{mailserver, ...}: let domain = "sondell.org"; fqdn = "mail.${domain}"; mailDirectory = "/var/vmail"; dkimKeyDirectory = "/var/dkim"; in { imports = [ mailserver ]; services.restic.backups = { "mail" = { passwordFile = "/etc/nixos/.secrets/restic_pw"; repository = "sftp:Glenn@nas:/home/back/mail/restic"; initialize = true; paths = [ mailDirectory # dkimKeyDirectory ]; user = "root"; timerConfig.OnCalendar = "02:05"; pruneOpts = [ "--keep-daily 10" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ]; }; }; mailserver = { enable = true; inherit mailDirectory dkimKeyDirectory; fqdn = fqdn; domains = [domain]; vmailGroupName = "backup"; # A list of all login accounts. To create the password hashes, use # cat .secrets/nextadminpw | nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' > .secrets/mailpw.hash # echo apassword | nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' > .secrets/gilbertmailpw.hash loginAccounts = { "admin@sondell.org" = { hashedPasswordFile = "/etc/nixos/.secrets/mailpw.hash"; aliases = ["info@sondell.org"]; }; "glenn@sondell.org" = { hashedPasswordFile = "/etc/nixos/.secrets/mailpw.hash"; }; "gilbert@sondell.org" = { hashedPasswordFile = "/etc/nixos/.secrets/gilbertmailpw.hash"; }; }; # Use Let's Encrypt certificates. Note that this needs to set up a stripped # down nginx and opens port 80. certificateScheme = "acme-nginx"; }; services.roundcube = { enable = true; # this is the url of the vhost, not necessarily the same as the fqdn of # the mailserver hostName = "webmail.${domain}"; extraConfig = '' # starttls needed for authentication, so the fqdn required to match # the certificate $config['smtp_server'] = "tls://${fqdn}"; $config['smtp_user'] = "%u"; $config['smtp_pass'] = "%p"; ''; }; }