{ config, pkgs, lib, ... }: { imports = let commit = "02a45d9965133434c7b816cab2f47c8a7505e764"; in [ (builtins.fetchTarball { url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${commit}/nixos-mailserver-${commit}.tar.gz"; sha256 = "04v66z0ijjm8bqpiqmq1aqrqj6r6jjz591lgijmk4frz7lksnz8k"; }) ]; mailserver = { mailDirectory = "/data/mail"; enable = true; fqdn = "mail.hacc.space"; domains = [ "hacc.space" "hacc.earth" "4future.dev" "4futu.re" ]; loginAccounts = { "hexchen@hacc.space" = { hashedPassword = "$6$x9skYtRp4dgxC$1y8gPC2BuVqG3kJVSMGgzZv0Bg1T9qxcnBWLIDbANy1d//SQ23Y7s3IMYcEPd1/l/MYWD9Y/Qse6HbT5w5Xwq/"; aliases = [ "postmaster@hacc.space" "abuse@hacc.space" ]; }; "octycs@hacc.space" = { hashedPassword = "$6$KceTivtJ$58jxhYF6ULfivNsb3Z0J7PnGea0Hs2wTWh3c9FrKRIAmuOD96u2IDgZRCn6P5NrXA0BL.n6HC2RS3r.4JnOmg."; aliases = [ "markus@hacc.space" ]; }; "raphael@hacc.space" = { hashedPassword = "$6$QveHpwMcp9mkFVAU$EFuahOrJIxPg.c.WGFHtrP3.onwJYwvP7fiBHHGb9jhosewZ2tEUP.2D3uyDLhd9Cfny6Yp4jDk/Hkjk7/ME1/"; }; "engelsystem@hacc.space" = { hashedPassword = "$6$5cIAEhJ7af7M$eJBPQc3ONd.N3HKPFpxfG7liZbUXPvWuSpWVgeG7rmsG7f7.Zdxtodvt5VaXoA3AEiv3GqcY.gKHISK/Gg0ib/"; }; "schweby@hacc.space" = { hashedPassword = "$6$BpYhwcZNrkLhVqK$6FMqA/vUkdV4GBlHLSqS5DRCb/CaLDNeIsBcZ8G30heytS/tJj2Ag7b1ovSltTA4PUfhee3pJrz1BkwkA93vN1"; }; "zauberberg@hacc.space" = { hashedPassword = "$6$ISAaU8X6D$oGKe9WXDWrRpGzHUTdxrxdtg9zuGOlBMuDc82IZhegpsv1bqd550FhZZrI40IjZTA5Hy2MZ8j/0efpnQ4fOQH0"; aliases = [ "lukas@hacc.space" ]; }; "talx@hacc.space" = { hashedPassword = "$6$0hIKRoMJS./JSE$tXizRgphhNM3ZYx216VdRv1OiyZoYXsjGqSudTDu8vB8eZb03Axi31VKV87RXiEGGixdvTsHEKpx032aOzzt31"; }; "unms@hacc.space" = { hashedPassword = "$6$pYlNP37913$sGE3L722ceP.1Qm5lsffYUN919hPP1xRTrzco3ic3Op21iiknBkOY04eY2l3Um/Bpk/yV89aJD0eaB/5RCbWR1"; }; "noreply@hacc.space" = { hashedPassword = "$6$YsqMoItITZUzI5wo$5Lejf8XBHRx4LW4VuZ9wJCiBbT4kOV/EZaCdWQ07eVIrkRTZwXWZ5zfsh.olXEFwvpNWN.DBnU.dQc.cC0/ra/"; }; "stuebinm@hacc.space" = { hashedPassword = "$6$mjrMQG5smqLRlm$WzmbiZnGlEXGT7hj/n2qz0nvVzGyZfMToCyLRi0wErfVEHI7y7jtWoHqIWnpcHAM29UocsIFFsUCb3XqQCwwB."; }; "newsletter@hacc.space" = { hashedPassword = "$6$qjJhDI6I5kVA$IigLcPuTi3IVu3rZh50ZpHb/GF2PoQ/kL69MVCKMN7B/kxMZkAIprQouux97ZqwGJ2zm2vgrsKX4HWRcrrAMA."; }; }; extraVirtualAliases = { # address = forward address; "info@hacc.space" = [ "hexchen@hacc.space" "octycs@hacc.space" "raphael@hacc.space" "schweby@hacc.space" "zauberberg@hacc.space" "stuebinm@hacc.space" ]; "himmel@hacc.space" = [ "hexchen@hacc.space" "schweby@hacc.space" "zauberberg@hacc.space" ]; "admin@hacc.space" = [ "hexchen@hacc.space" "schweby@hacc.space" ]; "voc@hacc.space" = [ "hexchen@hacc.space" "schweby@hacc.space" "octycs@hacc.space" "stuebinm@hacc.space" "zauberberg@hacc.space" ]; }; # Use Let's Encrypt certificates. Note that this needs to set up a stripped # down nginx and opens port 80. certificateScheme = 3; # Enable IMAP and POP3 enableImap = true; enablePop3 = true; enableImapSsl = true; enablePop3Ssl = true; # Enable the ManageSieve protocol enableManageSieve = true; # whether to scan inbound emails for viruses (note that this requires at least # 1 Gb RAM for the server. Without virus scanning 256 MB RAM should be plenty) virusScanning = false; }; services.postfix.submissionOptions.smtpd_sender_restrictions = "reject_non_fqdn_sender,reject_unknown_sender_domain,permit"; services.postfix.virtual = ''@4future.dev @hacc.space @4futu.re @hacc.space @hacc.earth @hacc.space contact@hacc.space info@hacc.space''; #mailman services.postfix = { relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"]; config = { transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"]; local_recipient_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"]; inet_protocols = "ipv4, ipv6"; }; }; services.mailman = { enable = true; siteOwner = "admin@hacc.space"; webUser = config.services.uwsgi.user; hyperkitty.enable = true; # Have mailman talk directly to hyperkitty, bypassing nginx: hyperkitty.baseUrl = "http://localhost:33141/hyperkitty/"; webHosts = [ "lists.hacc.space" ]; }; systemd.services.uwsgi.restartTriggers = [ config.environment.etc."mailman3/settings.py".source ]; systemd.services.mailman-settings.script = '' chmod o+x /var/lib/mailman-web ''; services.uwsgi = { enable = true; plugins = ["python3"]; instance = { type = "normal"; # uwsgi protocol socket for nginx socket = "127.0.0.1:33140"; pythonPackages = self: with self; [ mailman-web ]; # http socket for mailman core to reach the hyperkitty API directly http-socket = "127.0.0.1:33141"; wsgi-file = "${pkgs.python3.pkgs.mailman-web}/lib/python3.8/site-packages/mailman_web/wsgi.py"; chdir = "/var/lib/mailman-web"; master = true; processes = 4; vacuum = true; }; }; services.nginx.virtualHosts."lists.hacc.space" = { enableACME = true; forceSSL = true; locations."/static/".alias = "/var/lib/mailman-web-static/"; locations."/".extraConfig = '' uwsgi_pass 127.0.0.1:33140; include ${config.services.nginx.package}/conf/uwsgi_params; ''; }; }