2021-08-07 21:26:56 +00:00
|
|
|
{ config, pkgs, lib, sources, ... }:
|
2020-11-27 20:56:20 +00:00
|
|
|
|
2021-08-07 21:26:56 +00:00
|
|
|
{
|
2021-01-10 23:53:41 +00:00
|
|
|
imports = [
|
|
|
|
sources.nixos-mailserver.outPath
|
2020-11-27 20:56:20 +00:00
|
|
|
];
|
|
|
|
|
2022-01-31 20:39:35 +00:00
|
|
|
# reduce log spam
|
|
|
|
systemd.services.rspamd.serviceConfig.LogLevelMax = 3; # this is set to error because rspamd regularly complains about not enough learns
|
|
|
|
systemd.services.postfix.serviceConfig.LogLevelMax = 5; # = notice
|
|
|
|
systemd.services.dovecot2.serviceConfig.LogLevelMax = 5; # = notice
|
|
|
|
|
2022-01-31 20:43:25 +00:00
|
|
|
# stop postfix from dying if rspamd hiccups
|
|
|
|
systemd.services.postfix.unitConfig = {
|
|
|
|
Requires = lib.mkForce "dovecot2.service opendkim.service";
|
|
|
|
};
|
|
|
|
|
2020-11-27 20:56:20 +00:00
|
|
|
mailserver = {
|
2021-08-07 21:26:56 +00:00
|
|
|
mailDirectory = "/persist/mail";
|
2020-11-27 20:56:20 +00:00
|
|
|
enable = true;
|
|
|
|
fqdn = "mail.hacc.space";
|
2021-05-08 18:06:00 +00:00
|
|
|
domains = [ "hacc.space" "muc.hacc.space" "hacc.earth" "4future.dev" "4futu.re" "infra4future.de" "discuss.infra4future.de" ];
|
2020-11-27 20:56:20 +00:00
|
|
|
|
|
|
|
loginAccounts = {
|
2021-04-26 17:07:24 +00:00
|
|
|
"hexchen@hacc.space".hashedPassword = "$6$x9skYtRp4dgxC$1y8gPC2BuVqG3kJVSMGgzZv0Bg1T9qxcnBWLIDbANy1d//SQ23Y7s3IMYcEPd1/l/MYWD9Y/Qse6HbT5w5Xwq/";
|
2021-08-03 17:13:46 +00:00
|
|
|
"hexchen@hacc.space".aliases = [ "postmaster@hacc.space" "abuse@hacc.space" "hexchen@infra4future.de" ];
|
2021-04-26 17:07:24 +00:00
|
|
|
|
|
|
|
"octycs@hacc.space".hashedPassword = "$6$KceTivtJ$58jxhYF6ULfivNsb3Z0J7PnGea0Hs2wTWh3c9FrKRIAmuOD96u2IDgZRCn6P5NrXA0BL.n6HC2RS3r.4JnOmg.";
|
|
|
|
"octycs@hacc.space".aliases = [ "markus@hacc.space" ];
|
|
|
|
|
|
|
|
"raphael@hacc.space".hashedPassword = "$6$QveHpwMcp9mkFVAU$EFuahOrJIxPg.c.WGFHtrP3.onwJYwvP7fiBHHGb9jhosewZ2tEUP.2D3uyDLhd9Cfny6Yp4jDk/Hkjk7/ME1/";
|
|
|
|
|
|
|
|
"schweby@hacc.space".hashedPassword = "$6$BpYhwcZNrkLhVqK$6FMqA/vUkdV4GBlHLSqS5DRCb/CaLDNeIsBcZ8G30heytS/tJj2Ag7b1ovSltTA4PUfhee3pJrz1BkwkA93vN1";
|
|
|
|
|
|
|
|
"zauberberg@hacc.space".hashedPassword = "$6$ISAaU8X6D$oGKe9WXDWrRpGzHUTdxrxdtg9zuGOlBMuDc82IZhegpsv1bqd550FhZZrI40IjZTA5Hy2MZ8j/0efpnQ4fOQH0";
|
|
|
|
"zauberberg@hacc.space".aliases = [ "lukas@hacc.space" ];
|
|
|
|
|
|
|
|
"stuebinm@hacc.space".hashedPassword = "$6$mjrMQG5smqLRlm$WzmbiZnGlEXGT7hj/n2qz0nvVzGyZfMToCyLRi0wErfVEHI7y7jtWoHqIWnpcHAM29UocsIFFsUCb3XqQCwwB.";
|
|
|
|
|
|
|
|
"lenny@hacc.space".hashedPassword = "$6$EZpv9XImv5F3$p2NSoo5gLxh6NnB3/C6wF8knRTuMHqDXYF3BEscaQuk7qok2Z13xKT/6mFvvSKKBnFCuYptgnfGswmoqIzm/1/";
|
|
|
|
"lenny@hacc.space".aliases = [ "rinderhacc@hacc.space" ];
|
2021-01-12 18:40:25 +00:00
|
|
|
|
2021-08-11 20:31:35 +00:00
|
|
|
