
hostName = "mail.${cfg.domainName}";
|
|
|
|
maxAttachmentSize = 100;
|
|
|
|
plugins = [ "persistent_login" ];
|
|
|
|
};
|
|
|
|
mailserver = {
|
|
|
|
enable = true;
|
|
|
|
fqdn = "mail.${cfg.domainName}";
|
|
|
|
domains = [ cfg.domainName ];
|
2023-05-26 01:38:17 +07:00
|
|
|
certificateScheme = "acme";
|
2023-05-26 01:42:55 +07:00
|
|
|
# actually this just means don't run kresd, unbound is used as the local dns resolver instead
|
2023-05-17 06:29:03 +07:00
|
|
|
localDnsResolver = false;
|
|
|
|
recipientDelimiter = "-";
|
|
|
|
lmtpSaveToDetailMailbox = "no";
|
|
|
|
hierarchySeparator = "/";
|
|
|
|
};
|
|
|
|
|
|
|
|
# Only allow local connections to noreply account
|
|
|
|
mailserver.loginAccounts."noreply@${cfg.domainName}" = {
|
|
|
|
# password is set in private.nix
|
|
|
|
hashedPassword = cfg.hashedNoreplyPassword;
|
|
|
|
sendOnly = true;
|
|
|
|
};
|
|
|
|
services.dovecot2.extraConfig =
|
|
|
|
let
|
|
|
|
passwd = builtins.toFile "dovecot2-local-passwd" ''
|
|
|
|
noreply@${cfg.domainName}:{plain}${cfg.unhashedNoreplyPassword}::::::allow_nets=local,127.0.0.0/8,::1
|
|
|
|
'';
|
|
|
|
in ''
|
|
|
|
passdb {
|
|
|
|
driver = passwd-file
|
|
|
|
args = ${passwd}
|
|
|
|
}
|
|
|
|
'';
|
|
|
|
}
|