diff options
| author | Kjetil Orbekk <kjetil.orbekk@gmail.com> | 2017-05-20 18:30:10 -0400 |
|---|---|---|
| committer | Kjetil Orbekk <kjetil.orbekk@gmail.com> | 2017-05-20 18:30:22 -0400 |
| commit | a57a9912ead33f66212946622a3a21307bd6aab4 (patch) | |
| tree | da8c6780b726e2ef229c42ce3b5ca544e04bb4f3 | |
| parent | f2c421e94d95d830d430fee5b3c07654429bd603 (diff) | |
shape: Add mail server.
| -rw-r--r-- | config/mail-server.nix | 80 | ||||
| -rw-r--r-- | machines/container-shape.nix | 1 |
2 files changed, 81 insertions, 0 deletions
diff --git a/config/mail-server.nix b/config/mail-server.nix new file mode 100644 index 0000000..3c4b7b7 --- /dev/null +++ b/config/mail-server.nix @@ -0,0 +1,80 @@ +{ config, lib, pkgs, ... }: +{ + services.dovecot2 = { + enable = true; + sslServerCert = "${config.security.acme.directory}/shape.orbekk.com/fullchain.pem"; + sslServerKey = "${config.security.acme.directory}/shape.orbekk.com/key.pem"; + enablePAM = false; + extraConfig = '' + passdb { + driver = passwd-file + args = username_format=%n /var/lib/dovecot/passwd + } + userdb { + driver = passwd-file + args = username_format=%n /var/lib/dovecot/passwd + } + mail_debug = yes + service auth { + unix_listener auth-client-postfix { + group = postfix + mode = 0660 + user = postfix + } + user = root + } + ''; + }; + + services.postfix = { + enable = true; + + hostname = "semeai"; + domain = "orbekk.com"; + destination = ["orbekk.com" "kj.orbekk.com" "orbekk.no" "kj.orbekk.no" "kufieta.net"]; + + lookupMX = true; # This causes it to use the relayhost verbatim. + relayHost = "[smtp.sendgrid.net]:2525"; + + enableSubmission = true; + submissionOptions = { + "smtpd_tls_security_level" = "encrypt"; + "smtpd_sasl_auth_enable" = "yes"; + "smtpd_sasl_type" = "dovecot"; + "smtpd_sasl_path" = "/var/run/dovecot2/auth-client-postfix"; + "smtpd_client_restrictions" = "permit_sasl_authenticated,reject"; + "milter_macro_daemon_name" = "ORIGINATING"; + }; + + extraConfig = '' + smtp_tls_security_level = encrypt + smtp_sasl_auth_enable = yes + smtp_sasl_password_maps = hash:/opt/secret/sasl_passwd + header_size_limit = 4096000 + smtp_sasl_security_options = noanonymous + ''; + + extraAliases = let + erik = "erikorbekk@gmail.com"; + kjetil = "kjetil.orbekk@gmail.com"; + lise = "lise.orbekk@gmail.com"; + katharina = "katharina.kufieta@gmail.com"; + in '' + eo: ${erik} + erik: ${erik} + + orbekk: ${kjetil} + k: ${kjetil} + kj: ${kjetil} + kjetil: ${kjetil} + root: ${kjetil} + postmaster: ${kjetil} + + katharina: ${katharina} + kathi: ${katharina} + kasiunia: ${katharina} + + lise: ${lise} + ''; + }; +} diff --git a/machines/container-shape.nix b/machines/container-shape.nix index 70c5cd0..1a5d832 100644 --- a/machines/container-shape.nix +++ b/machines/container-shape.nix @@ -10,6 +10,7 @@ ../config/cgit.nix ../config/weechat.nix ../config/web-server.nix + ../config/mail-server.nix ]; users.defaultUserShell = lib.mkForce pkgs.bash; |