update mail config

This commit is contained in:
schweby 2022-07-09 20:49:07 +02:00
parent 8f413da05a
commit 8021685ec8
Signed by untrusted user who does not match committer: moira
GPG key ID: AF92FDD91CB44B2F

View file

@ -1,161 +1,163 @@
{ config, pkgs, lib, sources, ... }: { config, pkgs, lib, sources, ... }:
{ {
imports = [ imports = [ sources.nixos-mailserver.outPath ];
sources.nixos-mailserver.outPath
];
# reduce log spam # reduce log spam
systemd.services.rspamd.serviceConfig.LogLevelMax = 3; # this is set to error because rspamd regularly complains about not enough learns systemd.services.rspamd.serviceConfig.LogLevelMax =
3; # this is set to error because rspamd regularly complains about not enough learns
systemd.services.postfix.serviceConfig.LogLevelMax = 5; # = notice systemd.services.postfix.serviceConfig.LogLevelMax = 5; # = notice
systemd.services.dovecot2.serviceConfig.LogLevelMax = 5; # = notice systemd.services.dovecot2.serviceConfig.LogLevelMax = 5; # = notice
# stop postfix from dying if rspamd hiccups # stop postfix from dying if rspamd hiccups
systemd.services.postfix.unitConfig = { systemd.services.postfix.unitConfig = {
Requires = lib.mkForce "dovecot2.service opendkim.service"; Requires = lib.mkForce "dovecot2.service opendkim.service";
}; };
mailserver = { mailserver = {
mailDirectory = "/persist/mail"; mailDirectory = "/persist/mail";
enable = true; enable = true;
fqdn = "mail.hacc.space"; fqdn = "mail.hacc.space";
domains = [ "hacc.space" "muc.hacc.space" "hacc.earth" "4future.dev" "4futu.re" "infra4future.de" "discuss.infra4future.de" ]; monitoring = {
enable = true;
alertAddress = "admin@hacc.space";
};
domains = [
"hacc.space"
"muc.hacc.space"
"hacc.earth"
"4future.dev"
"4futu.re"
"infra4future.de"
];
loginAccounts = { loginAccounts = {
"hexchen@hacc.space".hashedPassword = "$6$x9skYtRp4dgxC$1y8gPC2BuVqG3kJVSMGgzZv0Bg1T9qxcnBWLIDbANy1d//SQ23Y7s3IMYcEPd1/l/MYWD9Y/Qse6HbT5w5Xwq/"; "hexchen@hacc.space".hashedPassword =
"hexchen@hacc.space".aliases = [ "postmaster@hacc.space" "abuse@hacc.space" "hexchen@infra4future.de" ]; "$6$x9skYtRp4dgxC$1y8gPC2BuVqG3kJVSMGgzZv0Bg1T9qxcnBWLIDbANy1d//SQ23Y7s3IMYcEPd1/l/MYWD9Y/Qse6HbT5w5Xwq/";
"octycs@hacc.space".hashedPassword = "$6$KceTivtJ$58jxhYF6ULfivNsb3Z0J7PnGea0Hs2wTWh3c9FrKRIAmuOD96u2IDgZRCn6P5NrXA0BL.n6HC2RS3r.4JnOmg."; "octycs@hacc.space".hashedPassword =
"octycs@hacc.space".aliases = [ "markus@hacc.space" ]; "$6$KceTivtJ$58jxhYF6ULfivNsb3Z0J7PnGea0Hs2wTWh3c9FrKRIAmuOD96u2IDgZRCn6P5NrXA0BL.n6HC2RS3r.4JnOmg.";
