forked from hacc/haccfiles
update mail config
This commit is contained in:
parent
8f413da05a
commit
8021685ec8
1 changed files with 108 additions and 106 deletions
|
@ -1,161 +1,163 @@
|
||||||
{ config, pkgs, lib, sources, ... }:
|
{ config, pkgs, lib, sources, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [ sources.nixos-mailserver.outPath ];
|
||||||
sources.nixos-mailserver.outPath
|
|
||||||
];
|
|
||||||
|
|
||||||
# reduce log spam
|
# reduce log spam
|
||||||
systemd.services.rspamd.serviceConfig.LogLevelMax = 3; # this is set to error because rspamd regularly complains about not enough learns
|
systemd.services.rspamd.serviceConfig.LogLevelMax =
|
||||||
|
3; # this is set to error because rspamd regularly complains about not enough learns
|
||||||
systemd.services.postfix.serviceConfig.LogLevelMax = 5; # = notice
|
systemd.services.postfix.serviceConfig.LogLevelMax = 5; # = notice
|
||||||
systemd.services.dovecot2.serviceConfig.LogLevelMax = 5; # = notice
|
systemd.services.dovecot2.serviceConfig.LogLevelMax = 5; # = notice
|
||||||
|
|
||||||
# stop postfix from dying if rspamd hiccups
|
# stop postfix from dying if rspamd hiccups
|
||||||
systemd.services.postfix.unitConfig = {
|
systemd.services.postfix.unitConfig = {
|
||||||
Requires = lib.mkForce "dovecot2.service opendkim.service";
|
Requires = lib.mkForce "dovecot2.service opendkim.service";
|
||||||
};
|
};
|
||||||
|
|
||||||
mailserver = {
|
mailserver = {
|
||||||
mailDirectory = "/persist/mail";
|
mailDirectory = "/persist/mail";
|
||||||
enable = true;
|
enable = true;
|
||||||
fqdn = "mail.hacc.space";
|
fqdn = "mail.hacc.space";
|
||||||
domains = [ "hacc.space" "muc.hacc.space" "hacc.earth" "4future.dev" "4futu.re" "infra4future.de" "discuss.infra4future.de" ];
|
monitoring = {
|
||||||
|
enable = true;
|
||||||
|
alertAddress = "admin@hacc.space";
|
||||||
|
};
|
||||||
|
domains = [
|
||||||
|
"hacc.space"
|
||||||
|
"muc.hacc.space"
|
||||||
|
"hacc.earth"
|
||||||
|
"4future.dev"
|
||||||
|
"4futu.re"
|
||||||
|
"infra4future.de"
|
||||||
|
];
|
