{pkgs, outputs, ...}: rec {
# Mail server
mailserver = rec {
enable = true;
enableManageSieve = true;
domains = [ "${outputs.secrets.jimDomain}" ];
fqdn = "mx.${outputs.secrets.jimDomain}";
certificateScheme = "acme-nginx";
localDnsResolver = false;
redis.port = 1515;
# A list of accounts, passwords generated with nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
loginAccounts = {
"noreply@${outputs.secrets.jimDomain}" = {
hashedPasswordFile = pkgs.writeText "noreply" outputs.secrets.noreplyMailHash;
sendOnly = true;
};
"jimbo@${outputs.secrets.jimDomain}" = {
hashedPasswordFile = pkgs.writeText "jimbo" outputs.secrets.jimboMailHash;
aliases = [ "canada@${outputs.secrets.jimDomain}" "contact@${outputs.secrets.jimDomain}" ];
};
"lunamoonlight@${outputs.secrets.jimDomain}" = {
hashedPasswordFile = pkgs.writeText "luna" outputs.secrets.lunaMailHash;
aliases = [ "us@${outputs.secrets.jimDomain}" "contact@${outputs.secrets.jimDomain}" ];
};
"freecorn1854@${outputs.secrets.jimDomain}" = {
hashedPasswordFile = pkgs.writeText "freecorn" outputs.secrets.freecornMailHash;
aliases = [ "canada@${outputs.secrets.jimDomain}" "contact@${outputs.secrets.jimDomain}" ];
};
"tinyattack09@${outputs.secrets.jimDomain}" = {
hashedPasswordFile = pkgs.writeText "tiny" outputs.secrets.tinyMailHash;
};
};
};
# Related services
services = {
# Roundcube mail server
roundcube = {
enable = true;
hostName = "mail.${outputs.secrets.jimDomain}";
extraConfig = ''
$config['smtp_server'] = "tls://${mailserver.fqdn}";
$config['smtp_user'] = "%u";
$config['smtp_pass'] = "%p";
'';
};
# Force the mailserver to use a different redis port
redis.servers.rspamd.port = 1515;
# The hostname mail ports use
nginx.virtualHosts."mx.${outputs.secrets.jimDomain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:1390";
proxyWebsockets = true;
};
};
};
}