nixos/services/mailserver.nix

63 lines
1.9 KiB
Nix

{
config,
lib,
fn,
mailserver,
...
}:
with lib;
{
imports = [
mailserver.nixosModules.mailserver
];
}
// mkIf (elem "mailserver" config.machine.services) {
mailserver = let
cfg = config.machine;
domain = cfg.domain;
fdomain = (findFirst (s: s.service == "mail") cfg cfg.vHosts).domain;
mkFqdnAlias = name: ["${name}@${domain}" "${name}@${fdomain}"];
mkExDomAlias = name: (map (exDom: "${name}@${exDom}") cfg.extraDomains);
mkUser = user: rec {
name = "${user.name}@${domain}";
value = {
hashedPasswordFile = config.sops.secrets."users/${user.name}/mail".path;
aliases =
["${user.name}@${fdomain}"]
++ (flatten (map mkFqdnAlias user.aliases))
++ (flatten (map mkExDomAlias ([user.name] ++ user.aliases)));
};
};
in rec {
enable = true;
fqdn = fdomain;
domains = [fdomain domain] ++ cfg.extraDomains;
loginAccounts = listToAttrs (map mkUser cfg.mailAccounts);
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
# down nginx and opens port 80.
certificateScheme = "manual";
certificateFile = "/var/lib/acme/" + fdomain + "/fullchain.pem";
keyFile = "/var/lib/acme/" + fdomain + "/key.pem";
#dhParamBitLength = 4096; # this doesn't exist???
# Enable IMAP and POP3
enableImap = true;
enablePop3 = false;
enableImapSsl = true;
enablePop3Ssl = false;
# Enable the ManageSieve protocol
enableManageSieve = true;
# whether to scan inbound emails for viruses (note that this requires at least
# 1 Gb RAM for the server. Without virus scanning 256 MB RAM should be plenty)
virusScanning = false;
};
sops.secrets =
fn.sopsHelper
(user: "users/${user.name}/mail")
config.machine.mailAccounts
{};
}