glennwso/nixos-selfhost
1
0
Fork 0
Code Issues 2 Pull requests Packages Projects Releases Wiki Activity
nixos-selfhost/mail.nix
glenn 6e1e9d1eb1 fix restic acces to mail
2024-11-26 12:45:00 +01:00

73 lines
2 KiB
Nix
Raw Permalink Blame History

{mailserver, ...}: let
domain = "sondell.org";
fqdn = "mail.${domain}";
mailDirectory = "/var/vmail";
dkimKeyDirectory = "/var/dkim";
in {
imports = [
mailserver
];
services.restic.backups = {
"mail" = {
passwordFile = "/etc/nixos/.secrets/restic_pw";
repository = "sftp:Glenn@nas:/home/back/mail/restic";
initialize = true;
paths = [
mailDirectory
# dkimKeyDirectory
];
user = "root";
timerConfig.OnCalendar = "02:05";
pruneOpts = [
"--keep-daily 10"
"--keep-weekly 5"
"--keep-monthly 12"
"--keep-yearly 75"
];
};
};
mailserver = {
enable = true;
inherit mailDirectory dkimKeyDirectory;
fqdn = fqdn;
domains = [domain];
vmailGroupName = "backup";
# A list of all login accounts. To create the password hashes, use
# cat .secrets/nextadminpw | nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' > .secrets/mailpw.hash
# echo apassword | nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' > .secrets/gilbertmailpw.hash
loginAccounts = {
"admin@sondell.org" = {
hashedPasswordFile = "/etc/nixos/.secrets/mailpw.hash";
aliases = ["info@sondell.org"];
};
"glenn@sondell.org" = {
hashedPasswordFile = "/etc/nixos/.secrets/mailpw.hash";
};
"gilbert@sondell.org" = {
hashedPasswordFile = "/etc/nixos/.secrets/gilbertmailpw.hash";
};
};
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
# down nginx and opens port 80.
certificateScheme = "acme-nginx";
};
services.roundcube = {
enable = true;
# this is the url of the vhost, not necessarily the same as the fqdn of
# the mailserver
hostName = "webmail.${domain}";
extraConfig = ''
# starttls needed for authentication, so the fqdn required to match
# the certificate
$config['smtp_server'] = "tls://${fqdn}";
$config['smtp_user'] = "%u";
$config['smtp_pass'] = "%p";
'';
};
}
Reference in a new issue View git blame Copy permalink