||||||
|
|
||||||
loginAccounts = {
|
loginAccounts = {
|
||||||
"hexchen@hacc.space".hashedPassword = "$6$x9skYtRp4dgxC$1y8gPC2BuVqG3kJVSMGgzZv0Bg1T9qxcnBWLIDbANy1d//SQ23Y7s3IMYcEPd1/l/MYWD9Y/Qse6HbT5w5Xwq/";
|
"hexchen@hacc.space".hashedPassword =
|
||||||
"hexchen@hacc.space".aliases = [ "postmaster@hacc.space" "abuse@hacc.space" "hexchen@infra4future.de" ];
|
"$6$x9skYtRp4dgxC$1y8gPC2BuVqG3kJVSMGgzZv0Bg1T9qxcnBWLIDbANy1d//SQ23Y7s3IMYcEPd1/l/MYWD9Y/Qse6HbT5w5Xwq/";
|
||||||
|
|
||||||
"octycs@hacc.space".hashedPassword = "$6$KceTivtJ$58jxhYF6ULfivNsb3Z0J7PnGea0Hs2wTWh3c9FrKRIAmuOD96u2IDgZRCn6P5NrXA0BL.n6HC2RS3r.4JnOmg.";
|
"octycs@hacc.space".hashedPassword =
|
||||||
"octycs@hacc.space".aliases = [ "markus@hacc.space" ];
|
"$6$KceTivtJ$58jxhYF6ULfivNsb3Z0J7PnGea0Hs2wTWh3c9FrKRIAmuOD96u2IDgZRCn6P5NrXA0BL.n6HC2RS3r.4JnOmg.";
|
||||||
|
"octycs@hacc.space".aliases = [ "markus@hacc.space" ];
|
||||||
|
|
||||||
"raphael@hacc.space".hashedPassword = "$6$QveHpwMcp9mkFVAU$EFuahOrJIxPg.c.WGFHtrP3.onwJYwvP7fiBHHGb9jhosewZ2tEUP.2D3uyDLhd9Cfny6Yp4jDk/Hkjk7/ME1/";
|
"raphael@hacc.space".hashedPassword =
|
||||||
|
"$6$QveHpwMcp9mkFVAU$EFuahOrJIxPg.c.WGFHtrP3.onwJYwvP7fiBHHGb9jhosewZ2tEUP.2D3uyDLhd9Cfny6Yp4jDk/Hkjk7/ME1/";
|
||||||
|
|
||||||
"schweby@hacc.space".hashedPassword = "$6$BpYhwcZNrkLhVqK$6FMqA/vUkdV4GBlHLSqS5DRCb/CaLDNeIsBcZ8G30heytS/tJj2Ag7b1ovSltTA4PUfhee3pJrz1BkwkA93vN1";
|
"schweby@hacc.space".hashedPassword =
|
||||||
|
"$6$BpYhwcZNrkLhVqK$6FMqA/vUkdV4GBlHLSqS5DRCb/CaLDNeIsBcZ8G30heytS/tJj2Ag7b1ovSltTA4PUfhee3pJrz1BkwkA93vN1";
|
||||||
|
|
||||||
"zauberberg@hacc.space".hashedPassword = "$6$ISAaU8X6D$oGKe9WXDWrRpGzHUTdxrxdtg9zuGOlBMuDc82IZhegpsv1bqd550FhZZrI40IjZTA5Hy2MZ8j/0efpnQ4fOQH0";
|
"zauberberg@hacc.space".hashedPassword =
|
||||||
"zauberberg@hacc.space".aliases = [ "lukas@hacc.space" ];
|
"$6$ISAaU8X6D$oGKe9WXDWrRpGzHUTdxrxdtg9zuGOlBMuDc82IZhegpsv1bqd550FhZZrI40IjZTA5Hy2MZ8j/0efpnQ4fOQH0";
|
||||||
|
"zauberberg@hacc.space".aliases = [ "lukas@hacc.space" ];
|
||||||
|
|
||||||
