root/the_prg_server_configuration_old
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
the_prg_server_configuratio.../nix-system-configs/modules/system/mail-server.nix

138 lines
4.4 KiB
Nix
Raw Blame History

{
config,
pkgs,
lib,
...
}: let
choose = paths: lib.findFirst builtins.pathExists null paths;
in {
options.local = {
hostname = lib.mkOption {
type = lib.types.str;
default = "nixos-default";
description = "System hostname";
};
username = lib.mkOption {
type = lib.types.str;
default = "user";
description = "Primary user username";
};
userDescription = lib.mkOption {
type = lib.types.str;
default = "NixOS User";
description = "Primary user description";
};
address = lib.mkOption {
type = lib.types.str;
default = "10.1.1.100";
description = "Static IP address";
};
};
imports = lib.filter (x: x != null) [
(choose [./modules/desktop-manager/sway_greetd_homemanager.nix ../desktop-manager/sway_greetd_homemanager.nix])
(choose [./modules/local/hostname_username.nix ../local/hostname_username.nix])
(choose [./modules/local/networking_local.nix ../local/networking_local.nix])
(choose [./modules/bootloader/seabios-assigned-proxmox-at-birth.nix ../bootloader/seabios-assigned-proxmox-at-birth.nix])
(choose [./modules/lix-default.nix ../lix-default.nix])
(choose [./modules/secrets-config/sops-the-blank-system.nix ../secrets-config/sops-the-blank-system.nix])
(choose [./modules/toolsets/grafana_metric.nix ../toolsets/grafana_metric.nix])
(choose [./modules/secrets-config/sops-mail.nix ../secrets-config/sops-mail.nix])
];
config = {
# Enable Tailscale for remote access to Traefik dashboard and configuration
services.tailscale.enable = true;
local.hostname = "nixos-mailserver";
local.username = "mailprg";
local.userDescription = "NixOS PRG Mailing Service";
local.address = "10.1.1.15";
system.stateVersion = "25.11";
services.stalwart-mail = {
enable = true;
openFirewall = true;
settings = {
server = {
hostname = "mail.prg-radio.org";
tls = {
enable = true;
implicit = true;
};
listener = {
smtp = {
protocol = "smtp";
bind = "[::]:25";
proxy.trusted-networks = [
"10.1.1.250/32"
];
};
submissions = {
bind = "[::]:465";
protocol = "smtp";
tls.implicit = true;
# Also trust proxy for SMTPS
proxy.trusted-networks = ["10.1.1.250/32"];
};
imaps = {
bind = "[::]:993";
protocol = "imap";
tls.implicit = true;
proxy.trusted-networks = ["10.1.1.250/32"];
};
jmap = {
bind = "[::]:8080";
url = "https://mail.prg-radio.org";
protocol = "http";
};
management = {
bind = ["127.0.0.1:8080"];
protocol = "http";
};
};
};
lookup.default = {
hostname = "mail.prg-radio.org";
domain = "prg-radio.org";
};
acme."letsencrypt" = {
directory = "https://acme-v02.api.letsencrypt.org/directory";
challenge = "dns-01";
contact = config.sops.secrets."cloudflare-username";
domains = ["prg-radio.org" "mail.prg-radio.org"];
provider = "cloudflare";
secret = config.sops.secrets."cloudflare-dns-token";
};
session.auth = {
mechanisms = "[plain]";
directory = "'in-memory'";
};
storage.directory = "in-memory";
session.rcpt.directory = "'in-memory'";
directory."imap".lookup.domains = ["prg-radio.org"];
directory."in-memory" = {
type = "memory";
principals = [
{
class = "individual";
name = "Polyteknisk Radiogruppe Board Member";
secret = config.sops.secrets."board-member-password";
email = ["board@prg-radio.org"];
}
{
class = "individual";
name = "postmaster";
secret = config.sops.secrets."board-member-password";
email = ["postmaster@prg-radio.org"];
}
];
};
authentication.fallback-admin = {
user = "admin";
secret = config.sops.secrets."admin-password";
};
};
};
};
}
Reference in a new issue View git blame Copy permalink