# REF: https://nixos-mailserver.readthedocs.io/en/latest/setup-guide.html { pkgs, util, ... }: let domain = "voronind.com"; # SEE: https://gitlab.com/simple-nixos-mailserver/nixos-mailserver#release-branches version = "24.05"; sha256 = "sha256:0clvw4622mqzk1aqw1qn6shl9pai097q62mq1ibzscnjayhp278b"; in { imports = [ (builtins.fetchTarball { inherit sha256; url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-${version}/nixos-mailserver-nixos-${version}.tar.gz"; }) ]; mailserver = { enable = true; domains = [ domain ]; fqdn = "mail.${domain}"; sendingFqdn = domain; localDnsResolver = false; # Use `mkpasswd -sm bcrypt`. loginAccounts = let defaultQuota = "1G"; in { "admin@${domain}" = { hashedPassword = "$2b$05$1O.dxXxaVshcBNybcqDRYuTlnYt3jDBwfPZWoDtP4BjOLoL0StYsi"; name = "admin"; quota = defaultQuota; }; "account@${domain}" = { hashedPassword = "$2b$05$sCyZHdk98KqQ1qsTIvbrUeRJlNBOwBqDgpdc1QxiSnONlEkZ8xGNO"; name = "account"; quota = defaultQuota; }; "hi@${domain}" = { hashedPassword = "$2b$05$6fT5hIhzIasNfp9IQr/ds.5RuxH95VKU3QJWlX3hmrAzDF3mExanq"; name = "hi"; quota = defaultQuota; aliases = [ "voronind@${domain}" ]; }; "job@${domain}" = { hashedPassword = "$2b$05$.sUmv2.9EWPfLwJn/oZw2e1UbR7HrpNQ2THc5jjX3ysy7CY8ZWHUC"; name = "job"; quota = defaultQuota; }; "trash@${domain}" = { hashedPassword = "$2b$05$kn5ygZjN9NR3LXjnKKRw/.DXaZQNW.1XEottlCFIoKiDpIj.JGLJm"; name = "trash"; quota = defaultQuota; catchAll = [ domain ]; }; "noreply@${domain}" = { hashedPassword = "$2b$05$TaKwoYmcmkAhsRRv6xG5wOkChcz50cB9BP6QPUDKNAcxMbrY6AeMK"; name = "noreply"; quota = defaultQuota; sendOnly = true; }; }; enableImap = true; enableImapSsl = true; enableSubmission = true; enableSubmissionSsl = true; enableManageSieve = true; virusScanning = false; certificateFile = "/etc/letsencrypt/live/${domain}/cert.pem"; certificateScheme = "manual"; keyFile = "/etc/letsencrypt/live/${domain}/privkey.pem"; dkimKeyDirectory = "/var/dkim"; indexDir = "/var/lib/dovecot/indices"; mailDirectory = "/var/vmail"; sieveDirectory = "/var/sieve"; mailboxes = let mkSpecialBox = specialUse: { ${specialUse} = { inherit specialUse; auto = "subscribe"; }; }; in builtins.foldl' (acc: box: acc // (mkSpecialBox box)) { } [ "All" "Archive" "Drafts" "Junk" "Sent" "Trash" ]; dmarcReporting = { inherit domain; enable = true; organizationName = "voronind"; # email = "noreply@${domain}"; }; # monitoring = { # enable = true; # alertAddress = "admin@${domain}"; # }; }; services = { roundcube = { enable = true; hostName = "mail.${domain}"; dicts = with pkgs.aspellDicts; [ en ru ]; plugins = [ "managesieve" ]; extraConfig = '' $config['smtp_server'] = "localhost:25"; $config['smtp_auth_type'] = null; $config['smtp_user'] = ""; $config['smtp_pass'] = ""; # $config['smtp_user'] = "%u"; # $config['smtp_pass'] = "%p"; ''; }; }; systemd = { services.autoexpunge = { description = "Delete old mail"; serviceConfig = { Type = "oneshot"; }; path = [ pkgs.dovecot ]; script = '' doveadm expunge -A mailbox Junk SENTBEFORE 7d doveadm expunge -A mailbox Trash SENTBEFORE 30d doveadm expunge -u trash@voronind.com mailbox Inbox SENTBEFORE 30d doveadm purge -A ''; }; timers.autoexpunge = { wantedBy = [ "timers.target" ]; timerConfig = { OnCalendar = "daily"; Persistent = true; Unit = "autoexpunge.service"; }; }; }; }