modules/mailserver/nginx.nix at 49bcbebc16816f68e56e80b7bd745eb6d76744c7 · ryan.freumh.org/eilean-nix

Self-host your own digital island

eilean-nix / modules / mailserver / nginx.nix

at 49bcbebc16816f68e56e80b7bd745eb6d76744c7 1.3 kB view raw

 1#  nixos-mailserver: a simple mail server
 2#  Copyright (C) 2016-2018  Robin Raymond
 3#
 4#  This program is free software: you can redistribute it and/or modify
 5#  it under the terms of the GNU General Public License as published by
 6#  the Free Software Foundation, either version 3 of the License, or
 7#  (at your option) any later version.
 8#
 9#  This program is distributed in the hope that it will be useful,
10#  but WITHOUT ANY WARRANTY; without even the implied warranty of
11#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12#  GNU General Public License for more details.
13#
14#  You should have received a copy of the GNU General Public License
15#  along with this program. If not, see <http://www.gnu.org/licenses/>
16
17
18{ config, pkgs, lib, ... }:
19
20with (import ./common.nix { inherit config; });
21
22let
23  cfg = config.mailserver;
24  acmeRoot = "/var/lib/acme/acme-challenge";
25in
26{
27  config = lib.mkIf (cfg.enable && cfg.certificateScheme == 3) {
28    services.nginx = {
29      enable = true;
30      virtualHosts."${cfg.fqdn}" = {
31        serverName = cfg.fqdn;
32        serverAliases = cfg.certificateDomains;
33        forceSSL = true;
34        enableACME = true;
35        acmeRoot = acmeRoot;
36      };
37    };
38
39    security.acme.certs."${cfg.fqdn}".reloadServices = [
40      "postfix.service"
41      "dovecot2.service"
42    ];
43  };
44}