180 lines
5.9 KiB
Nix
180 lines
5.9 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
|
|
{
|
|
imports = let commit = "02a45d9965133434c7b816cab2f47c8a7505e764"; in [
|
|
(builtins.fetchTarball {
|
|
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${commit}/nixos-mailserver-${commit}.tar.gz";
|
|
sha256 = "04v66z0ijjm8bqpiqmq1aqrqj6r6jjz591lgijmk4frz7lksnz8k";
|
|
})
|
|
];
|
|
|
|
mailserver = {
|
|
mailDirectory = "/data/mail";
|
|
enable = true;
|
|
fqdn = "mail.hacc.space";
|
|
domains = [ "hacc.space" "hacc.earth" "4future.dev" "4futu.re" ];
|
|
|
|
loginAccounts = {
|
|
"hexchen@hacc.space" = {
|
|
hashedPassword = "$6$x9skYtRp4dgxC$1y8gPC2BuVqG3kJVSMGgzZv0Bg1T9qxcnBWLIDbANy1d//SQ23Y7s3IMYcEPd1/l/MYWD9Y/Qse6HbT5w5Xwq/";
|
|
|
|
aliases = [
|
|
"postmaster@hacc.space"
|
|
"abuse@hacc.space"
|
|
];
|
|
};
|
|
|
|
"octycs@hacc.space" = {
|
|
hashedPassword = "$6$KceTivtJ$58jxhYF6ULfivNsb3Z0J7PnGea0Hs2wTWh3c9FrKRIAmuOD96u2IDgZRCn6P5NrXA0BL.n6HC2RS3r.4JnOmg.";
|
|
|
|
aliases = [
|
|
"markus@hacc.space"
|
|
];
|
|
};
|
|
|
|
"raphael@hacc.space" = {
|
|
hashedPassword = "$6$QveHpwMcp9mkFVAU$EFuahOrJIxPg.c.WGFHtrP3.onwJYwvP7fiBHHGb9jhosewZ2tEUP.2D3uyDLhd9Cfny6Yp4jDk/Hkjk7/ME1/";
|
|
};
|
|
|
|
"engelsystem@hacc.space" = {
|
|
hashedPassword = "$6$5cIAEhJ7af7M$eJBPQc3ONd.N3HKPFpxfG7liZbUXPvWuSpWVgeG7rmsG7f7.Zdxtodvt5VaXoA3AEiv3GqcY.gKHISK/Gg0ib/";
|
|
};
|
|
|
|
"schweby@hacc.space" = {
|
|
hashedPassword = "$6$BpYhwcZNrkLhVqK$6FMqA/vUkdV4GBlHLSqS5DRCb/CaLDNeIsBcZ8G30heytS/tJj2Ag7b1ovSltTA4PUfhee3pJrz1BkwkA93vN1";
|
|
};
|
|
|
|
"zauberberg@hacc.space" = {
|
|
hashedPassword = "$6$ISAaU8X6D$oGKe9WXDWrRpGzHUTdxrxdtg9zuGOlBMuDc82IZhegpsv1bqd550FhZZrI40IjZTA5Hy2MZ8j/0efpnQ4fOQH0";
|
|
aliases = [
|
|
"lukas@hacc.space"
|
|
];
|
|
};
|
|
|
|
"talx@hacc.space" = {
|
|
hashedPassword = "$6$0hIKRoMJS./JSE$tXizRgphhNM3ZYx216VdRv1OiyZoYXsjGqSudTDu8vB8eZb03Axi31VKV87RXiEGGixdvTsHEKpx032aOzzt31";
|
|
};
|
|
|
|
"unms@hacc.space" = {
|
|
hashedPassword = "$6$pYlNP37913$sGE3L722ceP.1Qm5lsffYUN919hPP1xRTrzco3ic3Op21iiknBkOY04eY2l3Um/Bpk/yV89aJD0eaB/5RCbWR1";
|
|
};
|
|
|
|
"noreply@hacc.space" = {
|
|
hashedPassword = "$6$YsqMoItITZUzI5wo$5Lejf8XBHRx4LW4VuZ9wJCiBbT4kOV/EZaCdWQ07eVIrkRTZwXWZ5zfsh.olXEFwvpNWN.DBnU.dQc.cC0/ra/";
|
|
};
|
|
"stuebinm@hacc.space" = {
|
|
hashedPassword = "$6$mjrMQG5smqLRlm$WzmbiZnGlEXGT7hj/n2qz0nvVzGyZfMToCyLRi0wErfVEHI7y7jtWoHqIWnpcHAM29UocsIFFsUCb3XqQCwwB.";
|
|
};
|
|
"newsletter@hacc.space" = {
|
|
hashedPassword = "$6$qjJhDI6I5kVA$IigLcPuTi3IVu3rZh50ZpHb/GF2PoQ/kL69MVCKMN7B/kxMZkAIprQouux97ZqwGJ2zm2vgrsKX4HWRcrrAMA.";
|
|
};
|
|
};
|
|
|
|
extraVirtualAliases = {
|
|
# address = forward address;
|
|
"info@hacc.space" = [
|
|
"hexchen@hacc.space"
|
|
"octycs@hacc.space"
|
|
"raphael@hacc.space"
|
|
"schweby@hacc.space"
|
|
"zauberberg@hacc.space"
|
|
"stuebinm@hacc.space"
|
|
];
|
|
"himmel@hacc.space" = [