"stuebinm@hacc.space".hashedPassword = "$6$mjrMQG5smqLRlm$WzmbiZnGlEXGT7hj/n2qz0nvVzGyZfMToCyLRi0wErfVEHI7y7jtWoHqIWnpcHAM29UocsIFFsUCb3XqQCwwB.";
|
"stuebinm@hacc.space".hashedPassword =
|
||||||
|
"$6$mjrMQG5smqLRlm$WzmbiZnGlEXGT7hj/n2qz0nvVzGyZfMToCyLRi0wErfVEHI7y7jtWoHqIWnpcHAM29UocsIFFsUCb3XqQCwwB.";
|
||||||
|
|
||||||
"lenny@hacc.space".hashedPassword = "$6$EZpv9XImv5F3$p2NSoo5gLxh6NnB3/C6wF8knRTuMHqDXYF3BEscaQuk7qok2Z13xKT/6mFvvSKKBnFCuYptgnfGswmoqIzm/1/";
|
"lenny@hacc.space".hashedPassword =
|
||||||
"lenny@hacc.space".aliases = [ "rinderhacc@hacc.space" ];
|
"$6$EZpv9XImv5F3$p2NSoo5gLxh6NnB3/C6wF8knRTuMHqDXYF3BEscaQuk7qok2Z13xKT/6mFvvSKKBnFCuYptgnfGswmoqIzm/1/";
|
||||||
|
"lenny@hacc.space".aliases = [ "rinderhacc@hacc.space" ];
|
||||||
|
|
||||||
"finance@muc.hacc.space".hashedPassword = "$6$R3GRmvXwqnMM6q.R$Y9mrUAmMnCScsM6pKjxo2a2XPM7lHrV8FIgK0PzhYvZbxWczo7.O4dk1onYeV1mRx/nXZfkZNjqNCruCn0S2m.";
|
"finance@muc.hacc.space".hashedPassword =
|
||||||
|
"$6$R3GRmvXwqnMM6q.R$Y9mrUAmMnCScsM6pKjxo2a2XPM7lHrV8FIgK0PzhYvZbxWczo7.O4dk1onYeV1mRx/nXZfkZNjqNCruCn0S2m.";
|
||||||
|
|
||||||
# service accounts
|
"noreply@hacc.space" = {
|
||||||
"noreply@hacc.space".hashedPassword = "$6$YsqMoItITZUzI5wo$5Lejf8XBHRx4LW4VuZ9wJCiBbT4kOV/EZaCdWQ07eVIrkRTZwXWZ5zfsh.olXEFwvpNWN.DBnU.dQc.cC0/ra/";
|
hashedPassword =
|
||||||
"newsletter@hacc.space".hashedPassword = "$6$f0xKnQxBInd$zbVIi1lTKWauqW.c8sMNLHNwzn81oQrVOiIfJwPa98n9xWz/NkjuWLYuFpK.MSZwNwP7Yv/a/qaOb9v8qv/.N1";
|
"$6$YsqMoItITZUzI5wo$5Lejf8XBHRx4LW4VuZ9wJCiBbT4kOV/EZaCdWQ07eVIrkRTZwXWZ5zfsh.olXEFwvpNWN.DBnU.dQc.cC0/ra/";
|
||||||
"gitlab@infra4future.de".hashedPassword = "$6$8vvkYuxv$9xV5WktsqfgM3cWSxonjtaohm7oqvDC5qsgJCJBATwesjTRxd/QTLa7t7teK8Nzyl.Py26xz.NvYowCZQ4aBE1";
|
aliases = [ "noreply@*" ];
|
||||||
"noreply@infra4future.de".hashedPassword = "$6$uaD8bRcT1$gFqhFyu5RUsyUUOG5b.kN.JAJ1rVHvaYhpeRHoMvrERAMgBu1FHu2oDnjTsy.5NKoLc5xpI5uv4Gpy4YbmDmV.";
|
sendOnly = true;
|
||||||
"discuss@infra4future.de".hashedPassword = "$6$8x8/OlMFjq1$S54jdBh7WjrdC6UtbYAHHzMJak7Ai/CjwmWBBbqh7yRHuZt.mfZrsfBNiL3JKBHE7seQ7JYRU99lJKCU6Aujg/";