"octycs@hacc.space".aliases = [ "markus@hacc.space" ];
"raphael@hacc.space".hashedPassword = "$6$QveHpwMcp9mkFVAU$EFuahOrJIxPg.c.WGFHtrP3.onwJYwvP7fiBHHGb9jhosewZ2tEUP.2D3uyDLhd9Cfny6Yp4jDk/Hkjk7/ME1/"; "raphael@hacc.space".hashedPassword =
"$6$QveHpwMcp9mkFVAU$EFuahOrJIxPg.c.WGFHtrP3.onwJYwvP7fiBHHGb9jhosewZ2tEUP.2D3uyDLhd9Cfny6Yp4jDk/Hkjk7/ME1/";
"schweby@hacc.space".hashedPassword = "$6$BpYhwcZNrkLhVqK$6FMqA/vUkdV4GBlHLSqS5DRCb/CaLDNeIsBcZ8G30heytS/tJj2Ag7b1ovSltTA4PUfhee3pJrz1BkwkA93vN1"; "schweby@hacc.space".hashedPassword =
"$6$BpYhwcZNrkLhVqK$6FMqA/vUkdV4GBlHLSqS5DRCb/CaLDNeIsBcZ8G30heytS/tJj2Ag7b1ovSltTA4PUfhee3pJrz1BkwkA93vN1";
"zauberberg@hacc.space".hashedPassword = "$6$ISAaU8X6D$oGKe9WXDWrRpGzHUTdxrxdtg9zuGOlBMuDc82IZhegpsv1bqd550FhZZrI40IjZTA5Hy2MZ8j/0efpnQ4fOQH0"; "zauberberg@hacc.space".hashedPassword =
"zauberberg@hacc.space".aliases = [ "lukas@hacc.space" ]; "$6$ISAaU8X6D$oGKe9WXDWrRpGzHUTdxrxdtg9zuGOlBMuDc82IZhegpsv1bqd550FhZZrI40IjZTA5Hy2MZ8j/0efpnQ4fOQH0";
"zauberberg@hacc.space".aliases = [ "lukas@hacc.space" ];
"stuebinm@hacc.space".hashedPassword = "$6$mjrMQG5smqLRlm$WzmbiZnGlEXGT7hj/n2qz0nvVzGyZfMToCyLRi0wErfVEHI7y7jtWoHqIWnpcHAM29UocsIFFsUCb3XqQCwwB."; "stuebinm@hacc.space".hashedPassword =
"$6$mjrMQG5smqLRlm$WzmbiZnGlEXGT7hj/n2qz0nvVzGyZfMToCyLRi0wErfVEHI7y7jtWoHqIWnpcHAM29UocsIFFsUCb3XqQCwwB.";
"lenny@hacc.space".hashedPassword = "$6$EZpv9XImv5F3$p2NSoo5gLxh6NnB3/C6wF8knRTuMHqDXYF3BEscaQuk7qok2Z13xKT/6mFvvSKKBnFCuYptgnfGswmoqIzm/1/"; "lenny@hacc.space".hashedPassword =
"lenny@hacc.space".aliases = [ "rinderhacc@hacc.space" ]; "$6$EZpv9XImv5F3$p2NSoo5gLxh6NnB3/C6wF8knRTuMHqDXYF3BEscaQuk7qok2Z13xKT/6mFvvSKKBnFCuYptgnfGswmoqIzm/1/";
"lenny@hacc.space".aliases = [ "rinderhacc@hacc.space" ];
"finance@muc.hacc.space".hashedPassword = "$6$R3GRmvXwqnMM6q.R$Y9mrUAmMnCScsM6pKjxo2a2XPM7lHrV8FIgK0PzhYvZbxWczo7.O4dk1onYeV1mRx/nXZfkZNjqNCruCn0S2m."; "finance@muc.hacc.space".hashedPassword =
"$6$R3GRmvXwqnMM6q.R$Y9mrUAmMnCScsM6pKjxo2a2XPM7lHrV8FIgK0PzhYvZbxWczo7.O4dk1onYeV1mRx/nXZfkZNjqNCruCn0S2m.";
# service accounts "noreply@hacc.space" = {
"noreply@hacc.space".hashedPassword = "$6$YsqMoItITZUzI5wo$5Lejf8XBHRx4LW4VuZ9wJCiBbT4kOV/EZaCdWQ07eVIrkRTZwXWZ5zfsh.olXEFwvpNWN.DBnU.dQc.cC0/ra/"; hashedPassword =
"newsletter@hacc.space".hashedPassword = "$6$f0xKnQxBInd$zbVIi1lTKWauqW.c8sMNLHNwzn81oQrVOiIfJwPa98n9xWz/NkjuWLYuFpK.MSZwNwP7Yv/a/qaOb9v8qv/.N1"; "$6$YsqMoItITZUzI5wo$5Lejf8XBHRx4LW4VuZ9wJCiBbT4kOV/EZaCdWQ07eVIrkRTZwXWZ5zfsh.olXEFwvpNWN.DBnU.dQc.cC0/ra/";
