{ config, pkgs, lib, sources, ... }: { imports = [ sources.nixos-mailserver.outPath ]; # reduce log spam systemd.services.rspamd.serviceConfig.LogLevelMax = 3; # this is set to error because rspamd regularly complains about not enough learns systemd.services.postfix.serviceConfig.LogLevelMax = 5; # = notice systemd.services.dovecot2.serviceConfig.LogLevelMax = 5; # = notice # stop postfix from dying if rspamd hiccups systemd.services.postfix.unitConfig = { Requires = lib.mkForce "dovecot2.service opendkim.service"; }; mailserver = { mailDirectory = "/persist/mail"; enable = true; fqdn = "mail.hacc.space"; domains = [ "hacc.space" "muc.hacc.space" "hacc.earth" "4future.dev" "4futu.re" "infra4future.de" "discuss.infra4future.de" ]; loginAccounts = { "hexchen@hacc.space".hashedPassword = "$6$x9skYtRp4dgxC$1y8gPC2BuVqG3kJVSMGgzZv0Bg1T9qxcnBWLIDbANy1d//SQ23Y7s3IMYcEPd1/l/MYWD9Y/Qse6HbT5w5Xwq/"; "hexchen@hacc.space".aliases = [ "postmaster@hacc.space" "abuse@hacc.space" "hexchen@infra4future.de" ]; "octycs@hacc.space".hashedPassword = "$6$KceTivtJ$58jxhYF6ULfivNsb3Z0J7PnGea0Hs2wTWh3c9FrKRIAmuOD96u2IDgZRCn6P5NrXA0BL.n6HC2RS3r.4JnOmg."; "octycs@hacc.space".aliases = [ "markus@hacc.space" ]; "raphael@hacc.space".hashedPassword = "$6$QveHpwMcp9mkFVAU$EFuahOrJIxPg.c.WGFHtrP3.onwJYwvP7fiBHHGb9jhosewZ2tEUP.2D3uyDLhd9Cfny6Yp4jDk/Hkjk7/ME1/"; "schweby@hacc.space".hashedPassword = "$6$BpYhwcZNrkLhVqK$6FMqA/vUkdV4GBlHLSqS5DRCb/CaLDNeIsBcZ8G30heytS/tJj2Ag7b1ovSltTA4PUfhee3pJrz1BkwkA93vN1"; "zauberberg@hacc.space".hashedPassword = "$6$ISAaU8X6D$oGKe9WXDWrRpGzHUTdxrxdtg9zuGOlBMuDc82IZhegpsv1bqd550FhZZrI40IjZTA5Hy2MZ8j/0efpnQ4fOQH0"; "zauberberg@hacc.space".aliases = [ "lukas@hacc.space" ]; "stuebinm@hacc.space".hashedPassword = "$6$mjrMQG5smqLRlm$WzmbiZnGlEXGT7hj/n2qz0nvVzGyZfMToCyLRi0wErfVEHI7y7jtWoHqIWnpcHAM29UocsIFFsUCb3XqQCwwB."; "lenny@hacc.space".hashedPassword = "$6$EZpv9XImv5F3$p2NSoo5gLxh6NnB3/C6wF8knRTuMHqDXYF3BEscaQuk7qok2Z13xKT/6mFvvSKKBnFCuYptgnfGswmoqIzm/1/"; "lenny@hacc.space".aliases = [ "rinderhacc@hacc.space" ]; "finance@muc.hacc.space".hashedPassword = "$6$R3GRmvXwqnMM6q.R$Y9mrUAmMnCScsM6pKjxo2a2XPM7lHrV8FIgK0PzhYvZbxWczo7.O4dk1onYeV1mRx/nXZfkZNjqNCruCn0S2m."; # service accounts "noreply@hacc.space".hashedPassword = "$6$YsqMoItITZUzI5wo$5Lejf8XBHRx4LW4VuZ9wJCiBbT4kOV/EZaCdWQ07eVIrkRTZwXWZ5zfsh.olXEFwvpNWN.DBnU.dQc.cC0/ra/"; "newsletter@hacc.space".hashedPassword = "$6$f0xKnQxBInd$zbVIi1lTKWauqW.c8sMNLHNwzn81oQrVOiIfJwPa98n9xWz/NkjuWLYuFpK.MSZwNwP7Yv/a/qaOb9v8qv/.N1"; "gitlab@infra4future.de".hashedPassword = "$6$8vvkYuxv$9xV5WktsqfgM3cWSxonjtaohm7oqvDC5qsgJCJBATwesjTRxd/QTLa7t7teK8Nzyl.Py26xz.NvYowCZQ4aBE1"; "noreply@infra4future.de".hashedPassword = "$6$uaD8bRcT1$gFqhFyu5RUsyUUOG5b.kN.JAJ1rVHvaYhpeRHoMvrERAMgBu1FHu2oDnjTsy.5NKoLc5xpI5uv4Gpy4YbmDmV."; "discuss@infra4future.de".hashedPassword = "$6$8x8/OlMFjq1$S54jdBh7WjrdC6UtbYAHHzMJak7Ai/CjwmWBBbqh7yRHuZt.mfZrsfBNiL3JKBHE7seQ7JYRU99lJKCU6Aujg/"; }; extraVirtualAliases = { # address = forward address; # -- International -- # info/contact: main entrypoint, anyone can read or reply to this. "info@hacc.space" = [ "hexchen@hacc.space" "octycs@hacc.space" "raphael@hacc.space" "schweby@hacc.space" "zauberberg@hacc.space" "stuebinm@hacc.space" "lenny@hacc.space" ]; # admin: current people with access to the mail server and knowledge on how to use it "admin@hacc.space" = [ "hexchen@hacc.space" "schweby@hacc.space" "zauberberg@hacc.space" ]; # voc: hacc video operation center, various streaming-related things "voc@hacc.space" = [ "hexchen@hacc.space" "schweby@hacc.space" "octycs@hacc.space" "stuebinm@hacc.space" "zauberberg@hacc.space" "lenny@hacc.space" "raphael@hacc.space" ]; # -- Regional: Germany -- # board of hacc e.V. "vorstand@hacc.space" = [ "raphael@hacc.space" "schweby@hacc.space" "zauberberg@hacc.space" ]; # members of hacc e.V. "mitglieder@hacc.space" = [ "hexchen@hacc.space" "raphael@hacc.space" "schweby@hacc.space" "zauberberg@hacc.space" "lenny@hacc.space" "octycs@hacc.space" "stuebinm@hacc.space" ]; # -- Regional: Munich -- "muc@hacc.space" = [ "hexchen@hacc.space" "octycs@hacc.space" "raphael@hacc.space" "schweby@hacc.space" "zauberberg@hacc.space" "stuebinm@hacc.space" "lenny@hacc.space" ]; # -- c3 world operation centre -- "world@muc.hacc.space" = [ "hexchen@hacc.space" "stuebinm@hacc.space" ]; }; # Use Let's Encrypt certificates. Note that this needs to set up a stripped # down nginx and opens port 80. certificateScheme = 3; # Enable IMAP and POP3 enableImap = true; enablePop3 = true; enableImapSsl = true; enablePop3Ssl = true; # Enable the ManageSieve protocol enableManageSieve = true; # whether to scan inbound emails for viruses (note that this requires at least # 1 Gb RAM for the server. Without virus scanning 256 MB RAM should be plenty) virusScanning = false; }; services.postfix.submissionOptions.smtpd_sender_restrictions = lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit"; services.postfix.submissionsOptions.smtpd_sender_restrictions = lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit"; services.postfix.virtual = '' @4future.dev @hacc.space @4futu.re @hacc.space @hacc.earth @hacc.space @discuss.infra4future.de discuss@infra4future.de admin@infra4future.de admin@hacc.space noreply@infra4future.de admin@hacc.space lukas@infra4future.de zauberberg@hacc.space info@infra4future.de info@hacc.space postmaster@infra4future.de admin@hacc.space voc@infra4future.de voc@hacc.space haccvoc@infra4future.de voc@hacc.space contact@hacc.space info@hacc.space himmel@hacc.space admin@hacc.space divoc-patches@muc.hacc.space world@muc.hacc.space ''; systemd.services.alps = { enable = true; script = "${pkgs.alps}/bin/alps -theme alps imaps://mail.hacc.space:993 smtps://mail.hacc.space:465"; serviceConfig.WorkingDirectory = "${pkgs.alps}/share/alps"; serviceConfig.Restart = "always"; requiredBy = [ "multi-user.target" ]; }; services.nginx.virtualHosts."mail.hacc.space" = { enableACME = true; forceSSL = true; locations."/".proxyPass = "http://[::1]:1323"; }; }