|
|
"hexchen@hacc.space"
|
|
"schweby@hacc.space"
|
|
"zauberberg@hacc.space"
|
|
];
|
|
"admin@hacc.space" = [
|
|
"hexchen@hacc.space"
|
|
"schweby@hacc.space"
|
|
];
|
|
"voc@hacc.space" = [
|
|
"hexchen@hacc.space"
|
|
"schweby@hacc.space"
|
|
"octycs@hacc.space"
|
|
"stuebinm@hacc.space"
|
|
"zauberberg@hacc.space"
|
|
];
|
|
};
|
|
|
|
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
|
|
# down nginx and opens port 80.
|
|
certificateScheme = 3;
|
|
|
|
# Enable IMAP and POP3
|
|
enableImap = true;
|
|
enablePop3 = true;
|
|
enableImapSsl = true;
|
|
enablePop3Ssl = true;
|
|
|
|
# Enable the ManageSieve protocol
|
|
enableManageSieve = true;
|
|
|
|
# whether to scan inbound emails for viruses (note that this requires at least
|
|
# 1 Gb RAM for the server. Without virus scanning 256 MB RAM should be plenty)
|
|
virusScanning = false;
|
|
};
|
|
services.postfix.submissionOptions.smtpd_sender_restrictions = "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
|
|
services.postfix.virtual = ''@4future.dev @hacc.space
|
|
@4futu.re @hacc.space
|
|
@hacc.earth @hacc.space
|
|
contact@hacc.space info@hacc.space'';
|
|
|
|
#mailman
|
|
services.postfix = {
|
|
relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"];
|
|
config = {
|
|
transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
|
|
local_recipient_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
|
|
inet_protocols = "ipv4, ipv6";
|
|
};
|
|
};
|
|
|
|
services.mailman = {
|
|
enable = true;
|
|
siteOwner = "admin@hacc.space";
|
|
webUser = config.services.uwsgi.user;
|
|
hyperkitty.enable = true;
|
|
# Have mailman talk directly to hyperkitty, bypassing nginx:
|
|
hyperkitty.baseUrl = "http://localhost:33141/hyperkitty/";
|
|
webHosts = [ "lists.hacc.space" ];
|
|
};
|
|
|
|
systemd.services.uwsgi.restartTriggers = [
|
|
config.environment.etc."mailman3/settings.py".source
|
|
];
|
|
|
|
systemd.services.mailman-settings.script = ''
|
|
chmod o+x /var/lib/mailman-web
|
|
'';
|
|
|
|
services.uwsgi = {
|
|
enable = true;
|
|
plugins = ["python3"];
|
|
instance = {
|
|
type = "normal";
|
|
# uwsgi protocol socket for nginx
|
|
socket = "127.0.0.1:33140";
|
|
pythonPackages = self: with self; [ mailman-web ];
|
|
# http socket for mailman core to reach the hyperkitty API directly
|
|
http-socket = "127.0.0.1:33141";
|
|
wsgi-file = "${pkgs.python3.pkgs.mailman-web}/lib/python3.8/site-packages/mailman_web/wsgi.py";
|
|
chdir = "/var/lib/mailman-web";
|
|
master = true;
|
|
processes = 4;
|
|
vacuum = true;
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts."lists.hacc.space" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/static/".alias = "/var/lib/mailman-web-static/";
|
|
locations."/".extraConfig = ''
|
|
uwsgi_pass 127.0.0.1:33140;
|
|
include ${config.services.nginx.package}/conf/uwsgi_params;
|
|
'';
|
|
};
|
|
|
|
}
|