infra/modules/mail/default.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

87 lines
2.6 KiB
Nix
Raw Normal View History

2024-05-22 19:49:34 +00:00
{ config, flake, ... }:
{
age.secrets.mail-hensoko.file = "${flake.self}/secrets/mail/hensoko.age";
age.secrets.mail-teutat3s.file = "${flake.self}/secrets/mail/teutat3s.age";
age.secrets.mail-admins.file = "${flake.self}/secrets/mail/admins.age";
age.secrets.mail-bot.file = "${flake.self}/secrets/mail/bot.age";
age.secrets.mail-crew.file = "${flake.self}/secrets/mail/crew.age";
age.secrets.mail-erpnext.file = "${flake.self}/secrets/mail/erpnext.age";
age.secrets.mail-hakkonaut.file = "${flake.self}/secrets/mail/hakkonaut.age";
2024-05-22 19:49:34 +00:00
mailserver = {
enable = true;
2024-05-27 15:51:02 +00:00
fqdn = "mail.pub.solar";
2024-05-27 16:05:30 +00:00
domains = [ "pub.solar" ];
2024-05-22 19:49:34 +00:00
# A list of all login accounts. To create the password hashes, use
# nix-shell -p mkpasswd --run 'mkpasswd -R11 -m bcrypt'
loginAccounts = {
"hensoko@pub.solar" = {
hashedPasswordFile = config.age.secrets.mail-hensoko.path;
quota = "2G";
};
2024-05-27 15:51:02 +00:00
"teutat3s@pub.solar" = {
hashedPasswordFile = config.age.secrets.mail-teutat3s.path;
quota = "2G";
};
"admins@pub.solar" = {
hashedPasswordFile = config.age.secrets.mail-admins.path;
quota = "2G";
aliases = [
"abuse@pub.solar"
"alerts@pub.solar"
"forgejo@pub.solar"
"keycloak@pub.solar"
"mastodon-notifications@pub.solar"
"matrix@pub.solar"
"postmaster@pub.solar"
"nextcloud@pub.solar"
"no-reply@pub.solar"
"security@pub.solar"
];
};
"bot@pub.solar" = {
hashedPasswordFile = config.age.secrets.mail-bot.path;
quota = "2G";
aliases = [ "hackernews-bot@pub.solar" ];
};
"crew@pub.solar" = {
hashedPasswordFile = config.age.secrets.mail-crew.path;
quota = "2G";
aliases = [ "moderation@pub.solar" ];
};
"erpnext@pub.solar" = {
hashedPasswordFile = config.age.secrets.mail-erpnext.path;
quota = "2G";
};
"hakkonaut@pub.solar" = {
hashedPasswordFile = config.age.secrets.mail-hakkonaut.path;
quota = "2G";
2024-05-22 19:49:34 +00:00
};
};
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
# down nginx and opens port 80.
certificateScheme = "acme-nginx";
};
security.acme.acceptTerms = true;
security.acme.defaults.email = "security@pub.solar";
pub-solar-os.backups.restic.mail = {
paths = [
"/var/vmail"
"/var/dkim"
];
timerConfig = {
OnCalendar = "*-*-* 02:00:00 Etc/UTC";
};
initialize = true;
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 4"
"--keep-monthly 3"
];
};
2024-05-22 19:49:34 +00:00
}