2024-06-09 23:35:53 +03:00
|
|
|
# Guide: https://nixos-mailserver.readthedocs.io/en/latest/setup-guide.html
|
2024-06-13 17:00:05 +03:00
|
|
|
{ container, domain, pkgs, util, const, ... } @args: let cfg = container.config.mail;
|
2024-06-09 23:35:53 +03:00
|
|
|
in {
|
|
|
|
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
|
|
|
"data"
|
2024-06-13 17:00:05 +03:00
|
|
|
# "data/indices"
|
|
|
|
# "data/vmail"
|
|
|
|
# "data/sieve"
|
|
|
|
# "data/dkim"
|
2024-06-09 23:35:53 +03:00
|
|
|
];
|
|
|
|
|
|
|
|
containers.mail = container.mkContainer cfg {
|
|
|
|
forwardPorts = [
|
|
|
|
{
|
|
|
|
containerPort = 993;
|
|
|
|
hostPort = 993;
|
|
|
|
protocol = "tcp";
|
|
|
|
} {
|
|
|
|
containerPort = 25;
|
|
|
|
hostPort = 25;
|
|
|
|
protocol = "tcp";
|
|
|
|
} {
|
|
|
|
containerPort = 465;
|
|
|
|
hostPort = 465;
|
|
|
|
protocol = "tcp";
|
|
|
|
}
|
|
|
|
];
|
|
|
|
|
|
|
|
bindMounts = {
|
|
|
|
"/var/lib/dovecot/indices" = {
|
|
|
|
hostPath = "${cfg.storage}/data/indices";
|
|
|
|
isReadOnly = false;
|
|
|
|
};
|
|
|
|
"/var/vmail" = {
|
|
|
|
hostPath = "${cfg.storage}/data/vmail";
|
|
|
|
isReadOnly = false;
|
|
|
|
};
|
|
|
|
"/var/sieve" = {
|
|
|
|
hostPath = "${cfg.storage}/data/sieve";
|
|
|
|
isReadOnly = false;
|
|
|
|
};
|
|
|
|
"/var/dkim" = {
|
|
|
|
hostPath = "${cfg.storage}/data/dkim";
|
|
|
|
isReadOnly = false;
|
|
|
|
};
|
|
|
|
"/acme" = {
|
|
|
|
hostPath = "${container.config.proxy.storage}/letsencrypt";
|
|
|
|
isReadOnly = false;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
config = { pkgs, config, ... }: container.mkContainerConfig cfg {
|
|
|
|
imports = [
|
|
|
|
(builtins.fetchTarball {
|
|
|
|
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-${const.stateVersion}/nixos-mailserver-nixos-${const.stateVersion}.tar.gz";
|
|
|
|
sha256 = "sha256:0clvw4622mqzk1aqw1qn6shl9pai097q62mq1ibzscnjayhp278b";
|
|
|
|
})
|
|
|
|
];
|
|
|
|
|
|
|
|
mailserver = {
|
|
|
|
enable = true;
|
|
|
|
fqdn = cfg.domain;
|
|
|
|
domains = [ domain ];
|
|
|
|
sendingFqdn = domain;
