diff options
| author | Nguyễn Gia Phong <mcsinyx@disroot.org> | 2023-06-22 05:38:44 +0900 |
|---|---|---|
| committer | Nguyễn Gia Phong <mcsinyx@disroot.org> | 2023-06-22 05:39:34 +0900 |
| commit | 5a785f54a02d6770d71b26b060bf809eddf13452 (patch) | |
| tree | 749444702b514eaa7d0011f844ab5a5d3867575c | |
| parent | 4f980efaea0b6b935cd4c554eb6dee40987628ff (diff) | |
| download | nixos-conf-5a785f54a02d6770d71b26b060bf809eddf13452.tar.gz | |
Set up webmail
| -rw-r--r-- | mail.nix | 87 |
1 files changed, 47 insertions, 40 deletions
diff --git a/mail.nix b/mail.nix index a76cd40..2909d36 100644 --- a/mail.nix +++ b/mail.nix @@ -28,50 +28,57 @@ in { 993 # IMAPS ]; - security = { - acme.certs.${hostname} = { - group = config.services.maddy.group; - webroot = "/var/lib/acme/acme-challenge"; + services = { + alps = { + enable = true; + imaps.host = hostname; + theme = "alps"; }; - pam.services.maddy = { }; - }; - services.maddy = { - config = '' - auth_map email_localpart - '' + (builtins.replaceStrings [ - '' - auth.pass_table local_authdb { - table sql_table { - driver sqlite3 - dsn credentials.db - table_name passwords + maddy = { + config = '' + auth_map email_localpart + '' + (builtins.replaceStrings [ + '' + auth.pass_table local_authdb { + table sql_table { + driver sqlite3 + dsn credentials.db + table_name passwords + } + } + '' + "imap tcp://0.0.0.0:143" + "submission tcp://0.0.0.0:587" + ] [ + '' + auth.shadow local_authdb { + debug yes + use_helper no } - } - '' - "imap tcp://0.0.0.0:143" - "submission tcp://0.0.0.0:587" - ] [ - '' - auth.shadow local_authdb { - debug yes - use_helper no - } - '' - "imap tls://0.0.0.0:993" - "submission tls://0.0.0.0:465" - ] options.services.maddy.config.default); - enable = true; - hostname = hostname; - primaryDomain = domain; - tls = { - loader = "file"; - certificates = [{ - certPath = "${certDir}/cert.pem"; - keyPath = "${certDir}/key.pem"; - }]; + '' + "imap tls://0.0.0.0:993" + "submission tls://0.0.0.0:465" + ] options.services.maddy.config.default); + enable = true; + hostname = hostname; + primaryDomain = domain; + tls = { + loader = "file"; + certificates = [{ + certPath = "${certDir}/cert.pem"; + keyPath = "${certDir}/key.pem"; + }]; + }; + }; + + nginx.virtualHosts.${hostname} = let alps = config.services.alps; + in { + enableACME = true; + forceSSL = true; + locations."/".proxyPass = "http://${alps.bindIP}:${toString alps.port}"; }; }; - users.extraUsers.maddy.extraGroups = [ "shadow" ]; + users.extraUsers.maddy.extraGroups = [ "nginx" "shadow" ]; } |