nixos-selfhost/mail.nix

{ mailserver , ... }:
let
  domain = "sondell.org";
  fqdn =  "mail.${domain}";
in
{
  imports = [
    mailserver
  ];

  mailserver = {
    enable = true;
    fqdn = fqdn;
    domains = [ domain ];

    # A list of all login accounts. To create the password hashes, use
    # cat .secrets/nextadminpw | nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' > .secrets/mailpw.hash
    # echo apassword | nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' > .secrets/gilbertmailpw.hash
    loginAccounts = {
      "admin@sondell.org" = {
        hashedPasswordFile = "/etc/nixos/.secrets/mailpw.hash";
        aliases = ["info@sondell.org"];
      };
      "glenn@sondell.org" = {
        hashedPasswordFile = "/etc/nixos/.secrets/mailpw.hash";
      };
      "gilbert@sondell.org" = {
        hashedPasswordFile = "/etc/nixos/.secrets/gilbertmailpw.hash";
      };
    };

    # Use Let's Encrypt certificates. Note that this needs to set up a stripped
    # down nginx and opens port 80.
    certificateScheme = "acme-nginx";
  };

  services.roundcube = {
     enable = true;
     # this is the url of the vhost, not necessarily the same as the fqdn of
     # the mailserver
     hostName = "webmail.${domain}";
     extraConfig = ''
       # starttls needed for authentication, so the fqdn required to match
       # the certificate
       $config['smtp_server'] = "tls://${fqdn}";
       $config['smtp_user'] = "%u";
       $config['smtp_pass'] = "%p";
     '';
  };
  
}
init: mailserver 2024-04-04 15:05:25 +02:00			`{ mailserver , ... }:`
working: mailserver 2024-04-09 14:23:32 +02:00			`let`
			`domain = "sondell.org";`
			`fqdn = "mail.${domain}";`
			`in`
init: mailserver 2024-04-04 15:05:25 +02:00			`{`
			`imports = [`
			`mailserver`
			`];`

			`mailserver = {`
			`enable = true;`
working: mailserver 2024-04-09 14:23:32 +02:00			`fqdn = fqdn;`
			`domains = [ domain ];`
init: mailserver 2024-04-04 15:05:25 +02:00
			`# A list of all login accounts. To create the password hashes, use`
			`# cat .secrets/nextadminpw \| nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' > .secrets/mailpw.hash`
feat: gilbert mail 2024-04-20 10:50:26 +02:00			`# echo apassword \| nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' > .secrets/gilbertmailpw.hash`
init: mailserver 2024-04-04 15:05:25 +02:00			`loginAccounts = {`
			`"admin@sondell.org" = {`
			`hashedPasswordFile = "/etc/nixos/.secrets/mailpw.hash";`
			`aliases = ["info@sondell.org"];`
			`};`
glenn mail 2024-04-15 13:59:59 +02:00			`"glenn@sondell.org" = {`
			`hashedPasswordFile = "/etc/nixos/.secrets/mailpw.hash";`
			`};`
feat: gilbert mail 2024-04-20 10:50:26 +02:00			`"gilbert@sondell.org" = {`
			`hashedPasswordFile = "/etc/nixos/.secrets/gilbertmailpw.hash";`
			`};`
init: mailserver 2024-04-04 15:05:25 +02:00			`};`

			`# Use Let's Encrypt certificates. Note that this needs to set up a stripped`
			`# down nginx and opens port 80.`
			`certificateScheme = "acme-nginx";`
			`};`

working: mailserver 2024-04-09 14:23:32 +02:00			`services.roundcube = {`
			`enable = true;`
			`# this is the url of the vhost, not necessarily the same as the fqdn of`
			`# the mailserver`
			`hostName = "webmail.${domain}";`
			`extraConfig = ''`
			`# starttls needed for authentication, so the fqdn required to match`
			`# the certificate`
			`$config['smtp_server'] = "tls://${fqdn}";`
			`$config['smtp_user'] = "%u";`
			`$config['smtp_pass'] = "%p";`
			`'';`
			`};`
init: mailserver 2024-04-04 15:05:25 +02:00
			`}`