pyrox.dev / nix
My Nix Configuration
fork atom
nix / hosts / prefect / services / mailserver / default.nix
at f0ec6d2062b5e6f670e75a3c19b24e49f1a82bc3 2.9 kB view raw
1{ lib, pkgs, ... }: 2{ 3 imports = [ 4 ./logins.nix 5 ./monitoring.nix 6 ./overrides.nix 7 ]; 8 mailserver = { 9 enable = false; 10 fqdn = "mail.pyrox.dev"; 11 systemName = "PyroNet Mail"; 12 systemDomain = "mail.pyrox.dev"; 13 openFirewall = true; 14 stateVersion = 3; 15 16 # All domains this server runs email for 17 domains = [ "pyrox.dev" ]; 18 19 # Enable STARTTLS 20 enableImap = true; 21 enableSubmission = true; 22 23 # Disable POP3, I don't use it and neither should you 24 enablePop3 = false; 25 enablePop3Ssl = false; 26 27 # Enable ManageSieve so that we don't need to change the config to update sieves 28 enableManageSieve = true; 29 30 # Set directories for services 31 mailDirectory = "/srv/mail/vmail"; 32 sieveDirectory = "/srv/mail/sieve"; 33 indexDir = "/var/lib/dovecot/indices"; 34 dkimKeyDirectory = "/srv/mail/dkim"; 35 36 # Set all no-reply addresses 37 rejectRecipients = [ 38 "no-reply@pyrox.dev" 39 "dmarc-noreply@pyrox.dev" 40 ]; 41 42 # DKIM Settings 43 dkimKeyBits = 4096; 44 dkimSelector = "mail"; 45 dkimSigning = true; 46 47 # DMARC Settings 48 dmarcReporting = { 49 enable = true; 50 }; 51 52 # Mailboxes for all users 53 mailboxes = { 54 Drafts = { 55 auto = "subscribe"; 56 specialUse = "Drafts"; 57 }; 58 Junk = { 59 auto = "subscribe"; 60 specialUse = "Junk"; 61 }; 62 Sent = { 63 auto = "subscribe"; 64 specialUse = "Sent"; 65 }; 66 Trash = { 67 auto = "subscribe"; 68 specialUse = "Trash"; 69 }; 70 }; 71 72 # Full-Text-Search Settings 73 fullTextSearch = { 74 enable = true; 75 autoIndex = true; 76 enforced = "body"; 77 memoryLimit = 2048; 78 }; 79 80 # Certificate Settings 81 certificateScheme = "manual"; 82 certificateFile = "/var/lib/mail/mail.crt"; 83 keyFile = "/var/lib/mail/mail.key"; 84 }; 85 86 services.opendkim = { 87 user = lib.mkForce "virtualMail"; 88 group = lib.mkForce "virtualMail"; 89 }; 90 91 # Copy mail certs every month so that they don't expire 92 systemd = { 93 timers."copy-mail-certs" = { 94 wantedBy = [ "timers.target" ]; 95 timerConfig = { 96 OnBootSec = "5m"; 97 OnCalendar = "daily"; 98 Unit = "copy-mail-certs.service"; 99 }; 100 }; 101 102 services."copy-mail-certs" = { 103 script = '' 104 set -eu 105 cp -fvr /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.pyrox.dev/mail.pyrox.dev.crt /var/lib/mail/mail.crt 106 chmod a+r /var/lib/mail/mail.crt 107 cp -fvr /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.pyrox.dev/mail.pyrox.dev.key /var/lib/mail/mail.key 108 chmod a+r /var/lib/mail/mail.key 109 chown -hR virtualMail:virtualMail /var/lib/mail/ 110 ''; 111 serviceConfig = { 112 Type = "oneshot"; 113 User = "root"; 114 }; 115 }; 116 }; 117 118}