From 5a785f54a02d6770d71b26b060bf809eddf13452 Mon Sep 17 00:00:00 2001 From: Nguyễn Gia Phong Date: Thu, 22 Jun 2023 05:38:44 +0900 Subject: Set up webmail --- mail.nix | 87 +++++++++++++++++++++++++++++++++++----------------------------- 1 file changed, 47 insertions(+), 40 deletions(-) diff --git a/mail.nix b/mail.nix index a76cd40..2909d36 100644 --- a/mail.nix +++ b/mail.nix @@ -28,50 +28,57 @@ in { 993 # IMAPS ]; - security = { - acme.certs.${hostname} = { - group = config.services.maddy.group; - webroot = "/var/lib/acme/acme-challenge"; + services = { + alps = { + enable = true; + imaps.host = hostname; + theme = "alps"; }; - pam.services.maddy = { }; - }; - services.maddy = { - config = '' - auth_map email_localpart - '' + (builtins.replaceStrings [ - '' - auth.pass_table local_authdb { - table sql_table { - driver sqlite3 - dsn credentials.db - table_name passwords + maddy = { + config = '' + auth_map email_localpart + '' + (builtins.replaceStrings [ + '' + auth.pass_table local_authdb { + table sql_table { + driver sqlite3 + dsn credentials.db + table_name passwords + } + } + '' + "imap tcp://0.0.0.0:143" + "submission tcp://0.0.0.0:587" + ] [ + '' + auth.shadow local_authdb { + debug yes + use_helper no } - } - '' - "imap tcp://0.0.0.0:143" - "submission tcp://0.0.0.0:587" - ] [ - '' - auth.shadow local_authdb { - debug yes - use_helper no - } - '' - "imap tls://0.0.0.0:993" - "submission tls://0.0.0.0:465" - ] options.services.maddy.config.default); - enable = true; - hostname = hostname; - primaryDomain = domain; - tls = { - loader = "file"; - certificates = [{ - certPath = "${certDir}/cert.pem"; - keyPath = "${certDir}/key.pem"; - }]; + '' + "imap tls://0.0.0.0:993" + "submission tls://0.0.0.0:465" + ] options.services.maddy.config.default); + enable = true; + hostname = hostname; + primaryDomain = domain; + tls = { + loader = "file"; + certificates = [{ + certPath = "${certDir}/cert.pem"; + keyPath = "${certDir}/key.pem"; + }]; + }; + }; + + nginx.virtualHosts.${hostname} = let alps = config.services.alps; + in { + enableACME = true; + forceSSL = true; + locations."/".proxyPass = "http://${alps.bindIP}:${toString alps.port}"; }; }; - users.extraUsers.maddy.extraGroups = [ "shadow" ]; + users.extraUsers.maddy.extraGroups = [ "nginx" "shadow" ]; } -- cgit 1.4.1