diff options
| author | Nguyễn Gia Phong <mcsinyx@disroot.org> | 2022-08-09 17:32:58 +0900 |
|---|---|---|
| committer | Nguyễn Gia Phong <mcsinyx@disroot.org> | 2022-08-09 17:32:58 +0900 |
| commit | 9b96160651ef08ede891c1f61d2295c8b2cb259d (patch) | |
| tree | fcd5eb549caa7089d6b6a945203606d05586d737 | |
| parent | 3dea7ca5eccd6d35ad4fe7121534b1690ef57a7e (diff) | |
| download | nixos-conf-9b96160651ef08ede891c1f61d2295c8b2cb259d.tar.gz | |
Draft mail config
| -rw-r--r-- | configuration.nix | 2 | ||||
| -rw-r--r-- | mail.nix | 58 |
2 files changed, 59 insertions, 1 deletions
diff --git a/configuration.nix b/configuration.nix index fafb545..13bc497 100644 --- a/configuration.nix +++ b/configuration.nix @@ -31,8 +31,8 @@ imports = [ ./ipfs.nix + ./mail.nix ./matrix.nix - ./sourcehut.nix ./static.nix ./vpsadminos.nix ]; diff --git a/mail.nix b/mail.nix new file mode 100644 index 0000000..7db9243 --- /dev/null +++ b/mail.nix @@ -0,0 +1,58 @@ +# Email server configuration +# Copyright (C) 2022 Nguyễn Gia Phong +# +# This file is part of loang configuration. +# +# Loang configuration is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Loang configuration is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with loang configuration. If not, see <https://www.gnu.org/licenses/>. + +{ config, ... }: +let + certDir = config.security.acme.certs.${domain}.directory; + domain = config.networking.domain; +in { + networking.firewall.allowedTCPPorts = [ + 25 # SMTP-MTA + 110 # POP3 + 465 # SMTP-MSA + 993 # IMAPS + ]; + + services = { + dovecot2 = { + enable = true; + sslServerCert = "${certDir}/cert.pem"; + sslServerKey = "${certDir}/key.pem"; + sslCACert = "${certDir}/chain.pem"; + }; + + postfix = { + enable = true; + enableSubmissions = true; + domain = domain; + hostname = domain; + submissionsOptions = { + cleanup_service_name = "ascleanup"; + milter_macro_daemon_name = "ORIGINATING"; + smtpd_client_restrictions = "permit_sasl_authenticated,reject"; + smtpd_sasl_auth_enable = "yes"; + smtpd_sasl_local_domain = domain; + smtpd_sasl_path = "private/auth"; + smtpd_sasl_security_options = "noanonymous"; + smtpd_sasl_type = "dovecot"; + smtpd_tls_security_level = "encrypt"; + }; + sslCert = "${certDir}/cert.pem"; + sslKey = "${certDir}/key.pem"; }; + }; +} |