nix/host/x86_64-linux/home/Mailserver.nix

159 lines
4.1 KiB
Nix

# REF: https://nixos-mailserver.readthedocs.io/en/latest/setup-guide.html
{ pkgs, util, ... }:
let
domain = "voronind.com";
# SEE: https://gitlab.com/simple-nixos-mailserver/nixos-mailserver#release-branches
version = "24.05";
sha256 = "sha256:0clvw4622mqzk1aqw1qn6shl9pai097q62mq1ibzscnjayhp278b";
in
{
imports = [
(builtins.fetchTarball {
inherit sha256;
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-${version}/nixos-mailserver-nixos-${version}.tar.gz";
})
];
mailserver = {
enable = true;
domains = [ domain ];
fqdn = "mail.${domain}";
sendingFqdn = domain;
localDnsResolver = false;
# Use `mkpasswd -sm bcrypt`.
loginAccounts =
let
defaultQuota = "1G";
in
{
"admin@${domain}" = {
hashedPassword = "$2b$05$1O.dxXxaVshcBNybcqDRYuTlnYt3jDBwfPZWoDtP4BjOLoL0StYsi";
name = "admin";
quota = defaultQuota;
};
"account@${domain}" = {
hashedPassword = "$2b$05$sCyZHdk98KqQ1qsTIvbrUeRJlNBOwBqDgpdc1QxiSnONlEkZ8xGNO";
name = "account";
quota = defaultQuota;
};
"hi@${domain}" = {
hashedPassword = "$2b$05$6fT5hIhzIasNfp9IQr/ds.5RuxH95VKU3QJWlX3hmrAzDF3mExanq";
name = "hi";
quota = defaultQuota;
aliases = [ "voronind@${domain}" ];
};
"job@${domain}" = {
hashedPassword = "$2b$05$.sUmv2.9EWPfLwJn/oZw2e1UbR7HrpNQ2THc5jjX3ysy7CY8ZWHUC";
name = "job";
quota = defaultQuota;
};
"trash@${domain}" = {
hashedPassword = "$2b$05$kn5ygZjN9NR3LXjnKKRw/.DXaZQNW.1XEottlCFIoKiDpIj.JGLJm";
name = "trash";
quota = defaultQuota;
catchAll = [ domain ];
};
"noreply@${domain}" = {
hashedPassword = "$2b$05$TaKwoYmcmkAhsRRv6xG5wOkChcz50cB9BP6QPUDKNAcxMbrY6AeMK";
name = "noreply";
quota = defaultQuota;
sendOnly = true;
};
};
enableImap = true;
enableImapSsl = true;
enableSubmission = true;
enableSubmissionSsl = true;
enableManageSieve = true;
virusScanning = false;
certificateFile = "/etc/letsencrypt/live/${domain}/cert.pem";
certificateScheme = "manual";
keyFile = "/etc/letsencrypt/live/${domain}/privkey.pem";
dkimKeyDirectory = "/var/dkim";
indexDir = "/var/lib/dovecot/indices";
mailDirectory = "/var/vmail";
sieveDirectory = "/var/sieve";
mailboxes =
let
mkSpecialBox = specialUse: {
${specialUse} = {
inherit specialUse;
auto = "subscribe";
};
};
in
builtins.foldl' (acc: box: acc // (mkSpecialBox box)) { } [
"All"
"Archive"
"Drafts"
"Junk"
"Sent"
"Trash"
];
dmarcReporting = {
inherit domain;
enable = true;
organizationName = "voronind";
# email = "noreply@${domain}";
};
# monitoring = {
# enable = true;
# alertAddress = "admin@${domain}";
# };
};
services = {
roundcube = {
enable = true;
hostName = "mail.${domain}";
dicts = with pkgs.aspellDicts; [
en
ru
];
plugins = [ "managesieve" ];
extraConfig = ''
$config['smtp_server'] = "localhost:25";
$config['smtp_auth_type'] = null;
$config['smtp_user'] = "";
$config['smtp_pass'] = "";
# $config['smtp_user'] = "%u";
# $config['smtp_pass'] = "%p";
'';
};
};
systemd = {
services.autoexpunge = {
description = "Delete old mail";
serviceConfig = {
Type = "oneshot";
};
path = [ pkgs.dovecot ];
script = ''
doveadm expunge -A mailbox Junk SENTBEFORE 7d
doveadm expunge -A mailbox Trash SENTBEFORE 30d
doveadm expunge -u trash@voronind.com mailbox Inbox SENTBEFORE 30d
doveadm purge -A
'';
};
timers.autoexpunge = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "daily";
Persistent = true;
Unit = "autoexpunge.service";
};
};
};
}