mailserver and some more rework

nixos-mailserver is the best thing since sliced bread

config/hosts/athame/bitwarden.nix

@@ -1,6 +1,6 @@
 { config, pkgs, ... }:
 
-let secrets = (import ../../../../secrets.nix);
+let secrets = (import ../../../secrets.nix);
 in {
   services.bitwarden_rs = {
     enable = true;

config/hosts/athame/configuration.nix

@@ -9,6 +9,7 @@
     ../../services/nginx.nix
     ./virtualhosts.nix
     # services
+    ./mail.nix
     ./gitea.nix
     ./nextcloud.nix
     ./bitwarden.nix

config/hosts/athame/hardware.nix

@@ -1,6 +1,3 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, ... }:
 
 {

config/hosts/athame/mail.nix

@@ -0,0 +1,56 @@
+{ config, pkgs, ... }:
+let sources = (import ../../../nix/sources.nix);
+secrets = (import ../../../secrets.nix);
+in {
+  imports = [
+    sources.nixos-mailserver.outPath
+  ];
+
+  mailserver = {
+    enable = true;
+    fqdn = "kittywit.ch";
+    domains = [ "kittywit.ch" ];
+
+    # A list of all login accounts. To create the password hashes, use
+    # nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2
+    loginAccounts = {
+        "kat@kittywit.ch" = {
+            hashedPassword = secrets.hosts.athame.mail.kat.password;
+
+            aliases = [
+                "postmaster@kittywit.ch"
+            ];
+
+            # Make this user the catchAll address for domains kittywit.ch and
+            # example2.com
+            catchAll = [
+                "kittywit.ch"
+            ];
+        };
+    };
+
+    # Extra virtual aliases. These are email addresses that are forwarded to
+    # loginAccounts addresses.
+    extraVirtualAliases = {
+        # address = forward address;
+        "abuse@kittywit.ch" = "kat@kittywit.ch";
+    };
+
+    # Use Let's Encrypt certificates. Note that this needs to set up a stripped
+    # down nginx and opens port 80.
+    certificateScheme = 3;
+
+    # Enable IMAP and POP3
+    enableImap = true;
+    enablePop3 = true;
+    enableImapSsl = true;
+    enablePop3Ssl = true;
+
+    # Enable the ManageSieve protocol
+    enableManageSieve = true;
+
+    # whether to scan inbound emails for viruses (note that this requires at least
+    # 1 Gb RAM for the server. Without virus scanning 256 MB RAM should be plenty)
+    virusScanning = false;
+  };
+}

config/hosts/athame/matrix.nix

@@ -1,6 +1,6 @@
 { config, pkgs, ... }:
 
-let secrets = (import ../../../../secrets.nix);
+let secrets = (import ../../../secrets.nix);
 in {
   environment.systemPackages =
     [ pkgs.arc.pkgs.mx-puppet-discord pkgs.mautrix-whatsapp ];

config/hosts/athame/virtualhosts.nix

@@ -5,7 +5,7 @@ let
     enableACME = true;
     forceSSL = true;
   };
-  secrets = (import ../../../../secrets.nix);
+  secrets = (import ../../../secrets.nix);
 in {
   services.nginx.virtualHosts = {
     "kittywit.ch" = {

config/hosts/athame/znc.nix

@@ -1,6 +1,6 @@
 { config, pkgs, ... }:
 
-let secrets = (import ../../../../secrets.nix);
+let secrets = (import ../../../secrets.nix);
 in {
   services.znc = {
     enable = true;

config/hosts/samhain/hardware.nix

@@ -1,6 +1,3 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 
 {

config/hosts/yule/hardware.nix

@@ -1,6 +1,3 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 
 {

config/users/kat/desktop.nix

@@ -28,6 +28,7 @@ in {
         pkgs.avidemux
         pkgs.vlc
         pkgs.ffmpeg-full
+        pkgs.thunderbird
         unstable.syncplay
         unstable.youtube-dl
         unstable.google-chrome