{ config, pkgs, lib, ... }: let sources = import ../../../nix/sources.nix; in { imports = [ sources.nixos-mailserver.outPath ]; mailserver = { mailDirectory = "/data/mail"; enable = true; fqdn = "mail.hacc.space"; domains = [ "hacc.space" "hacc.earth" "4future.dev" "4futu.re" "infra4future.de" "discuss.infra4future.de" "lists.hacc.space" "lists.infra4future.de" ]; loginAccounts = { "hexchen@hacc.space" = { hashedPassword = "$6$x9skYtRp4dgxC$1y8gPC2BuVqG3kJVSMGgzZv0Bg1T9qxcnBWLIDbANy1d//SQ23Y7s3IMYcEPd1/l/MYWD9Y/Qse6HbT5w5Xwq/"; aliases = [ "postmaster@hacc.space" "abuse@hacc.space" ]; }; "octycs@hacc.space" = { hashedPassword = "$6$KceTivtJ$58jxhYF6ULfivNsb3Z0J7PnGea0Hs2wTWh3c9FrKRIAmuOD96u2IDgZRCn6P5NrXA0BL.n6HC2RS3r.4JnOmg."; aliases = [ "markus@hacc.space" ]; }; "raphael@hacc.space" = { hashedPassword = "$6$QveHpwMcp9mkFVAU$EFuahOrJIxPg.c.WGFHtrP3.onwJYwvP7fiBHHGb9jhosewZ2tEUP.2D3uyDLhd9Cfny6Yp4jDk/Hkjk7/ME1/"; }; "engelsystem@hacc.space" = { hashedPassword = "$6$5cIAEhJ7af7M$eJBPQc3ONd.N3HKPFpxfG7liZbUXPvWuSpWVgeG7rmsG7f7.Zdxtodvt5VaXoA3AEiv3GqcY.gKHISK/Gg0ib/"; }; "schweby@hacc.space" = { hashedPassword = "$6$BpYhwcZNrkLhVqK$6FMqA/vUkdV4GBlHLSqS5DRCb/CaLDNeIsBcZ8G30heytS/tJj2Ag7b1ovSltTA4PUfhee3pJrz1BkwkA93vN1"; }; "zauberberg@hacc.space" = { hashedPassword = "$6$ISAaU8X6D$oGKe9WXDWrRpGzHUTdxrxdtg9zuGOlBMuDc82IZhegpsv1bqd550FhZZrI40IjZTA5Hy2MZ8j/0efpnQ4fOQH0"; aliases = [ "lukas@hacc.space" ]; }; "talx@hacc.space" = { hashedPassword = "$6$0hIKRoMJS./JSE$tXizRgphhNM3ZYx216VdRv1OiyZoYXsjGqSudTDu8vB8eZb03Axi31VKV87RXiEGGixdvTsHEKpx032aOzzt31"; }; "unms@hacc.space" = { hashedPassword = "$6$pYlNP37913$sGE3L722ceP.1Qm5lsffYUN919hPP1xRTrzco3ic3Op21iiknBkOY04eY2l3Um/Bpk/yV89aJD0eaB/5RCbWR1"; }; "noreply@hacc.space" = { hashedPassword = "$6$YsqMoItITZUzI5wo$5Lejf8XBHRx4LW4VuZ9wJCiBbT4kOV/EZaCdWQ07eVIrkRTZwXWZ5zfsh.olXEFwvpNWN.DBnU.dQc.cC0/ra/"; }; "stuebinm@hacc.space" = { hashedPassword = "$6$mjrMQG5smqLRlm$WzmbiZnGlEXGT7hj/n2qz0nvVzGyZfMToCyLRi0wErfVEHI7y7jtWoHqIWnpcHAM29UocsIFFsUCb3XqQCwwB."; }; "newsletter@hacc.space" = { hashedPassword = "$6$f0xKnQxBInd$zbVIi1lTKWauqW.c8sMNLHNwzn81oQrVOiIfJwPa98n9xWz/NkjuWLYuFpK.MSZwNwP7Yv/a/qaOb9v8qv/.N1"; }; "lenny@hacc.space" = { hashedPassword = "$6$dR.lhYiJDpsR4.dw$n7bCbyTm97v/O8Ue44n58YwOmmct..Gt5TeAmen8C5FWyPTwTh65XCjwc27gNFVGnZLwsRJwMJ.E9D0oJEzUh0"; }; # service accounts "gitlab@infra4future.de".hashedPassword = "$6$8vvkYuxv$9xV5WktsqfgM3cWSxonjtaohm7oqvDC5qsgJCJBATwesjTRxd/QTLa7t7teK8Nzyl.Py26xz.NvYowCZQ4aBE1"; "noreply@infra4future.de".hashedPassword = "$6$uaD8bRcT1$gFqhFyu5RUsyUUOG5b.kN.JAJ1rVHvaYhpeRHoMvrERAMgBu1FHu2oDnjTsy.5NKoLc5xpI5uv4Gpy4YbmDmV."; "discuss@infra4future.de".hashedPassword = "$6$8x8/OlMFjq1$S54jdBh7WjrdC6UtbYAHHzMJak7Ai/CjwmWBBbqh7yRHuZt.mfZrsfBNiL3JKBHE7seQ7JYRU99lJKCU6Aujg/"; }; extraVirtualAliases = { # address = forward address; "info@hacc.space" = [ "hexchen@hacc.space" "octycs@hacc.space" "raphael@hacc.space" "schweby@hacc.space" "zauberberg@hacc.space" "stuebinm@hacc.space" "lenny@hacc.space" ]; "himmel@hacc.space" = [ "hexchen@hacc.space" "schweby@hacc.space" "zauberberg@hacc.space" ]; "admin@hacc.space" = [ "schweby@hacc.space" "zauberberg@hacc.space" ]; "voc@hacc.space" = [ "hexchen@hacc.space" "schweby@hacc.space" "octycs@hacc.space" "stuebinm@hacc.space" "zauberberg@hacc.space" "lenny@hacc.space" ]; "vorstand@hacc.space" = [ "raphael@hacc.space" "schweby@hacc.space" "zauberberg@hacc.space" ]; "mitglieder@hacc.space" = [ "raphael@hacc.space" "schweby@hacc.space" "zauberberg@hacc.space" "lenny@hacc.space" "octycs@hacc.space" ]; }; # Use Let's Encrypt certificates. Note that this needs to set up a stripped # down nginx and opens port 80. certificateScheme = 3; # Enable IMAP and POP3 enableImap = true; enablePop3 = true; enableImapSsl = true; enablePop3Ssl = true; # Enable the ManageSieve protocol enableManageSieve = true; # whether to scan inbound emails for viruses (note that this requires at least # 1 Gb RAM for the server. Without virus scanning 256 MB RAM should be plenty) virusScanning = false; }; services.postfix.submissionOptions.smtpd_sender_restrictions = "reject_non_fqdn_sender,reject_unknown_sender_domain,permit"; services.postfix.submissionsOptions.smtpd_sender_restrictions = "reject_non_fqdn_sender,reject_unknown_sender_domain,permit"; services.postfix.virtual = '' @4future.dev @hacc.space @4futu.re @hacc.space @hacc.earth @hacc.space @discuss.infra4future.de discuss@infra4future.de admin@infra4future.de admin@hacc.space noreply@infra4future.de admin@hacc.space lukas@infra4future.de zauberberg@hacc.space info@infra4future.de admin@hacc.space postmaster@infra4future.de admin@hacc.space voc@infra4future.de admin@hacc.space haccvoc@infra4future.de admin@hacc.space contact@hacc.space info@hacc.space ''; systemd.services.alps = { enable = true; script = "${pkgs.alps}/bin/alps -theme alps imaps://mail.hacc.space:993 smtps://mail.hacc.space:465"; serviceConfig.WorkingDirectory = "${pkgs.alps}/share/alps"; }; services.nginx.virtualHosts."mail.hacc.space" = { enableACME = true; forceSSL = true; locations."/".proxyPass = "http://[::1]:1323"; }; }