2019-05-09 18:28:40 +02:00
|
|
|
{ config, lib, ... }:
|
2019-02-26 13:44:40 +01:00
|
|
|
|
2019-03-20 02:57:59 +01:00
|
|
|
with lib;
|
2019-02-26 13:44:40 +01:00
|
|
|
|
2019-03-20 02:57:59 +01:00
|
|
|
mkIf (elem "mailserver" config.machine.services) {
|
2019-08-27 16:01:04 +02:00
|
|
|
mailserver = let
|
|
|
|
mkUser = username: {
|
|
|
|
name = "${username}@${config.machine.domain}";
|
|
|
|
value = {
|
|
|
|
hashedPassword = (fileContents "/secret/${username}.mail");
|
|
|
|
};
|
|
|
|
};
|
|
|
|
in rec {
|
2019-02-26 13:44:40 +01:00
|
|
|
enable = true;
|
2019-03-24 22:55:17 +01:00
|
|
|
fqdn = "mail.${config.machine.domain}";
|
|
|
|
domains = [ config.machine.domain ];
|
2019-08-27 16:01:04 +02:00
|
|
|
loginAccounts = listToAttrs (map mkUser config.machine.mailAccounts);
|
|
|
|
|
2019-02-26 13:44:40 +01:00
|
|
|
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
|
|
|
|
# down nginx and opens port 80.
|
|
|
|
certificateScheme = 1;
|
|
|
|
certificateFile = "/var/lib/acme/" + fqdn + "/fullchain.pem";
|
|
|
|
keyFile = "/var/lib/acme/" + fqdn + "/key.pem";
|
|
|
|
|
|
|
|
#dhParamBitLength = 4096; # this doesn't exist???
|
|
|
|
|
|
|
|
# Enable IMAP and POP3
|
|
|
|
enableImap = true;
|
2019-03-20 02:57:59 +01:00
|
|
|
enablePop3 = false;
|
2019-02-26 13:44:40 +01:00
|
|
|
enableImapSsl = true;
|
2019-03-20 02:57:59 +01:00
|
|
|
enablePop3Ssl = false;
|
2019-02-26 13:44:40 +01:00
|
|
|
|
|
|
|
# Enable the ManageSieve protocol
|
|
|
|
enableManageSieve = true;
|
|
|
|
|
|
|
|
# whether to scan inbound emails for viruses (note that this requires at least
|
|
|
|
# 1 Gb RAM for the server. Without virus scanning 256 MB RAM should be plenty)
|
|
|
|
virusScanning = false;
|
|
|
|
};
|
|
|
|
}
|