haccfiles/parsons/mail.nix

217 lines
6.7 KiB
Nix
Raw Normal View History

2024-01-28 21:56:33 +00:00
{ config, options, pkgs, lib, sources, ... }:
2020-11-27 20:56:20 +00:00
2021-08-07 21:26:56 +00:00
{
2022-07-09 18:49:07 +00:00
imports = [ sources.nixos-mailserver.outPath ];
2020-11-27 20:56:20 +00:00
# reduce log spam
2022-07-09 18:49:07 +00:00
systemd.services.rspamd.serviceConfig.LogLevelMax =
3; # this is set to error because rspamd regularly complains about not enough learns
systemd.services.dovecot2.serviceConfig.LogLevelMax = 5; # = notice
# stop postfix from dying if rspamd hiccups
systemd.services.postfix.unitConfig = {
2022-07-09 18:49:07 +00:00
Requires = lib.mkForce "dovecot2.service opendkim.service";
};
2020-11-27 20:56:20 +00:00
mailserver = {
2021-08-07 21:26:56 +00:00
mailDirectory = "/persist/mail";
2020-11-27 20:56:20 +00:00
enable = true;
fqdn = "mail.hacc.space";
2022-07-09 18:49:07 +00:00
monitoring = {
enable = true;
alertAddress = "admin@hacc.space";
2024-01-28 21:56:33 +00:00
config = (lib.replaceStrings ["port 22"] ["port ${toString (lib.head config.services.openssh.ports)}"] options.mailserver.monitoring.config.default) + ''
check host onlyoffice with address onlyoffice.infra4future.de
if failed
port 443
protocol https
status = 302
then alert
'';
2022-07-09 18:49:07 +00:00
};
domains = [
"hacc.space"
"muc.hacc.space"
"hacc.earth"
"4future.dev"
"4futu.re"
"infra4future.de"
];
2020-11-27 20:56:20 +00:00
loginAccounts = {
2022-07-09 18:49:07 +00:00
"hexchen@hacc.space".hashedPassword =
"$6$x9skYtRp4dgxC$1y8gPC2BuVqG3kJVSMGgzZv0Bg1T9qxcnBWLIDbANy1d//SQ23Y7s3IMYcEPd1/l/MYWD9Y/Qse6HbT5w5Xwq/";
2022-07-09 18:49:07 +00:00
"octycs@hacc.space".hashedPassword =
"$6$KceTivtJ$58jxhYF6ULfivNsb3Z0J7PnGea0Hs2wTWh3c9FrKRIAmuOD96u2IDgZRCn6P5NrXA0BL.n6HC2RS3r.4JnOmg.";
"octycs@hacc.space".aliases = [ "markus@hacc.space" ];
2022-07-09 18:49:07 +00:00
"raphael@hacc.space".hashedPassword =
"$6$QveHpwMcp9mkFVAU$EFuahOrJIxPg.c.WGFHtrP3.onwJYwvP7fiBHHGb9jhosewZ2tEUP.2D3uyDLhd9Cfny6Yp4jDk/Hkjk7/ME1/";
2022-09-12 17:05:32 +00:00
"moira@hacc.space".hashedPassword =
2022-07-09 18:49:07 +00:00
"$6$BpYhwcZNrkLhVqK$6FMqA/vUkdV4GBlHLSqS5DRCb/CaLDNeIsBcZ8G30heytS/tJj2Ag7b1ovSltTA4PUfhee3pJrz1BkwkA93vN1";
2022-07-09 18:49:07 +00:00
"zauberberg@hacc.space".hashedPassword =
"$6$ISAaU8X6D$oGKe9WXDWrRpGzHUTdxrxdtg9zuGOlBMuDc82IZhegpsv1bqd550FhZZrI40IjZTA5Hy2MZ8j/0efpnQ4fOQH0";
"zauberberg@hacc.space".aliases = [ "lukas@hacc.space" ];
2022-07-09 18:49:07 +00:00
"stuebinm@hacc.space".hashedPassword =
"$6$mjrMQG5smqLRlm$WzmbiZnGlEXGT7hj/n2qz0nvVzGyZfMToCyLRi0wErfVEHI7y7jtWoHqIWnpcHAM29UocsIFFsUCb3XqQCwwB.";
2022-07-09 18:49:07 +00:00
"lenny@hacc.space".hashedPassword =
"$6$EZpv9XImv5F3$p2NSoo5gLxh6NnB3/C6wF8knRTuMHqDXYF3BEscaQuk7qok2Z13xKT/6mFvvSKKBnFCuYptgnfGswmoqIzm/1/";
"lenny@hacc.space".aliases = [ "rinderhacc@hacc.space" ];
"peter@hacc.space".hashedPassword =
"$6$yvpfTC.7DDpqpsYy$7TrfmLvz/fRl.k5mSHhI67CNquJa3yEFbLuTJvpyJ8Dj7SaD2eoOHWqef.CNo.T08kYzaqMcM73whAxjXVEmc.";
"peter@hacc.space".aliases = [ "linmob@hacc.space" ];
2022-07-09 18:49:07 +00:00
"finance@muc.hacc.space".hashedPassword =
"$6$R3GRmvXwqnMM6q.R$Y9mrUAmMnCScsM6pKjxo2a2XPM7lHrV8FIgK0PzhYvZbxWczo7.O4dk1onYeV1mRx/nXZfkZNjqNCruCn0S2m.";
2022-07-09 18:49:07 +00:00
"noreply@hacc.space" = {
hashedPassword =
"$6$YsqMoItITZUzI5wo$5Lejf8XBHRx4LW4VuZ9wJCiBbT4kOV/EZaCdWQ07eVIrkRTZwXWZ5zfsh.olXEFwvpNWN.DBnU.dQc.cC0/ra/";
2022-07-17 17:36:42 +00:00
};
"noreply@infra4future.de" = {
hashedPassword =
"$6$uaD8bRcT1$gFqhFyu5RUsyUUOG5b.kN.JAJ1rVHvaYhpeRHoMvrERAMgBu1FHu2oDnjTsy.5NKoLc5xpI5uv4Gpy4YbmDmV.";
2022-07-09 18:49:07 +00:00
};
"mattermost@hacc.space" = {
hashedPassword =
"$6$uaD8bRcT1$gFqhFyu5RUsyUUOG5b.kN.JAJ1rVHvaYhpeRHoMvrERAMgBu1FHu2oDnjTsy.5NKoLc5xpI5uv4Gpy4YbmDmV.";
};
2020-11-27 20:56:20 +00:00
};
