diff options
| -rw-r--r-- | mail.nix | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/mail.nix b/mail.nix index edb5da0..62a7f11 100644 --- a/mail.nix +++ b/mail.nix @@ -18,15 +18,17 @@ { config, lib, pkgs, ... }: let - certDir = config.security.acme.certs.${hostname}.directory; + alps = config.services.alps; domain = config.networking.domain; hostname = "tem.${domain}"; - publicHost = "chung.${domain}"; + publicHost = "loa.${domain}"; + public-inbox = config.services.public-inbox; in { networking.firewall.allowedTCPPorts = [ 25 # SMTP-MTA - 465 # SMTP-MSA - 993 # IMAPS + alps.smtps.port + alps.imaps.port + public-inbox.imap.port ]; services = { @@ -98,7 +100,7 @@ in { } } - submission tls://0.0.0.0:465 { + submission tls://0.0.0.0:${toString alps.smtps.port} { limits { all rate 50 1s } @@ -156,7 +158,7 @@ in { } } - imap tls://0.0.0.0:993 { + imap tls://0.0.0.0:${toString alps.imaps.port} { auth &local_authdb storage &local_mailboxes } @@ -167,10 +169,12 @@ in { localDomains = [ domain publicHost ]; tls = { loader = "file"; - certificates = [{ + certificates = let + certDir = config.security.acme.certs.${hostname}.directory; + in [ { certPath = "${certDir}/cert.pem"; keyPath = "${certDir}/key.pem"; - }]; + } ]; }; }; @@ -241,12 +245,11 @@ in { enableACME = true; forceSSL = true; locations."/".proxyPass = let - port = config.services.public-inbox.http.port; + port = public-inbox.http.port; in "http://localhost:${toString port}"; }; - ${hostname} = let alps = config.services.alps; - in { + ${hostname} = { enableACME = true; forceSSL = true; locations."/".proxyPass = "http://${alps.bindIP}:${toString alps.port}"; |