"finance@muc.hacc.space".hashedPassword = "$6$R3GRmvXwqnMM6q.R$Y9mrUAmMnCScsM6pKjxo2a2XPM7lHrV8FIgK0PzhYvZbxWczo7.O4dk1onYeV1mRx/nXZfkZNjqNCruCn0S2m.";
|
|
|
|
|
2021-01-12 18:40:25 +00:00
|
|
|
# service accounts
|
2021-04-15 20:09:49 +00:00
|
|
|
"noreply@hacc.space".hashedPassword = "$6$YsqMoItITZUzI5wo$5Lejf8XBHRx4LW4VuZ9wJCiBbT4kOV/EZaCdWQ07eVIrkRTZwXWZ5zfsh.olXEFwvpNWN.DBnU.dQc.cC0/ra/";
|
|
|
|
"newsletter@hacc.space".hashedPassword = "$6$f0xKnQxBInd$zbVIi1lTKWauqW.c8sMNLHNwzn81oQrVOiIfJwPa98n9xWz/NkjuWLYuFpK.MSZwNwP7Yv/a/qaOb9v8qv/.N1";
|
2021-01-12 18:40:25 +00:00
|
|
|
"gitlab@infra4future.de".hashedPassword = "$6$8vvkYuxv$9xV5WktsqfgM3cWSxonjtaohm7oqvDC5qsgJCJBATwesjTRxd/QTLa7t7teK8Nzyl.Py26xz.NvYowCZQ4aBE1";
|
2021-01-13 21:32:22 +00:00
|
|
|
"noreply@infra4future.de".hashedPassword = "$6$uaD8bRcT1$gFqhFyu5RUsyUUOG5b.kN.JAJ1rVHvaYhpeRHoMvrERAMgBu1FHu2oDnjTsy.5NKoLc5xpI5uv4Gpy4YbmDmV.";
|
2021-01-13 23:40:14 +00:00
|
|
|
"discuss@infra4future.de".hashedPassword = "$6$8x8/OlMFjq1$S54jdBh7WjrdC6UtbYAHHzMJak7Ai/CjwmWBBbqh7yRHuZt.mfZrsfBNiL3JKBHE7seQ7JYRU99lJKCU6Aujg/";
|
2020-11-27 20:56:20 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
extraVirtualAliases = {
|
|
|
|
# address = forward address;
|
2021-04-26 17:07:24 +00:00
|
|
|
|
|
|
|
# -- International --
|
|
|
|
# info/contact: main entrypoint, anyone can read or reply to this.
|
2020-11-27 20:56:20 +00:00
|
|
|
"info@hacc.space" = [
|
2021-03-26 20:53:17 +00:00
|
|
|
"hexchen@hacc.space"
|
2020-11-27 20:56:20 +00:00
|
|
|
"octycs@hacc.space"
|
|
|
|
"raphael@hacc.space"
|
|
|
|
"schweby@hacc.space"
|
|
|
|
"zauberberg@hacc.space"
|
|
|
|
"stuebinm@hacc.space"
|
2020-12-24 16:02:35 +00:00
|
|
|
"lenny@hacc.space"
|
2020-11-27 20:56:20 +00:00
|
|
|
];
|
2021-04-26 17:07:24 +00:00
|
|
|
# admin: current people with access to the mail server and knowledge on how to use it
|
2020-11-27 20:56:20 +00:00
|
|
|
"admin@hacc.space" = [
|
2021-03-26 20:53:17 +00:00
|
|
|
"hexchen@hacc.space"
|
2020-11-27 20:56:20 +00:00
|
|
|
"schweby@hacc.space"
|
2021-01-07 00:22:36 +00:00
|
|
|
"zauberberg@hacc.space"
|
2020-11-27 20:56:20 +00:00
|
|
|
];
|
2021-04-26 17:07:24 +00:00
|
|
|
# voc: hacc video operation center, various streaming-related things
|
2020-11-30 21:37:18 +00:00
|
|
|
"voc@hacc.space" = [
|
2021-03-26 20:53:17 +00:00
|
|
|
"hexchen@hacc.space"
|
2020-11-30 21:37:18 +00:00
|
|
|
"schweby@hacc.space"
|
|
|
|
"octycs@hacc.space"
|
|
|
|
"stuebinm@hacc.space"
|
|
|
|
"zauberberg@hacc.space"
|
2020-12-24 16:02:35 +00:00
|
|
|
"lenny@hacc.space"
|
2021-12-01 21:22:53 +00:00
|
|
|
"raphael@hacc.space"
|
2020-12-24 16:02:35 +00:00
|
|
|
];
|
2021-04-26 17:07:24 +00:00
|
|
|
|
|
|
|
# -- Regional: Germany --
|
|
|
|
# board of hacc e.V.
|
2020-12-24 16:02:35 +00:00
|
|
|
"vorstand@hacc.space" = [
|
|
|
|
"raphael@hacc.space"
|
|
|
|
"schweby@hacc.space"
|
|
|
|
"zauberberg@hacc.space"
|
|
|
|
];
