mailback

2024-07-02 09:26:34 +02:00 · 2024-07-02 09:26:34 +02:00 · fee2fa1967
parent 719eda9db9
commit fee2fa1967
2 changed files with 41 additions and 20 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -108,13 +108,13 @@
    home = "/home/sondell";
    isNormalUser = true;
    description = "sondell";
-    extraGroups = ["networkmanager" "wheel" "backup"];
+    extraGroups = ["networkmanager" "wheel" "backup" "opendkim" ];
    packages = with pkgs; [
      firefox
      #  thunderbird
    ];
  };
-  users.groups."backup".gid = 1337;
+  # users.groups."backup".gid = 1337;


  users.users.root = {
--- a/mail.nix
+++ b/mail.nix
@ -1,17 +1,39 @@
-{ mailserver , ... }:
-let
+{mailserver, ...}: let
  domain = "sondell.org";
-  fqdn =  "mail.${domain}";
-in
-{
+  fqdn = "mail.${domain}";
+  mailDirectory = "/var/vmail";
+  dkimKeyDirectory = "/var/dkim";
+in {
  imports = [
    mailserver
  ];

+  services.restic.backups = {
+     "mail" = {
+        passwordFile = "/etc/nixos/.secrets/restic_pw";
+        repository = "sftp:Glenn@nas:/home/back/mail/restic";
+        initialize = true;
+        paths = [
+          mailDirectory
+          dkimKeyDirectory
+        ];
+        user = "sondell";
+        timerConfig.OnCalendar = "02:05";
+        pruneOpts = [
+          "--keep-daily 10"
+          "--keep-weekly 5"
+          "--keep-monthly 12"
+          "--keep-yearly 75"
+        ];
+      };
+  };
+  
  mailserver = {
    enable = true;
+    inherit mailDirectory dkimKeyDirectory;
    fqdn = fqdn;
-    domains = [ domain ];
+    domains = [domain];
+    vmailGroupName = "backup";

    # A list of all login accounts. To create the password hashes, use
    # cat .secrets/nextadminpw | nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' > .secrets/mailpw.hash
@ -35,17 +57,16 @@ in
  };

  services.roundcube = {
-     enable = true;
-     # this is the url of the vhost, not necessarily the same as the fqdn of
-     # the mailserver
-     hostName = "webmail.${domain}";
-     extraConfig = ''
-       # starttls needed for authentication, so the fqdn required to match
-       # the certificate
-       $config['smtp_server'] = "tls://${fqdn}";
-       $config['smtp_user'] = "%u";
-       $config['smtp_pass'] = "%p";
-     '';
+    enable = true;
+    # this is the url of the vhost, not necessarily the same as the fqdn of
+    # the mailserver
+    hostName = "webmail.${domain}";
+    extraConfig = ''
+      # starttls needed for authentication, so the fqdn required to match
+      # the certificate
+      $config['smtp_server'] = "tls://${fqdn}";
+      $config['smtp_user'] = "%u";
+      $config['smtp_pass'] = "%p";
+    '';
  };
-  
 }