96 lines
2.4 KiB
Nix
96 lines
2.4 KiB
Nix
|
{
|
||
|
config,
|
||
|
inputs,
|
||
|
lib,
|
||
|
...
|
||
|
}: {
|
||
|
imports = [inputs.nixos-mailserver.nixosModules.mailserver];
|
||
|
|
||
|
options.snowflake.services.mailserver = {
|
||
|
enable = lib.mkEnableOption "Enable mailserver service";
|
||
|
|
||
|
fqdn = lib.mkOption {
|
||
|
type = lib.types.str;
|
||
|
description = "FQDN for the mailserver";
|
||
|
};
|
||
|
|
||
|
domains = lib.mkOption {
|
||
|
type = lib.types.listOf lib.types.str;
|
||
|
default = [];
|
||
|
description = "Configuration domains to use for the mailserver";
|
||
|
};
|
||
|
|
||
|
loginAccounts = lib.mkOption {
|
||
|
description = "Login accounts for the domain. Every account is mapped to a unix user";
|
||
|
};
|
||
|
};
|
||
|
|
||
|
config = let
|
||
|
cfg = config.snowflake.services.mailserver;
|
||
|
in
|
||
|
lib.mkIf cfg.enable {
|
||
|
# Ref: https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/275
|
||
|
services.dovecot2.sieve.extensions = ["fileinto"];
|
||
|
|
||
|
mailserver = {
|
||
|
inherit (cfg) enable fqdn domains loginAccounts;
|
||
|
|
||
|
# Spin up a stripped-down nginx instance on
|
||
|
# port 80 to generate a certificate automatically.
|
||
|
certificateScheme = "acme-nginx";
|
||
|
|
||
|
# Enable a better way of storing emails.
|
||
|
useFsLayout = true;
|
||
|
|
||
|
mailboxes = {
|
||
|
Archive = {
|
||
|
auto = "subscribe";
|
||
|
specialUse = "Archive";
|
||
|
};
|
||
|
Drafts = {
|
||
|
auto = "subscribe";
|
||
|
specialUse = "Drafts";
|
||
|
};
|
||
|
Sent = {
|
||
|
auto = "subscribe";
|
||
|
specialUse = "Sent";
|
||
|
};
|
||
|
Junk = {
|
||
|
auto = "subscribe";
|
||
|
specialUse = "Junk";
|
||
|
};
|
||
|
Trash = {
|
||
|
auto = "subscribe";
|
||
|
specialUse = "Trash";
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
|
||
|
# Prefer using ipv4 and use correct ipv6 address
|
||
|
# to avoid rDNS issues
|
||
|
# NOTE: this needs to be changed on every new system.
|
||
|
# TODO: figure out how to handle this case better.
|
||
|
services.postfix.extraConfig = ''
|
||
|
smtp_bind_address6 = 2a01:4f8:1c1c:90b::
|
||
|
smtp_address_preference = ipv4
|
||
|
'';
|
||
|
|
||
|
services.fail2ban.jails = {
|
||
|
postfix = {
|
||
|
settings = {
|
||
|
enabled = true;
|
||
|
mode = "extra";
|
||
|
};
|
||
|
};
|
||
|
|
||
|
dovecot = {
|
||
|
settings = {
|
||
|
enabled = true;
|
||
|
filter = "dovecot[mode=aggressive]";
|
||
|
maxretry = 3;
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
}
|