|
|
|
|
|
|
|
|
# Use `mkpasswd -sm bcrypt`.
|
|
|
|
loginAccounts = let
|
|
|
|
defaultQuota = "1G";
|
|
|
|
in {
|
|
|
|
"admin@${domain}" = {
|
|
|
|
name = "admin";
|
|
|
|
hashedPassword = "$2b$05$1O.dxXxaVshcBNybcqDRYuTlnYt3jDBwfPZWoDtP4BjOLoL0StYsi";
|
|
|
|
quota = defaultQuota;
|
|
|
|
};
|
|
|
|
"account@${domain}" = {
|
|
|
|
name = "account";
|
|
|
|
hashedPassword = "$2b$05$sCyZHdk98KqQ1qsTIvbrUeRJlNBOwBqDgpdc1QxiSnONlEkZ8xGNO";
|
|
|
|
quota = defaultQuota;
|
|
|
|
};
|
|
|
|
"hi@${domain}" = {
|
|
|
|
name = "hi";
|
|
|
|
hashedPassword = "$2b$05$6fT5hIhzIasNfp9IQr/ds.5RuxH95VKU3QJWlX3hmrAzDF3mExanq";
|
|
|
|
quota = defaultQuota;
|
|
|
|
aliases = [ "voronind@${domain}" ];
|
|
|
|
};
|
|
|
|
"job@${domain}" = {
|
|
|
|
name = "job";
|
|
|
|
hashedPassword = "$2b$05$.sUmv2.9EWPfLwJn/oZw2e1UbR7HrpNQ2THc5jjX3ysy7CY8ZWHUC";
|
|
|
|
quota = defaultQuota;
|
|
|
|
};
|
|
|
|
"trash@${domain}" = {
|
|
|
|
name = "trash";
|
|
|
|
hashedPassword = "$2b$05$kn5ygZjN9NR3LXjnKKRw/.DXaZQNW.1XEottlCFIoKiDpIj.JGLJm";
|
|
|
|
catchAll = [ domain ];
|
|
|
|
quota = defaultQuota;
|
|
|
|
};
|
|
|
|
"noreply@${domain}" = {
|
|
|
|
name = "noreply";
|
|
|
|
hashedPassword = "$2b$05$TaKwoYmcmkAhsRRv6xG5wOkChcz50cB9BP6QPUDKNAcxMbrY6AeMK";
|
|
|
|
sendOnly = true;
|
|
|
|
quota = defaultQuota;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
enableImap = true;
|
|
|
|
enableImapSsl = true;
|
|
|
|
enableSubmission = true;
|
|
|
|
enableSubmissionSsl = true;
|
|
|
|
|
|
|
|
virusScanning = false;
|
|
|
|
|
|
|
|
certificateScheme = "manual";
|
|
|
|
keyFile = "/acme/live/${domain}/privkey.pem";
|
|
|
|
certificateFile = "/acme/live/${domain}/cert.pem";
|
|
|
|
|
|
|
|
indexDir = "/var/lib/dovecot/indices";
|
|
|
|
mailDirectory = "/var/vmail";
|
|
|
|
sieveDirectory = "/var/sieve";
|
|
|
|
dkimKeyDirectory = "/var/dkim";
|
|
|
|
|
|
|
|
mailboxes = {
|
|
|
|
Drafts = {
|
|
|
|
auto = "subscribe";
|
|
|
|
specialUse = "Drafts";
|
|
|
|
};
|
|
|
|
Junk = {
|
|
|
|
auto = "subscribe";
|
|
|
|
specialUse = "Junk";
|
|
|
|
};
|
|
|
|
Sent = {
|
|
|
|
auto = "subscribe";
|
|
|
|
specialUse = "Sent";
|
|
|
|
};
|
|
|
|
Trash = {
|
|
|
|
auto = "no";
|
|
|
|
specialUse = "Trash";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
dmarcReporting = {
|
|
|
|
inherit domain;
|
|
|
|
enable = true;
|
|
|
|
organizationName = "voronind";
|
|
|
|
# email = "noreply@${domain}";
|
|
|
|
};
|
|
|
|
|
|
|
|
# monitoring = {
|
|
|
|
# enable = true;
|
|
|
|
# alertAddress = "admin@${domain}";
|
|
|
|
# };
|
|
|
|
};
|
|
|
|
|
|
|
|
services.roundcube = {
|
|
|
|
enable = true;
|
|
|
|
dicts = with pkgs.aspellDicts; [ en ru ];
|
|
|
|
hostName = cfg.domain;
|
|
|
|
extraConfig = ''
|
|
|
|
# starttls needed for authentication, so the fqdn required to match
|
|
|
|
# the certificate
|
2024-06-13 17:00:05 +03:00
|
|
|
# $config['smtp_server'] = "tls://${config.mailserver.fqdn}";
|
|
|
|
# $config['smtp_server'] = "tls://localhost";
|
|
|
|
$config['smtp_server'] = "localhost:25";
|
|
|
|
$config['smtp_auth_type'] = null;
|
|
|
|
$config['smtp_user'] = "";
|
|
|
|
$config['smtp_pass'] = "";
|
|
|
|
# $config['smtp_user'] = "%u";
|
|
|
|
# $config['smtp_pass'] = "%p";
|
2024-06-09 23:35:53 +03:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
services.nginx = {
|
|
|
|
virtualHosts.${cfg.domain} = {
|
|
|
|
forceSSL = false;
|
|
|
|
enableACME = false;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|