"gitlab@infra4future.de".hashedPassword = "$6$8vvkYuxv$9xV5WktsqfgM3cWSxonjtaohm7oqvDC5qsgJCJBATwesjTRxd/QTLa7t7teK8Nzyl.Py26xz.NvYowCZQ4aBE1"; aliases = [ "noreply@*" ];
"noreply@infra4future.de".hashedPassword = "$6$uaD8bRcT1$gFqhFyu5RUsyUUOG5b.kN.JAJ1rVHvaYhpeRHoMvrERAMgBu1FHu2oDnjTsy.5NKoLc5xpI5uv4Gpy4YbmDmV."; sendOnly = true;
"discuss@infra4future.de".hashedPassword = "$6$8x8/OlMFjq1$S54jdBh7WjrdC6UtbYAHHzMJak7Ai/CjwmWBBbqh7yRHuZt.mfZrsfBNiL3JKBHE7seQ7JYRU99lJKCU6Aujg/"; };
}; };
extraVirtualAliases = { extraVirtualAliases = {
# address = forward address; # address = forward address;
# -- International -- # -- International --
# info/contact: main entrypoint, anyone can read or reply to this. # info/contact: main entrypoint, anyone can read or reply to this.
"info@hacc.space" = [ "info@hacc.space" = [
"hexchen@hacc.space" "hexchen@hacc.space"
"octycs@hacc.space" "octycs@hacc.space"
"raphael@hacc.space" "raphael@hacc.space"
"schweby@hacc.space" "schweby@hacc.space"
"zauberberg@hacc.space" "zauberberg@hacc.space"
"stuebinm@hacc.space" "stuebinm@hacc.space"
"lenny@hacc.space" "lenny@hacc.space"
]; ];
# admin: current people with access to the mail server and knowledge on how to use it
"admin@hacc.space" = [
"hexchen@hacc.space"
"schweby@hacc.space"
"zauberberg@hacc.space"
];
# voc: hacc video operation center, various streaming-related things
"voc@hacc.space" = [
"hexchen@hacc.space"
"schweby@hacc.space"
"octycs@hacc.space"
"stuebinm@hacc.space"
"zauberberg@hacc.space"
"lenny@hacc.space"
"raphael@hacc.space"
];
# -- Regional: Germany -- # admin: current people with access to the mail server and knowledge on how to use it™
# board of hacc e.V. "admin@hacc.space" =
"vorstand@hacc.space" = [ [ "hexchen@hacc.space" "schweby@hacc.space" "zauberberg@hacc.space" ];
"raphael@hacc.space"
"schweby@hacc.space"
"zauberberg@hacc.space"
];
# members of hacc e.V.
"mitglieder@hacc.space" = [
"hexchen@hacc.space"
"raphael@hacc.space"
"schweby@hacc.space"
"zauberberg@hacc.space"
"lenny@hacc.space"
"octycs@hacc.space"
"stuebinm@hacc.space"
];
# -- Regional: Munich -- # voc: hacc video operation center, various streaming-related things
"muc@hacc.space" = [ "voc@hacc.space" = [
"hexchen@hacc.space" "hexchen@hacc.space"
"octycs@hacc.space" "schweby@hacc.space"
"raphael@hacc.space" "octycs@hacc.space"
"schweby@hacc.space" "stuebinm@hacc.space"
"zauberberg@hacc.space" "zauberberg@hacc.space"
"stuebinm@hacc.space" "lenny@hacc.space"
"lenny@hacc.space" "raphael@hacc.space"
]; ];
# -- c3 world operation centre -- # -- Regional: Germany --
"world@muc.hacc.space" = [ # board of hacc e.V.
