167 lines
3.8 KiB
Nix
167 lines
3.8 KiB
Nix
|
# REF: https://nixos-mailserver.readthedocs.io/en/latest/setup-guide.html
|
||
|
{
|
||
|
pkgs,
|
||
|
util,
|
||
|
...
|
||
|
}: let
|
||
|
domain = "voronind.com";
|
||
|
|
||
|
# SEE: https://gitlab.com/simple-nixos-mailserver/nixos-mailserver#release-branches
|
||
|
version = "24.05";
|
||
|
sha256 = "sha256:0clvw4622mqzk1aqw1qn6shl9pai097q62mq1ibzscnjayhp278b";
|
||
|
in {
|
||
|
imports = [
|
||
|
(builtins.fetchTarball {
|
||
|
inherit sha256;
|
||
|
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-${version}/nixos-mailserver-nixos-${version}.tar.gz";
|
||
|
})
|
||
|
];
|
||
|
|
||
|
mailserver = {
|
||
|
enable = true;
|
||
|
domains = [ domain ];
|
||
|
fqdn = "mail.${domain}";
|
||
|
sendingFqdn = domain;
|
||
|
localDnsResolver = false;
|
||
|
|
||
|
# Use `mkpasswd -sm bcrypt`.
|
||
|
loginAccounts = let
|
||
|
defaultQuota = "1G";
|
||
|
in {
|
||
|
"admin@${domain}" = {
|
||
|
hashedPassword = "$2b$05$1O.dxXxaVshcBNybcqDRYuTlnYt3jDBwfPZWoDtP4BjOLoL0StYsi";
|
||
|
name = "admin";
|
||
|
quota = defaultQuota;
|
||
|
};
|
||
|
"account@${domain}" = {
|
||
|
hashedPassword = "$2b$05$sCyZHdk98KqQ1qsTIvbrUeRJlNBOwBqDgpdc1QxiSnONlEkZ8xGNO";
|
||
|
name = "account";
|
||
|
quota = defaultQuota;
|
||
|
};
|
||
|
"hi@${domain}" = {
|
||
|
hashedPassword = "$2b$05$6fT5hIhzIasNfp9IQr/ds.5RuxH95VKU3QJWlX3hmrAzDF3mExanq";
|
||
|
name = "hi";
|
||
|
quota = defaultQuota;
|
||
|
aliases = [
|
||
|
"voronind@${domain}"
|
||
|
];
|
||
|
};
|
||
|
"job@${domain}" = {
|
||
|
hashedPassword = "$2b$05$.sUmv2.9EWPfLwJn/oZw2e1UbR7HrpNQ2THc5jjX3ysy7CY8ZWHUC";
|
||
|
name = "job";
|
||
|
quota = defaultQuota;
|
||
|
};
|
||
|
"trash@${domain}" = {
|
||
|
hashedPassword = "$2b$05$kn5ygZjN9NR3LXjnKKRw/.DXaZQNW.1XEottlCFIoKiDpIj.JGLJm";
|
||
|
name = "trash";
|
||
|
quota = defaultQuota;
|
||
|
catchAll = [
|
||
|
domain
|
||
|
];
|
||
|
};
|
||
|
"noreply@${domain}" = {
|
||
|
hashedPassword = "$2b$05$TaKwoYmcmkAhsRRv6xG5wOkChcz50cB9BP6QPUDKNAcxMbrY6AeMK";
|
||
|
name = "noreply";
|
||
|
quota = defaultQuota;
|
||
|
sendOnly = true;
|
||
|
};
|
||
|
};
|
||
|
|
||
|
enableImap = true;
|
||
|
enableImapSsl = true;
|
||
|
enableSubmission = true;
|
||
|
enableSubmissionSsl = true;
|
||
|
|
||
|
enableManageSieve = true;
|
||
|
virusScanning = false;
|
||
|
|
||
|
certificateFile = "/etc/letsencrypt/live/${domain}/cert.pem";
|
||
|
certificateScheme = "manual";
|
||
|
keyFile = "/etc/letsencrypt/live/${domain}/privkey.pem";
|
||
|
|
||
|
dkimKeyDirectory = "/var/dkim";
|
||
|
indexDir = "/var/lib/dovecot/indices";
|
||
|
mailDirectory = "/var/vmail";
|
||
|
sieveDirectory = "/var/sieve";
|
||
|
|
||
|
mailboxes = let
|
||
|
mkSpecialBox = specialUse: {
|
||
|
${specialUse} = {
|
||
|
inherit specialUse;
|
||
|
auto = "subscribe";
|
||
|
};
|
||
|
};
|
||
|
in builtins.foldl' (acc: box: acc // (mkSpecialBox box)) {} [
|
||
|
"All"
|
||
|
"Archive"
|
||
|
"Drafts"
|
||
|
"Junk"
|
||
|
"Sent"
|
||
|
"Trash"
|
||
|
];
|
||
|
|
||
|
dmarcReporting = {
|
||
|
inherit domain;
|
||
|
enable = true;
|
||
|
organizationName = "voronind";
|
||
|
# email = "noreply@${domain}";
|
||
|
};
|
||
|
|
||
|
# monitoring = {
|
||
|
# enable = true;
|
||
|
# alertAddress = "admin@${domain}";
|
||
|
# };
|
||
|
};
|
||
|
|
||
|
services = {
|
||
|
roundcube = {
|
||
|
enable = true;
|
||
|
hostName = "mail.${domain}";
|
||
|
dicts = with pkgs.aspellDicts; [
|
||
|
en
|
||
|
ru
|
||
|
];
|
||
|
plugins = [
|
||
|
"managesieve"
|
||
|
];
|
||
|
extraConfig = util.trimTabs ''
|
||
|
$config['smtp_server'] = "localhost:25";
|
||
|
$config['smtp_auth_type'] = null;
|
||
|
$config['smtp_user'] = "";
|
||
|
$config['smtp_pass'] = "";
|
||
|
# $config['smtp_user'] = "%u";
|
||
|
# $config['smtp_pass'] = "%p";
|
||
|
'';
|
||
|
};
|
||
|
};
|
||
|
|
||
|
systemd = {
|
||
|
services.autoexpunge = {
|
||
|
description = "Delete old mail";
|
||
|
serviceConfig = {
|
||
|
Type = "oneshot";
|
||
|
};
|
||
|
path = [
|
||
|
pkgs.dovecot
|
||
|
];
|
||
|
script = util.trimTabs ''
|
||
|
doveadm expunge -A mailbox Junk SENTBEFORE 7d
|
||
|
doveadm expunge -A mailbox Trash SENTBEFORE 30d
|
||
|
doveadm expunge -u trash@voronind.com mailbox Inbox SENTBEFORE 30d
|
||
|
doveadm purge -A
|
||
|
'';
|
||
|
};
|
||
|
|
||
|
timers.autoexpunge = {
|
||
|
timerConfig = {
|
||
|
OnCalendar = "daily";
|
||
|
Persistent = true;
|
||
|
Unit = "autoexpunge.service";
|
||
|
};
|
||
|
wantedBy = [
|
||
|
"timers.target"
|
||
|
];
|
||
|
};
|
||
|
};
|
||
|
}
|