I think my flake needs a complete rewrite

2024-10-12 17:35:52 -04:00 · 2024-10-12 17:35:52 -04:00 · 65f90a0bf3
commit 65f90a0bf3
parent 87fbcda3d3
65 changed files with 110 additions and 125 deletions
--- a/modules/system/services/server/mailserver/default.nix
+++ b/modules/system/services/server/mailserver/default.nix
@ -0,0 +1,49 @@
+{ pkgs, outputs, ... }: 
+{
+  imports = [
+    ./nginx
+    ./roundcube
+  ];
+
+  mailserver = rec {
+    enable = true;
+    openFirewall = false;
+    domains = [ "${outputs.secrets.jimDomain}" ];
+    fqdn = "mx.${outputs.secrets.jimDomain}";
+    certificateScheme = "acme-nginx";
+    localDnsResolver = false;
+    redis.port = 1515;
+
+    # Dmarc info
+    dmarcReporting = {
+      enable = true;
+      domain = "${outputs.secrets.jimDomain}";
+      localpart = "noreply";
+      organizationName = "Jimbo's Files";
+    };
+        
+    # A list of accounts, passwords generated with nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
+    loginAccounts = {
+      "noreply@${outputs.secrets.jimDomain}" = {
+        hashedPasswordFile = pkgs.writeText "noreply" outputs.secrets.noreplyMailHash;
+        sendOnly = true;
+      };    
+      "jimbo@${outputs.secrets.jimDomain}" = {
+        hashedPasswordFile = pkgs.writeText "jimbo" outputs.secrets.jimboMailHash;
+        aliases = [ "james@${outputs.secrets.jimDomain}" "contact@${outputs.secrets.jimDomain}" ];
+      };
+      "lunamoonlight@${outputs.secrets.jimDomain}" = {
+        hashedPasswordFile = pkgs.writeText "luna" outputs.secrets.lunaMailHash;
+      };
+      "freecorn1854@${outputs.secrets.jimDomain}" = {
+        hashedPasswordFile = pkgs.writeText "freecorn" outputs.secrets.freecornMailHash;
+      };
+      "tinyattack09@${outputs.secrets.jimDomain}" = {
+        hashedPasswordFile = pkgs.writeText "tiny" outputs.secrets.tinyMailHash;
+      };
+    };
+  };
+
+  # Assign the correct port
+  services.redis.servers.rspamd.port = 1515;
+}
--- a/modules/system/services/server/mailserver/nginx/default.nix
+++ b/modules/system/services/server/mailserver/nginx/default.nix
@ -0,0 +1,11 @@
+{ pkgs, outputs, ... }: 
+{
+  services.nginx.virtualHosts."mx.${outputs.secrets.jimDomain}" =  {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:1390";
+      proxyWebsockets = true;
+    };
+  };
+}
--- a/modules/system/services/server/mailserver/roundcube/default.nix
+++ b/modules/system/services/server/mailserver/roundcube/default.nix
@ -0,0 +1,12 @@
+{ pkgs, outputs, ... }: 
+{
+  services.roundcube = {
+   enable = true;
+   hostName = "mail.${outputs.secrets.jimDomain}";
+   extraConfig = ''
+     $config['smtp_server'] = "tls://mx.${outputs.secrets.jimDomain}";
+     $config['smtp_user'] = "%u";
+     $config['smtp_pass'] = "%p";
+   '';
+  };
+}