48 lines
1.2 KiB
Nix
48 lines
1.2 KiB
Nix
{ mailserver , ... }:
|
|
let
|
|
domain = "sondell.org";
|
|
fqdn = "mail.${domain}";
|
|
in
|
|
{
|
|
imports = [
|
|
mailserver
|
|
];
|
|
|
|
mailserver = {
|
|
enable = true;
|
|
fqdn = fqdn;
|
|
domains = [ domain ];
|
|
|
|
# A list of all login accounts. To create the password hashes, use
|
|
# cat .secrets/nextadminpw | nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' > .secrets/mailpw.hash
|
|
loginAccounts = {
|
|
"admin@sondell.org" = {
|
|
hashedPasswordFile = "/etc/nixos/.secrets/mailpw.hash";
|
|
aliases = ["info@sondell.org"];
|
|
};
|
|
"glenn@sondell.org" = {
|
|
hashedPasswordFile = "/etc/nixos/.secrets/mailpw.hash";
|
|
};
|
|
};
|
|
|
|
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
|
|
# down nginx and opens port 80.
|
|
certificateScheme = "acme-nginx";
|
|
};
|
|
|
|
services.roundcube = {
|
|
enable = true;
|
|
# this is the url of the vhost, not necessarily the same as the fqdn of
|
|
# the mailserver
|
|
hostName = "webmail.${domain}";
|
|
extraConfig = ''
|
|
# starttls needed for authentication, so the fqdn required to match
|
|
# the certificate
|
|
$config['smtp_server'] = "tls://${fqdn}";
|
|
$config['smtp_user'] = "%u";
|
|
$config['smtp_pass'] = "%p";
|
|
'';
|
|
};
|
|
|
|
}
|