|
2021-04-26 17:07:24 +00:00
|
|
|
# members of hacc e.V.
|
2020-12-24 16:02:35 +00:00
|
|
|
"mitglieder@hacc.space" = [
|
2021-04-15 20:09:49 +00:00
|
|
|
"hexchen@hacc.space"
|
2020-12-24 16:02:35 +00:00
|
|
|
"raphael@hacc.space"
|
|
|
|
"schweby@hacc.space"
|
|
|
|
"zauberberg@hacc.space"
|
|
|
|
"lenny@hacc.space"
|
|
|
|
"octycs@hacc.space"
|
2021-12-01 21:25:27 +00:00
|
|
|
"stuebinm@hacc.space"
|
2020-11-30 21:37:18 +00:00
|
|
|
];
|
2021-04-26 17:07:24 +00:00
|
|
|
|
|
|
|
# -- Regional: Munich --
|
|
|
|
"muc@hacc.space" = [
|
|
|
|
"hexchen@hacc.space"
|
|
|
|
"octycs@hacc.space"
|
|
|
|
"raphael@hacc.space"
|
|
|
|
"schweby@hacc.space"
|
|
|
|
"zauberberg@hacc.space"
|
|
|
|
"stuebinm@hacc.space"
|
|
|
|
"lenny@hacc.space"
|
|
|
|
];
|
2021-05-08 18:06:00 +00:00
|
|
|
|
|
|
|
# -- c3 world operation centre --
|
|
|
|
"world@muc.hacc.space" = [
|
|
|
|
"hexchen@hacc.space"
|
|
|
|
"stuebinm@hacc.space"
|
|
|
|
];
|
2020-11-27 20:56:20 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
|
|
|
|
# down nginx and opens port 80.
|
|
|
|
certificateScheme = 3;
|
|
|
|
|
|
|
|
# Enable IMAP and POP3
|
|
|
|
enableImap = true;
|
|
|
|
enablePop3 = true;
|
|
|
|
enableImapSsl = true;
|
|
|
|
enablePop3Ssl = true;
|
|
|
|
|
|
|
|
# Enable the ManageSieve protocol
|
|
|
|
enableManageSieve = true;
|
|
|
|
|
|
|
|
# whether to scan inbound emails for viruses (note that this requires at least
|
|
|
|
# 1 Gb RAM for the server. Without virus scanning 256 MB RAM should be plenty)
|
|
|
|
virusScanning = false;
|
|
|
|
};
|
2021-12-01 11:22:20 +00:00
|
|
|
services.postfix.submissionOptions.smtpd_sender_restrictions = lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
|
|
|
|
services.postfix.submissionsOptions.smtpd_sender_restrictions = lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
|
2020-12-10 12:40:44 +00:00
|
|
|
services.postfix.virtual = ''
|
|
|
|
@4future.dev @hacc.space
|
|
|
|
@4futu.re @hacc.space
|
|
|
|
@hacc.earth @hacc.space
|
2021-01-14 00:02:32 +00:00
|
|
|
@discuss.infra4future.de discuss@infra4future.de
|
2021-01-13 23:20:44 +00:00
|
|
|
admin@infra4future.de admin@hacc.space
|
|
|
|
noreply@infra4future.de admin@hacc.space
|
|
|
|
lukas@infra4future.de zauberberg@hacc.space
|
2022-07-08 20:51:20 +00:00
|
|
|
info@infra4future.de info@hacc.space
|
2021-01-13 23:20:44 +00:00
|
|
|
postmaster@infra4future.de admin@hacc.space
|
2021-04-15 20:09:49 +00:00
|
|
|
voc@infra4future.de voc@hacc.space
|
|
|
|
haccvoc@infra4future.de voc@hacc.space
|
2020-12-10 12:40:44 +00:00
|
|
|
contact@hacc.space info@hacc.space
|
2021-04-15 20:09:49 +00:00
|
|
|
himmel@hacc.space admin@hacc.space
|
2021-05-08 18:06:00 +00:00
|
|
|
divoc-patches@muc.hacc.space world@muc.hacc.space
|
2020-11-27 20:56:20 +00:00
|
|
|
'';
|
|
|
|
|
2020-12-05 18:56:49 +00:00
|
|
|
systemd.services.alps = {
|
|
|
|
enable = true;
|
2020-12-09 12:01:39 +00:00
|
|
|
script = "${pkgs.alps}/bin/alps -theme alps imaps://mail.hacc.space:993 smtps://mail.hacc.space:465";
|
|
|
|
serviceConfig.WorkingDirectory = "${pkgs.alps}/share/alps";
|
2021-08-07 21:26:56 +00:00
|
|
|
serviceConfig.Restart = "always";
|
|
|
|
requiredBy = [ "multi-user.target" ];
|
2020-12-09 12:01:39 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
services.nginx.virtualHosts."mail.hacc.space" = {
|
|
|
|
enableACME = true;
|
|
|
|
forceSSL = true;
|
|
|
|
locations."/".proxyPass = "http://[::1]:1323";
|
2020-12-05 18:56:49 +00:00
|
|
|
};
|
2020-11-27 20:56:20 +00:00
|
|
|
}
|