mirror of
https://github.com/gensokyo-zone/infrastructure.git
synced 2026-02-09 12:29:19 -08:00
services/mail: Init
This commit is contained in:
kat witch
parent
1e869f3579
commit
377d4b45a2
16 changed files with 865 additions and 118 deletions
|
|
@ -1,101 +1,10 @@
|
|||
{ config, lib, tf, pkgs, sources, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
domains = [ "kittywitch" "dork" ];
|
||||
users = [ "gitea" "kat" "keycloak" "vaultwarden" ];
|
||||
in
|
||||
{
|
||||
imports = [ sources.nixos-mailserver.outPath ];
|
||||
|
||||
kw.secrets.variables = listToAttrs (map
|
||||
(field:
|
||||
nameValuePair "mail-${field}-hash" {
|
||||
path = "secrets/mail-kittywitch";
|
||||
field = "${field}-hash";
|
||||
})
|
||||
users
|
||||
++ map
|
||||
(domain:
|
||||
nameValuePair "mail-domainkey-${domain}" {
|
||||
path = "secrets/mail-${domain}";
|
||||
field = "notes";
|
||||
})
|
||||
domains);
|
||||
|
||||
deploy.tf.dns.records = mkMerge (map
|
||||
(domain:
|
||||
let
|
||||
zoneGet = domain: if domain == "dork" then "dork.dev." else config.network.dns.zone;
|
||||
in
|
||||
{
|
||||
"services_mail_${domain}_mx" = {
|
||||
zone = zoneGet domain;
|
||||
mx = {
|
||||
priority = 10;
|
||||
target = "${config.network.addresses.public.domain}.";
|
||||
};
|
||||
};
|
||||
|
||||
"services_mail_${domain}_spf" = {
|
||||
zone = zoneGet domain;
|
||||
txt.value = "v=spf1 ip4:${config.network.addresses.public.nixos.ipv4.address} ip6:${config.network.addresses.public.nixos.ipv6.address} -all";
|
||||
};
|
||||
|
||||
"services_mail_${domain}_dmarc" = {
|
||||
zone = zoneGet domain;
|
||||
domain = "_dmarc";
|
||||
txt.value = "v=DMARC1; p=none";
|
||||
};
|
||||
|
||||
"services_mail_${domain}_domainkey" = {
|
||||
zone = zoneGet domain;
|
||||
domain = "mail._domainkey";
|
||||
txt.value = tf.variables."mail-domainkey-${domain}".ref;
|
||||
};
|
||||
})
|
||||
domains);
|
||||
|
||||
secrets.files = listToAttrs (map
|
||||
(user:
|
||||
nameValuePair "mail-${user}-hash" {
|
||||
text = ''
|
||||
${tf.variables."mail-${user}-hash".ref}
|
||||
'';
|
||||
})
|
||||
users);
|
||||
|
||||
mailserver = {
|
||||
enable = true;
|
||||
fqdn = config.network.addresses.public.domain;
|
||||
domains = [ "kittywit.ch" "dork.dev" ];
|
||||
certificateScheme = 1;
|
||||
certificateFile = "/var/lib/acme/public_${config.networking.hostName}/cert.pem";
|
||||
keyFile = "/var/lib/acme/public_${config.networking.hostName}/key.pem";
|
||||
enableImap = true;
|
||||
enablePop3 = true;
|
||||
enableImapSsl = true;
|
||||
enablePop3Ssl = true;
|
||||
enableSubmission = false;
|
||||
enableSubmissionSsl = true;
|
||||
enableManageSieve = true;
|
||||
virusScanning = false;
|
||||
|
||||
# nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2
|
||||
loginAccounts = mkMerge [
|
||||
(listToAttrs (map
|
||||
(user:
|
||||
nameValuePair "${user}@kittywit.ch" {
|
||||
hashedPasswordFile = config.secrets.files."mail-${user}-hash".path;
|
||||
})
|
||||
users))
|
||||
{
|
||||
"kat@kittywit.ch" = {
|
||||
aliases = [ "postmaster@kittywit.ch" ];
|
||||
catchAll = [ "kittywit.ch" "dork.dev" ];
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
{ ... }: {
|
||||
imports = [
|
||||
./dns.nix
|
||||
./rspamd.nix
|
||||
./postfix.nix
|
||||
./dovecot.nix
|
||||
./opendkim.nix
|
||||
./autoconfig.nix
|
||||
];
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue