{ config, flake, ... }: { age.secrets.mail-hensoko.file = "${flake.self}/secrets/mail/hensoko.age"; age.secrets.mail-teutat3s.file = "${flake.self}/secrets/mail/teutat3s.age"; age.secrets.mail-admins.file = "${flake.self}/secrets/mail/admins.age"; age.secrets.mail-bot.file = "${flake.self}/secrets/mail/bot.age"; age.secrets.mail-crew.file = "${flake.self}/secrets/mail/crew.age"; age.secrets.mail-erpnext.file = "${flake.self}/secrets/mail/erpnext.age"; age.secrets.mail-hakkonaut.file = "${flake.self}/secrets/mail/hakkonaut.age"; mailserver = { enable = true; fqdn = "mail.pub.solar"; domains = [ "pub.solar" ]; # A list of all login accounts. To create the password hashes, use # nix-shell -p mkpasswd --run 'mkpasswd -R11 -m bcrypt' loginAccounts = { "hensoko@pub.solar" = { hashedPasswordFile = config.age.secrets.mail-hensoko.path; quota = "2G"; }; "teutat3s@pub.solar" = { hashedPasswordFile = config.age.secrets.mail-teutat3s.path; quota = "2G"; }; "admins@pub.solar" = { hashedPasswordFile = config.age.secrets.mail-admins.path; quota = "2G"; aliases = [ "abuse@pub.solar" "alerts@pub.solar" "forgejo@pub.solar" "keycloak@pub.solar" "mastodon-notifications@pub.solar" "matrix@pub.solar" "postmaster@pub.solar" "nextcloud@pub.solar" "no-reply@pub.solar" "security@pub.solar" ]; }; "bot@pub.solar" = { hashedPasswordFile = config.age.secrets.mail-bot.path; quota = "2G"; aliases = [ "hackernews-bot@pub.solar" ]; }; "crew@pub.solar" = { hashedPasswordFile = config.age.secrets.mail-crew.path; quota = "2G"; aliases = [ "moderation@pub.solar" ]; }; "erpnext@pub.solar" = { hashedPasswordFile = config.age.secrets.mail-erpnext.path; quota = "2G"; }; "hakkonaut@pub.solar" = { hashedPasswordFile = config.age.secrets.mail-hakkonaut.path; quota = "2G"; }; }; # Use Let's Encrypt certificates. Note that this needs to set up a stripped # down nginx and opens port 80. certificateScheme = "acme-nginx"; }; security.acme.acceptTerms = true; security.acme.defaults.email = "security@pub.solar"; }