hosts/prefect/services/mailserver/server.nix at dc503dfb275f70603f9d184eab6f231a54afcac6 · pyrox.dev/nix

pyrox.dev / nix

My Nix Configuration

nix / hosts / prefect / services / mailserver / server.nix

at dc503dfb275f70603f9d184eab6f231a54afcac6 1.6 kB view raw

 1{ d }:
 2{
 3  hostname = d.extUrl;
 4  # TLS
 5  # https://stalw.art/docs/server/tls/overview
 6  tls = {
 7    enable = true;
 8    implicit = false;
 9    ignore-client-order = true;
10  };
11  # Listeners
12  # https://stalw.art/docs/server/listener
13  listener = {
14    smtp = {
15      bind = [
16        "[::]:${toString d.intSMTP}"
17        "[::]:40025"
18      ];
19      protocol = "smtp";
20      # Explicit TLS
21      tls.implicit = false;
22    };
23    smtps = {
24      bind = "[::]:${toString d.intSMTPS}";
25      protocol = "smtp";
26      # Implicit TLS
27      tls.implicit = true;
28    };
29    imap = {
30      bind = "[::]:${toString d.intIMAP}";
31      protocol = "imap";
32      # Explicit TLS
33      tls.implicit = false;
34    };
35    imaps = {
36      bind = "[::]:${toString d.intIMAPS}";
37      protocol = "imap";
38      # Implicit TLS
39      tls.implicit = true;
40    };
41    managesieve = {
42      bind = "[::]:${toString d.intManageSieve}";
43      protocol = "managesieve";
44      # Explicit TLS
45      tls.implicit = false;
46    };
47    https = {
48      bind = "[::]:${toString d.intHTTPS}";
49      protocol = "http";
50      # Implicit TLS
51      tls.implicit = true;
52    };
53    http = {
54      bind = "[::]:${toString d.intHTTP}";
55      protocol = "http";
56      # Implicit TLS
57      tls.implicit = false;
58    };
59  };
60  # Proxy Protocol from Caddy
61  # Only accepts proxy protocol from Tailscale IP Ranges
62  # https://tailscale.com/kb/1015/100.x-addresses
63  # https://tailscale.com/kb/1033/ip-and-dns-addresses
64  proxy.trusted-networks = [
65    "fd7a:115c:a1e0::/48"
66    "100.64.0.0/10"
67    "127.0.0.1/8"
68  ];
69}