extraVirtualAliases = {
2022-07-09 18:49:07 +00:00
# address = forward address;
# -- International --
# info/contact: main entrypoint, anyone can read or reply to this.
"info@hacc.space" = [
"hexchen@hacc.space"
"octycs@hacc.space"
"raphael@hacc.space"
2022-09-12 17:05:32 +00:00
"moira@hacc.space"
2022-07-09 18:49:07 +00:00
"zauberberg@hacc.space"
"stuebinm@hacc.space"
"lenny@hacc.space"
"peter@hacc.space"
2022-07-09 18:49:07 +00:00
];
# admin: current people with access to the mail server and knowledge on how to use it™
"admin@hacc.space" = [
"hexchen@hacc.space"
"moira@hacc.space"
"zauberberg@hacc.space"
"stuebinm@hacc.space"
];
2022-07-09 18:49:07 +00:00
# voc: hacc video operation center, various streaming-related things
"voc@hacc.space" = [
"hexchen@hacc.space"
2022-09-12 17:05:32 +00:00
"moira@hacc.space"
2022-07-09 18:49:07 +00:00
"octycs@hacc.space"
"stuebinm@hacc.space"
"zauberberg@hacc.space"
"lenny@hacc.space"
"raphael@hacc.space"
];
# -- Regional: Germany --
# board of hacc e.V.
"vorstand@hacc.space" =
[ "raphael@hacc.space" "moira@hacc.space" "peter@hacc.space" ];
2022-07-09 18:49:07 +00:00
# members of hacc e.V.
"mitglieder@hacc.space" = [
"hexchen@hacc.space"
"raphael@hacc.space"
2022-09-12 17:05:32 +00:00
"moira@hacc.space"
2022-07-09 18:49:07 +00:00
"zauberberg@hacc.space"
"lenny@hacc.space"
"octycs@hacc.space"
"stuebinm@hacc.space"
"peter@hacc.space"
2022-07-09 18:49:07 +00:00
];
# -- Regional: Munich --
"muc@hacc.space" = [
"hexchen@hacc.space"
"octycs@hacc.space"
"raphael@hacc.space"
2022-09-12 17:05:32 +00:00
"moira@hacc.space"
2022-07-09 18:49:07 +00:00
"zauberberg@hacc.space"
"stuebinm@hacc.space"
"lenny@hacc.space"
"peter@hacc.space"
2022-07-09 18:49:07 +00:00
];
2020-11-27 20:56:20 +00:00
};
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
# down nginx and opens port 80.
2023-06-17 20:34:54 +00:00
certificateScheme = "acme-nginx";
2020-11-27 20:56:20 +00:00
2022-07-09 18:49:07 +00:00
# Only allow implict TLS
enableImap = false;
enablePop3 = false;
2020-11-27 20:56:20 +00:00
# Enable the ManageSieve protocol
enableManageSieve = true;
};
2022-07-09 18:49:07 +00:00
services.postfix.submissionOptions.smtpd_sender_restrictions =
lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
services.postfix.submissionsOptions.smtpd_sender_restrictions =
lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
2020-12-10 12:40:44 +00:00
services.postfix.virtual = ''
postmaster@hacc.space admin@hacc.space
abuse@hacc.space admin@hacc.space
contact@hacc.space info@hacc.space
hello@hacc.space info@hacc.space
haccvoc@hacc.space voc@hacc.space
2020-12-10 12:40:44 +00:00
@4future.dev @hacc.space
@4futu.re @hacc.space
@hacc.earth @hacc.space
2022-07-09 18:49:07 +00:00
@infra4future.de @hacc.space
2020-11-27 20:56:20 +00:00
'';
services.alps = {
2020-12-05 18:56:49 +00:00
enable = true;
theme = "alps";
smtps = {
port = 465;
host = "mail.hacc.space";
};
imaps = {
port = 993;
host = "mail.hacc.space";
};
bindIP = "[::1]";
2020-12-09 12:01:39 +00:00
};
systemd.services.alps.after = [ "dovecot2.service" "postfix.service" ];
systemd.services.alps.bindsTo = [ "dovecot2.service" "postfix.service" ];
2020-12-09 12:01:39 +00:00
services.nginx.virtualHosts."mail.hacc.space" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://[::1]:1323";
2020-12-05 18:56:49 +00:00
};
hacc.bindToPersist = [
"/var/lib/rspamd"
"/var/lib/opendkim"
"/var/lib/postfix"
"/var/lib/dovecot"
"/var/sieve"
"/var/lib/redis-rspamd"
"/var/dkim"
];
2020-11-27 20:56:20 +00:00
}