"hexchen@hacc.space" "vorstand@hacc.space" =
"stuebinm@hacc.space" [ "raphael@hacc.space" "schweby@hacc.space" "zauberberg@hacc.space" ];
];
# members of hacc e.V.
"mitglieder@hacc.space" = [
"hexchen@hacc.space"
"raphael@hacc.space"
"schweby@hacc.space"
"zauberberg@hacc.space"
"lenny@hacc.space"
"octycs@hacc.space"
"stuebinm@hacc.space"
];
# -- Regional: Munich --
"muc@hacc.space" = [
"hexchen@hacc.space"
"octycs@hacc.space"
"raphael@hacc.space"
"schweby@hacc.space"
"zauberberg@hacc.space"
"stuebinm@hacc.space"
"lenny@hacc.space"
];
}; };
# Use Let's Encrypt certificates. Note that this needs to set up a stripped # Use Let's Encrypt certificates. Note that this needs to set up a stripped
# down nginx and opens port 80. # down nginx and opens port 80.
certificateScheme = 3; certificateScheme = 3;
# Enable IMAP and POP3 # Only allow implict TLS
enableImap = true; enableImap = false;
enablePop3 = true; enablePop3 = false;
enableImapSsl = true;
enablePop3Ssl = true;
# Enable the ManageSieve protocol # Enable the ManageSieve protocol
enableManageSieve = true; enableManageSieve = true;
# whether to scan inbound emails for viruses (note that this requires at least
# 1 Gb RAM for the server. Without virus scanning 256 MB RAM should be plenty)
virusScanning = false;
}; };
services.postfix.submissionOptions.smtpd_sender_restrictions = lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
services.postfix.submissionsOptions.smtpd_sender_restrictions = lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit"; services.postfix.submissionOptions.smtpd_sender_restrictions =
lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
services.postfix.submissionsOptions.smtpd_sender_restrictions =
lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
services.postfix.virtual = '' services.postfix.virtual = ''
postmaster@* admin@hacc.space
absue@* admin@hacc.space
contact@* info@hacc.space
@4future.dev @hacc.space @4future.dev @hacc.space
@4futu.re @hacc.space @4futu.re @hacc.space
@hacc.earth @hacc.space @hacc.earth @hacc.space
@discuss.infra4future.de discuss@infra4future.de @infra4future.de @hacc.space
admin@infra4future.de admin@hacc.space haccvoc@* voc@hacc.space
noreply@infra4future.de admin@hacc.space
lukas@infra4future.de zauberberg@hacc.space
info@infra4future.de admin@hacc.space
postmaster@infra4future.de admin@hacc.space
voc@infra4future.de voc@hacc.space
haccvoc@infra4future.de voc@hacc.space
contact@hacc.space info@hacc.space
himmel@hacc.space admin@hacc.space
divoc-patches@muc.hacc.space world@muc.hacc.space
''; '';
systemd.services.alps = { systemd.services.alps = {
enable = true; enable = true;
script = "${pkgs.alps}/bin/alps -theme alps imaps://mail.hacc.space:993 smtps://mail.hacc.space:465"; script =
"${pkgs.alps}/bin/alps -theme alps imaps://mail.hacc.space:993 smtps://mail.hacc.space:465";
serviceConfig.WorkingDirectory = "${pkgs.alps}/share/alps"; serviceConfig.WorkingDirectory = "${pkgs.alps}/share/alps";
serviceConfig.Restart = "always"; serviceConfig.Restart = "always";
requiredBy = [ "multi-user.target" ]; requiredBy = [ "multi-user.target" ];