diff options
-rw-r--r-- | configuration.nix | 2 | ||||
-rw-r--r-- | mail.nix | 58 |
2 files changed, 59 insertions, 1 deletions
diff --git a/configuration.nix b/configuration.nix index fafb545..13bc497 100644 --- a/configuration.nix +++ b/configuration.nix @@ -31,8 +31,8 @@ imports = [ ./ipfs.nix + ./mail.nix ./matrix.nix - ./sourcehut.nix ./static.nix ./vpsadminos.nix ]; diff --git a/mail.nix b/mail.nix new file mode 100644 index 0000000..7db9243 --- /dev/null +++ b/mail.nix @@ -0,0 +1,58 @@ +# Email server configuration +# Copyright (C) 2022 Nguyễn Gia Phong +# +# This file is part of loang configuration. +# +# Loang configuration is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Loang configuration is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with loang configuration. If not, see <https://www.gnu.org/licenses/>. + +{ config, ... }: +let + certDir = config.security.acme.certs.${domain}.directory; + domain = config.networking.domain; +in { + networking.firewall.allowedTCPPorts = [ + 25 # SMTP-MTA + 110 # POP3 + 465 # SMTP-MSA + 993 # IMAPS + ]; + + services = { + dovecot2 = { + enable = true; + sslServerCert = "${certDir}/cert.pem"; + sslServerKey = "${certDir}/key.pem"; + sslCACert = "${certDir}/chain.pem"; + }; + + postfix = { + enable = true; + enableSubmissions = true; + domain = domain; + hostname = domain; + submissionsOptions = { + cleanup_service_name = "ascleanup"; + milter_macro_daemon_name = "ORIGINATING"; + smtpd_client_restrictions = "permit_sasl_authenticated,reject"; + smtpd_sasl_auth_enable = "yes"; + smtpd_sasl_local_domain = domain; + smtpd_sasl_path = "private/auth"; + smtpd_sasl_security_options = "noanonymous"; + smtpd_sasl_type = "dovecot"; + smtpd_tls_security_level = "encrypt"; + }; + sslCert = "${certDir}/cert.pem"; + sslKey = "${certDir}/key.pem"; }; + }; +} |