dotfiles/system/hosts/server/mailserver.nix

66 lines
1.9 KiB
Nix

{ config
, pkgs
, inputs
, ... }:
let
cfg = config.server;
in {
imports = [ inputs.nixos-mailserver.nixosModules.default ];
impermanence.directories = [
{ directory = config.mailserver.dkimKeyDirectory; user = "opendkim"; group = "opendkim"; mode = "0755"; }
{ directory = config.mailserver.mailDirectory; user = "virtualMail"; group = "virtualMail"; mode = "0700"; }
];
# roundcube
# TODO: fix sending mail via roundcube
services.nginx.virtualHosts."mail.${cfg.domainName}" = {
quic = true;
enableACME = true;
forceSSL = true;
};
services.roundcube = {
enable = true;
package = pkgs.roundcube.withPlugins (plugins: [ plugins.persistent_login ]);
dicts = with pkgs.aspellDicts; [ en ru ];
hostName = "mail.${cfg.domainName}";
maxAttachmentSize = 100;
plugins = [ "persistent_login" ];
extraConfig = ''
$config['smtp_server'] = "tls://${config.mailserver.fqdn}";
$config['smtp_user'] = "%u";
$config['smtp_pass'] = "%p";
'';
};
mailserver = {
enable = true;
fqdn = "mail.${cfg.domainName}";
domains = [ cfg.domainName ];
certificateScheme = "acme";
# actually this just means don't run kresd, unbound is used as the local dns resolver instead
localDnsResolver = false;
recipientDelimiter = "-";
lmtpSaveToDetailMailbox = "no";
hierarchySeparator = "/";
};
# Only allow local connections to noreply account
mailserver.loginAccounts."noreply@${cfg.domainName}" = {
# password is set in private.nix
hashedPassword = cfg.hashedNoreplyPassword;
sendOnly = true;
};
services.dovecot2.extraConfig =
let
passwd = builtins.toFile "dovecot2-local-passwd" ''
noreply@${cfg.domainName}:{plain}${cfg.unhashedNoreplyPassword}::::::allow_nets=local,127.0.0.0/8,::1
'';
in ''
passdb {
driver = passwd-file
args = ${passwd}
}
'';
}