nix-cfg/hosts/vps1/services/mailserver.nix

{ lib, config, data, ...}:
let
  inherit (data.host) rootDomain;
  inherit (data.services.mailserver) domain;
  gitDomain = data.services.git.domain;
in
{
  mailserver = {
    enable = true;
    fqdn = domain;
    domains = [
      rootDomain
      domain
      gitDomain
    ];

    # certificateScheme = "acme";
    # Cannot be used since it uses fqdn
    certificateScheme = "manual";
    certificateFile = "${config.security.acme.certs.${rootDomain}.directory}/fullchain.pem";
    keyFile = "${config.security.acme.certs.${rootDomain}.directory}/key.pem";

    enableManageSieve = true;
    indexDir = "/var/lib/dovecot/indices";
    dkimKeyBits = 4096;

    loginAccounts = {
      "lgm@${rootDomain}" = {
        aliases = [
          "lgmrszd@${rootDomain}"
          "postmaster@${rootDomain}"
          "abuse@${rootDomain}"
          "admin@${rootDomain}"
        ];
        hashedPassword = "$2b$05$E18a4pSMfEmd.mfVGQEJe.JBTS3jxdf6yLDZdOQNIs9NrNMc5K.cK";
      };
      "forgejo@${rootDomain}" = {
        aliases = [
          "@${gitDomain}"
        ];
        hashedPassword = "$2b$05$IlDxRGJ6vOUjDIq0hfCd3uIVLQw0oodRU1cG8pKueO1BgaIfpUYPS";
      };
      "auth@${rootDomain}" = {
        hashedPassword = "$2b$05$vqTJCReuUY61.Z1EwcwXnOlG98Cizpt1TGIJ76/WSHaiweAxPglp6";
        sendOnly = true;
      };
    };
  };

  security.acme.certs."${rootDomain}".reloadServices = [
    "postfix.service"
    "dovecot2.service"
  ];
}
vps1: enable mailserver 2024-05-16 00:07:17 +02:00			`{ lib, config, data, ...}:`
			`let`
			`inherit (data.host) rootDomain;`
			`inherit (data.services.mailserver) domain;`
			`gitDomain = data.services.git.domain;`
			`in`
			`{`
			`mailserver = {`
			`enable = true;`
			`fqdn = domain;`
			`domains = [`
			`rootDomain`
			`domain`
			`gitDomain`
			`];`
vps1: mailserver: fix certs, add hashed passwords 2024-05-16 00:39:15 +02:00
			`# certificateScheme = "acme";`
			`# Cannot be used since it uses fqdn`
			`certificateScheme = "manual";`
			`certificateFile = "${config.security.acme.certs.${rootDomain}.directory}/fullchain.pem";`
			`keyFile = "${config.security.acme.certs.${rootDomain}.directory}/key.pem";`
vps1: enable mailserver 2024-05-16 00:07:17 +02:00
			`enableManageSieve = true;`
			`indexDir = "/var/lib/dovecot/indices";`
			`dkimKeyBits = 4096;`

			`loginAccounts = {`
			`"lgm@${rootDomain}" = {`
			`aliases = [`
			`"lgmrszd@${rootDomain}"`
			`"postmaster@${rootDomain}"`
			`"abuse@${rootDomain}"`
vps1: auth+mail: add alias, fix mail settings for auth 2024-05-16 17:09:20 +02:00			`"admin@${rootDomain}"`
vps1: enable mailserver 2024-05-16 00:07:17 +02:00			`];`
vps1: mailserver: fix certs, add hashed passwords 2024-05-16 00:39:15 +02:00			`hashedPassword = "$2b$05$E18a4pSMfEmd.mfVGQEJe.JBTS3jxdf6yLDZdOQNIs9NrNMc5K.cK";`
vps1: enable mailserver 2024-05-16 00:07:17 +02:00			`};`
			`"forgejo@${rootDomain}" = {`
			`aliases = [`
			`"@${gitDomain}"`
			`];`
vps1: mailserver: fix certs, add hashed passwords 2024-05-16 00:39:15 +02:00			`hashedPassword = "$2b$05$IlDxRGJ6vOUjDIq0hfCd3uIVLQw0oodRU1cG8pKueO1BgaIfpUYPS";`
vps1: enable mailserver 2024-05-16 00:07:17 +02:00			`};`
vps1: enable authentik 2024-05-16 15:44:08 +02:00			`"auth@${rootDomain}" = {`
			`hashedPassword = "$2b$05$vqTJCReuUY61.Z1EwcwXnOlG98Cizpt1TGIJ76/WSHaiweAxPglp6";`
			`sendOnly = true;`
			`};`
vps1: enable mailserver 2024-05-16 00:07:17 +02:00			`};`
			`};`
vps1: mailserver: certs fix 2024-05-16 00:41:09 +02:00
			`security.acme.certs."${rootDomain}".reloadServices = [`
			`"postfix.service"`
			`"dovecot2.service"`
			`];`
vps1: enable mailserver 2024-05-16 00:07:17 +02:00			`}`