{ config, pkgs, lib, sources, ... }: { imports = [ sources.nixos-mailserver.outPath ]; # reduce log spam systemd.services.rspamd.serviceConfig.LogLevelMax = 3; # this is set to error because rspamd regularly complains about not enough learns systemd.services.postfix.serviceConfig.LogLevelMax = 5; # = notice systemd.services.dovecot2.serviceConfig.LogLevelMax = 5; # = notice # stop postfix from dying if rspamd hiccups systemd.services.postfix.unitConfig = { Requires = lib.mkForce "dovecot2.service opendkim.service"; }; mailserver = { mailDirectory = "/persist/mail"; enable = true; fqdn = "mail.hacc.space"; monitoring = { enable = true; alertAddress = "admin@hacc.space"; }; domains = [ "hacc.space" "muc.hacc.space" "hacc.earth" "4future.dev" "4futu.re" "infra4future.de" ]; loginAccounts = { "hexchen@hacc.space".hashedPassword = "$6$x9skYtRp4dgxC$1y8gPC2BuVqG3kJVSMGgzZv0Bg1T9qxcnBWLIDbANy1d//SQ23Y7s3IMYcEPd1/l/MYWD9Y/Qse6HbT5w5Xwq/"; "octycs@hacc.space".hashedPassword = "$6$KceTivtJ$58jxhYF6ULfivNsb3Z0J7PnGea0Hs2wTWh3c9FrKRIAmuOD96u2IDgZRCn6P5NrXA0BL.n6HC2RS3r.4JnOmg."; "octycs@hacc.space".aliases = [ "markus@hacc.space" ]; "raphael@hacc.space".hashedPassword = "$6$QveHpwMcp9mkFVAU$EFuahOrJIxPg.c.WGFHtrP3.onwJYwvP7fiBHHGb9jhosewZ2tEUP.2D3uyDLhd9Cfny6Yp4jDk/Hkjk7/ME1/"; "schweby@hacc.space".hashedPassword = "$6$BpYhwcZNrkLhVqK$6FMqA/vUkdV4GBlHLSqS5DRCb/CaLDNeIsBcZ8G30heytS/tJj2Ag7b1ovSltTA4PUfhee3pJrz1BkwkA93vN1"; "zauberberg@hacc.space".hashedPassword = "$6$ISAaU8X6D$oGKe9WXDWrRpGzHUTdxrxdtg9zuGOlBMuDc82IZhegpsv1bqd550FhZZrI40IjZTA5Hy2MZ8j/0efpnQ4fOQH0"; "zauberberg@hacc.space".aliases = [ "lukas@hacc.space" ]; "stuebinm@hacc.space".hashedPassword = "$6$mjrMQG5smqLRlm$WzmbiZnGlEXGT7hj/n2qz0nvVzGyZfMToCyLRi0wErfVEHI7y7jtWoHqIWnpcHAM29UocsIFFsUCb3XqQCwwB."; "lenny@hacc.space".hashedPassword = "$6$EZpv9XImv5F3$p2NSoo5gLxh6NnB3/C6wF8knRTuMHqDXYF3BEscaQuk7qok2Z13xKT/6mFvvSKKBnFCuYptgnfGswmoqIzm/1/"; "lenny@hacc.space".aliases = [ "rinderhacc@hacc.space" ]; "finance@muc.hacc.space".hashedPassword = "$6$R3GRmvXwqnMM6q.R$Y9mrUAmMnCScsM6pKjxo2a2XPM7lHrV8FIgK0PzhYvZbxWczo7.O4dk1onYeV1mRx/nXZfkZNjqNCruCn0S2m."; "noreply@hacc.space" = { hashedPassword = "$6$YsqMoItITZUzI5wo$5Lejf8XBHRx4LW4VuZ9wJCiBbT4kOV/EZaCdWQ07eVIrkRTZwXWZ5zfsh.olXEFwvpNWN.DBnU.dQc.cC0/ra/"; aliases = [ "noreply@*" ]; sendOnly = true; }; }; extraVirtualAliases = { # address = forward address; # -- International -- # info/contact: main entrypoint, anyone can read or reply to this. "info@hacc.space" = [ "hexchen@hacc.space" "octycs@hacc.space" "raphael@hacc.space" "schweby@hacc.space" "zauberberg@hacc.space" "stuebinm@hacc.space" "lenny@hacc.space" ]; # admin: current people with access to the mail server and knowledge on how to use itâ„¢ "admin@hacc.space" = [ "hexchen@hacc.space" "schweby@hacc.space" "zauberberg@hacc.space" ]; # voc: hacc video operation center, various streaming-related things "voc@hacc.space" = [ "hexchen@hacc.space" "schweby@hacc.space" "octycs@hacc.space" "stuebinm@hacc.space" "zauberberg@hacc.space" "lenny@hacc.space" "raphael@hacc.space" ]; # -- Regional: Germany -- # board of hacc e.V. "vorstand@hacc.space" = [ "raphael@hacc.space" "schweby@hacc.space" "zauberberg@hacc.space" ]; # members of hacc e.V. "mitglieder@hacc.space" = [ "hexchen@hacc.space" "raphael@hacc.space" "schweby@hacc.space" "zauberberg@hacc.space" "lenny@hacc.space" "octycs@hacc.space" "stuebinm@hacc.space" ]; # -- Regional: Munich -- "muc@hacc.space" = [ "hexchen@hacc.space" "octycs@hacc.space" "raphael@hacc.space" "schweby@hacc.space" "zauberberg@hacc.space" "stuebinm@hacc.space" "lenny@hacc.space" ]; }; # Use Let's Encrypt certificates. Note that this needs to set up a stripped # down nginx and opens port 80. certificateScheme = 3; # Only allow implict TLS enableImap = false; enablePop3 = false; enableSubmission = false; # Enable the ManageSieve protocol enableManageSieve = true; }; services.postfix.submissionOptions.smtpd_sender_restrictions = lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit"; services.postfix.submissionsOptions.smtpd_sender_restrictions = lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit"; services.postfix.virtual = '' postmaster@* admin@hacc.space absue@* admin@hacc.space contact@* info@hacc.space @4future.dev @hacc.space @4futu.re @hacc.space @hacc.earth @hacc.space @infra4future.de @hacc.space haccvoc@* voc@hacc.space ''; systemd.services.alps = { enable = true; script = "${pkgs.alps}/bin/alps -theme alps imaps://mail.hacc.space:993 smtps://mail.hacc.space:465"; serviceConfig.WorkingDirectory = "${pkgs.alps}/share/alps"; serviceConfig.Restart = "always"; requiredBy = [ "multi-user.target" ]; }; services.nginx.virtualHosts."mail.hacc.space" = { enableACME = true; forceSSL = true; locations."/".proxyPass = "http://[::1]:1323"; }; }