From 9b96160651ef08ede891c1f61d2295c8b2cb259d Mon Sep 17 00:00:00 2001
From: Nguyễn Gia Phong <mcsinyx@disroot.org>
Date: Tue, 9 Aug 2022 17:32:58 +0900
Subject: Draft mail config

---
 configuration.nix |  2 +-
 mail.nix          | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 59 insertions(+), 1 deletion(-)
 create mode 100644 mail.nix

diff --git a/configuration.nix b/configuration.nix
index fafb545..13bc497 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -31,8 +31,8 @@
 
   imports = [
     ./ipfs.nix
+    ./mail.nix
     ./matrix.nix
-    ./sourcehut.nix
     ./static.nix
     ./vpsadminos.nix
   ];
diff --git a/mail.nix b/mail.nix
new file mode 100644
index 0000000..7db9243
--- /dev/null
+++ b/mail.nix
@@ -0,0 +1,58 @@
+# Email server configuration
+# Copyright (C) 2022  Nguyễn Gia Phong
+#
+# This file is part of loang configuration.
+#
+# Loang configuration is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Loang configuration is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with loang configuration.  If not, see <https://www.gnu.org/licenses/>.
+
+{ config, ... }:
+let
+  certDir = config.security.acme.certs.${domain}.directory;
+  domain = config.networking.domain;
+in {
+  networking.firewall.allowedTCPPorts = [
+    25 # SMTP-MTA
+    110 # POP3
+    465 # SMTP-MSA
+    993 # IMAPS
+  ];
+
+  services = {
+    dovecot2 = {
+      enable = true;
+      sslServerCert = "${certDir}/cert.pem";
+      sslServerKey = "${certDir}/key.pem";
+      sslCACert = "${certDir}/chain.pem";
+    };
+
+    postfix = {
+      enable = true;
+      enableSubmissions = true;
+      domain = domain;
+      hostname = domain;
+      submissionsOptions = {
+        cleanup_service_name = "ascleanup";
+        milter_macro_daemon_name = "ORIGINATING";
+        smtpd_client_restrictions = "permit_sasl_authenticated,reject";
+        smtpd_sasl_auth_enable = "yes";
+        smtpd_sasl_local_domain = domain;
+        smtpd_sasl_path = "private/auth";
+        smtpd_sasl_security_options = "noanonymous";
+        smtpd_sasl_type = "dovecot";
+        smtpd_tls_security_level = "encrypt";
+      };
+      sslCert = "${certDir}/cert.pem";
+      sslKey = "${certDir}/key.pem";    };
+  };
+}
-- 
cgit 1.4.1