From 9b96160651ef08ede891c1f61d2295c8b2cb259d Mon Sep 17 00:00:00 2001 From: Nguyễn Gia Phong Date: Tue, 9 Aug 2022 17:32:58 +0900 Subject: Draft mail config --- configuration.nix | 2 +- mail.nix | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 mail.nix diff --git a/configuration.nix b/configuration.nix index fafb545..13bc497 100644 --- a/configuration.nix +++ b/configuration.nix @@ -31,8 +31,8 @@ imports = [ ./ipfs.nix + ./mail.nix ./matrix.nix - ./sourcehut.nix ./static.nix ./vpsadminos.nix ]; diff --git a/mail.nix b/mail.nix new file mode 100644 index 0000000..7db9243 --- /dev/null +++ b/mail.nix @@ -0,0 +1,58 @@ +# Email server configuration +# Copyright (C) 2022 Nguyễn Gia Phong +# +# This file is part of loang configuration. +# +# Loang configuration is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Loang configuration is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with loang configuration. If not, see . + +{ config, ... }: +let + certDir = config.security.acme.certs.${domain}.directory; + domain = config.networking.domain; +in { + networking.firewall.allowedTCPPorts = [ + 25 # SMTP-MTA + 110 # POP3 + 465 # SMTP-MSA + 993 # IMAPS + ]; + + services = { + dovecot2 = { + enable = true; + sslServerCert = "${certDir}/cert.pem"; + sslServerKey = "${certDir}/key.pem"; + sslCACert = "${certDir}/chain.pem"; + }; + + postfix = { + enable = true; + enableSubmissions = true; + domain = domain; + hostname = domain; + submissionsOptions = { + cleanup_service_name = "ascleanup"; + milter_macro_daemon_name = "ORIGINATING"; + smtpd_client_restrictions = "permit_sasl_authenticated,reject"; + smtpd_sasl_auth_enable = "yes"; + smtpd_sasl_local_domain = domain; + smtpd_sasl_path = "private/auth"; + smtpd_sasl_security_options = "noanonymous"; + smtpd_sasl_type = "dovecot"; + smtpd_tls_security_level = "encrypt"; + }; + sslCert = "${certDir}/cert.pem"; + sslKey = "${certDir}/key.pem"; }; + }; +} -- cgit 1.4.1