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
extraVirtualAliases = {
|
extraVirtualAliases = {
|
||||||
# address = forward address;
|
# address = forward address;
|
||||||
|
|
||||||
# -- International --
|
# -- International --
|
||||||
# info/contact: main entrypoint, anyone can read or reply to this.
|
# info/contact: main entrypoint, anyone can read or reply to this.
|
||||||
"info@hacc.space" = [
|
"info@hacc.space" = [
|
||||||
"hexchen@hacc.space"
|
"hexchen@hacc.space"
|
||||||
"octycs@hacc.space"
|
"octycs@hacc.space"
|
||||||
"raphael@hacc.space"
|
"raphael@hacc.space"
|
||||||
"schweby@hacc.space"
|
"schweby@hacc.space"
|
||||||
"zauberberg@hacc.space"
|
"zauberberg@hacc.space"
|
||||||
"stuebinm@hacc.space"
|
"stuebinm@hacc.space"
|
||||||
"lenny@hacc.space"
|
"lenny@hacc.space"
|
||||||
];
|
];
|
||||||
# admin: current people with access to the mail server and knowledge on how to use it
|
|
||||||
"admin@hacc.space" = [
|
|
||||||
"hexchen@hacc.space"
|
|
||||||
"schweby@hacc.space"
|
|
||||||
"zauberberg@hacc.space"
|
|
||||||
];
|
|
||||||
# voc: hacc video operation center, various streaming-related things
|
|
||||||
"voc@hacc.space" = [
|
|
||||||
"hexchen@hacc.space"
|
|
||||||
"schweby@hacc.space"
|
|
||||||
"octycs@hacc.space"
|
|
||||||
"stuebinm@hacc.space"
|
|
||||||
"zauberberg@hacc.space"
|
|
||||||
"lenny@hacc.space"
|
|
||||||
"raphael@hacc.space"
|
|
||||||
];
|
|
||||||
|
|
||||||
# -- Regional: Germany --
|
# admin: current people with access to the mail server and knowledge on how to use it™
|
||||||
# board of hacc e.V.
|
"admin@hacc.space" =
|
||||||
"vorstand@hacc.space" = [
|
[ "hexchen@hacc.space" "schweby@hacc.space" "zauberberg@hacc.space" ];
|
||||||
"raphael@hacc.space"
|
|
||||||
"schweby@hacc.space"
|
|
||||||
"zauberberg@hacc.space"
|
|
||||||
];
|
|
||||||
# members of hacc e.V.
|
|
||||||
"mitglieder@hacc.space" = [
|
|
||||||
"hexchen@hacc.space"
|
|
||||||
"raphael@hacc.space"
|
|
||||||
"schweby@hacc.space"
|
|
||||||
"zauberberg@hacc.space"
|
|
||||||
"lenny@hacc.space"
|
|
||||||
"octycs@hacc.space"
|
|
||||||
"stuebinm@hacc.space"
|
|
||||||
];
|
|
||||||
|
|
||||||
# -- Regional: Munich --
|
# voc: hacc video operation center, various streaming-related things
|
||||||
"muc@hacc.space" = [
|
"voc@hacc.space" = [
|
||||||
"hexchen@hacc.space"
|
"hexchen@hacc.space"
|
||||||
"octycs@hacc.space"
|
"schweby@hacc.space"
|
||||||
"raphael@hacc.space"
|
"octycs@hacc.space"
|
||||||
"schweby@hacc.space"
|
"stuebinm@hacc.space"
|
||||||
"zauberberg@hacc.space"
|
"zauberberg@hacc.space"
|
||||||
"stuebinm@hacc.space"
|
"lenny@hacc.space"
|
||||||
"lenny@hacc.space"
|
"raphael@hacc.space"
|
||||||
];
|
];
|
||||||
|
|
||||||
# -- c3 world operation centre --
|
# -- Regional: Germany --
|
||||||
"world@muc.hacc.space" = [
|
# board of hacc e.V.
|
||||||
"hexchen@hacc.space"
|
"vorstand@hacc.space" =
|
||||||
"stuebinm@hacc.space"
|
[ "raphael@hacc.space" "schweby@hacc.space" "zauberberg@hacc.space" ];
|
||||||
];
|
|
||||||
|
# members of hacc e.V.
|
||||||
|
"mitglieder@hacc.space" = [
|
||||||
|
"hexchen@hacc.space"
|
||||||
|
"raphael@hacc.space"
|
||||||
|
"schweby@hacc.space"
|
||||||
|
"zauberberg@hacc.space"
|
||||||
|
"lenny@hacc.space"
|
||||||
|
"octycs@hacc.space"
|
||||||
|
"stuebinm@hacc.space"
|
||||||
|
];
|
||||||
|
|
||||||
|
# -- Regional: Munich --
|
||||||
|
"muc@hacc.space" = [
|
||||||
|
"hexchen@hacc.space"
|
||||||
|
"octycs@hacc.space"
|
||||||
|
"raphael@hacc.space"
|
||||||
|
"schweby@hacc.space"
|
||||||
|
"zauberberg@hacc.space"
|
||||||
|
"stuebinm@hacc.space"
