systems/x86_64-linux/prefect/services/mailserver/default.nix at ca84d4e5d51194cb4dbb99f9295f0e34d2d6e907 · pyrox.dev/nix

pyrox.dev / nix
My Nix Configuration
nix / systems / x86_64-linux / prefect / services / mailserver / default.nix
at ca84d4e5d51194cb4dbb99f9295f0e34d2d6e907 3.0 kB view raw
  1{ lib, pkgs, ... }:
  2{
  3  imports = [
  4    ./logins.nix
  5    ./monitoring.nix
  6    ./overrides.nix
  7  ];
  8  mailserver = {
  9    enable = true;
 10    fqdn = "mail.pyrox.dev";
 11    openFirewall = true;
 12    stateVersion = 1;
 13
 14    # All domains this server runs email for
 15    domains = [ "pyrox.dev" ];
 16
 17    # Enable STARTTLS
 18    enableImap = true;
 19    enableSubmission = true;
 20
 21    # Disable POP3, I don't use it and neither should you
 22    enablePop3 = false;
 23    enablePop3Ssl = false;
 24
 25    # Enable ManageSieve so that we don't need to change the config to update sieves
 26    enableManageSieve = true;
 27
 28    # Set directories for services
 29    mailDirectory = "/srv/mail/vmail";
 30    sieveDirectory = "/srv/mail/sieve";
 31    indexDir = "/var/lib/dovecot/indices";
 32    dkimKeyDirectory = "/srv/mail/dkim";
 33
 34    # Set all no-reply addresses
 35    rejectRecipients = [
 36      "no-reply@pyrox.dev"
 37      "dmarc-noreply@pyrox.dev"
 38    ];
 39
 40    # DKIM Settings
 41    dkimKeyBits = 4096;
 42    dkimSelector = "mail";
 43    dkimSigning = true;
 44
 45    # DMARC Settings
 46    dmarcReporting = {
 47      enable = true;
 48      domain = "pyrox.dev";
 49      localpart = "dmarc-noreply";
 50      fromName = "PyroNet Mail DMARC Service";
 51      organizationName = "PyroNet Mail";
 52    };
 53
 54    # Mailboxes for all users
 55    mailboxes = {
 56      Drafts = {
 57        auto = "subscribe";
 58        specialUse = "Drafts";
 59      };
 60      Junk = {
 61        auto = "subscribe";
 62        specialUse = "Junk";
 63      };
 64      Sent = {
 65        auto = "subscribe";
 66        specialUse = "Sent";
 67      };
 68      Trash = {
 69        auto = "subscribe";
 70        specialUse = "Trash";
 71      };
 72    };
 73
 74    # Full-Text-Search Settings
 75    fullTextSearch = {
 76      enable = true;
 77      autoIndex = true;
 78      enforced = "body";
 79      memoryLimit = 2048;
 80    };
 81
 82    # Certificate Settings
 83    certificateScheme = "manual";
 84    certificateFile = "/var/lib/mail/mail.crt";
 85    keyFile = "/var/lib/mail/mail.key";
 86  };
 87
 88  services.opendkim = {
 89    user = lib.mkForce "virtualMail";
 90    group = lib.mkForce "virtualMail";
 91  };
 92
 93  # Copy mail certs every month so that they don't expire
 94  systemd = {
 95    timers."copy-mail-certs" = {
 96      wantedBy = [ "timers.target" ];
 97      timerConfig = {
 98        OnBootSec = "5m";
 99        OnCalendar = "daily";
100        Unit = "copy-mail-certs.service";
101      };
102    };
103
104    services."copy-mail-certs" = {
105      script = ''
106        set -eu
107        cp -fvr /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.pyrox.dev/mail.pyrox.dev.crt /var/lib/mail/mail.crt
108        chmod a+r /var/lib/mail/mail.crt
109        cp -fvr /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.pyrox.dev/mail.pyrox.dev.key /var/lib/mail/mail.key
110        chmod a+r /var/lib/mail/mail.key
111        chown -hR virtualMail:virtualMail /var/lib/mail/
112      '';
113      serviceConfig = {
114        Type = "oneshot";
115        User = "root";
116      };
117    };
118  };
119
120}