|
||||||
|
"lenny@hacc.space"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
|
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
|
||||||
# down nginx and opens port 80.
|
# down nginx and opens port 80.
|
||||||
certificateScheme = 3;
|
certificateScheme = 3;
|
||||||
|
|
||||||
# Enable IMAP and POP3
|
# Only allow implict TLS
|
||||||
enableImap = true;
|
enableImap = false;
|
||||||
enablePop3 = true;
|
enablePop3 = false;
|
||||||
enableImapSsl = true;
|
|
||||||
enablePop3Ssl = true;
|
|
||||||
|
|
||||||
# Enable the ManageSieve protocol
|
# Enable the ManageSieve protocol
|
||||||
enableManageSieve = true;
|
enableManageSieve = true;
|
||||||
|
|
||||||
# whether to scan inbound emails for viruses (note that this requires at least
|
|
||||||
# 1 Gb RAM for the server. Without virus scanning 256 MB RAM should be plenty)
|
|
||||||
virusScanning = false;
|
|
||||||
};
|
};
|
||||||
services.postfix.submissionOptions.smtpd_sender_restrictions = lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
|
|
||||||
services.postfix.submissionsOptions.smtpd_sender_restrictions = lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
|
services.postfix.submissionOptions.smtpd_sender_restrictions =
|
||||||
|
lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
|
||||||
|
services.postfix.submissionsOptions.smtpd_sender_restrictions =
|
||||||
|
lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
|
||||||
|
|
||||||
services.postfix.virtual = ''
|
services.postfix.virtual = ''
|
||||||
|
postmaster@* admin@hacc.space
|
||||||
|
absue@* admin@hacc.space
|
||||||
|
contact@* info@hacc.space
|
||||||
@4future.dev @hacc.space
|
@4future.dev @hacc.space
|
||||||
@4futu.re @hacc.space
|
@4futu.re @hacc.space
|
||||||
@hacc.earth @hacc.space
|
@hacc.earth @hacc.space
|
||||||
@discuss.infra4future.de discuss@infra4future.de
|
@infra4future.de @hacc.space
|
||||||
admin@infra4future.de admin@hacc.space
|
haccvoc@* voc@hacc.space
|
||||||
noreply@infra4future.de admin@hacc.space
|
|
||||||
lukas@infra4future.de zauberberg@hacc.space
|
|
||||||
info@infra4future.de admin@hacc.space
|
|
||||||
postmaster@infra4future.de admin@hacc.space
|
|
||||||
voc@infra4future.de voc@hacc.space
|
|
||||||
haccvoc@infra4future.de voc@hacc.space
|
|
||||||
contact@hacc.space info@hacc.space
|
|
||||||
himmel@hacc.space admin@hacc.space
|
|
||||||
divoc-patches@muc.hacc.space world@muc.hacc.space
|
|
||||||
'';
|
'';
|
||||||
|
|
||||||
systemd.services.alps = {
|
systemd.services.alps = {
|
||||||
enable = true;
|
enable = true;
|
||||||
script = "${pkgs.alps}/bin/alps -theme alps imaps://mail.hacc.space:993 smtps://mail.hacc.space:465";
|
script =
|
||||||
|
"${pkgs.alps}/bin/alps -theme alps imaps://mail.hacc.space:993 smtps://mail.hacc.space:465";
|
||||||
serviceConfig.WorkingDirectory = "${pkgs.alps}/share/alps";
|
serviceConfig.WorkingDirectory = "${pkgs.alps}/share/alps";
|
||||||
serviceConfig.Restart = "always";
|
serviceConfig.Restart = "always";
|
||||||
requiredBy = [ "multi-user.target" ];
|
requiredBy = [ "multi-user.target" ];
|
||||||
|
|
Loading…
Reference in a new issue