From a57a9912ead33f66212946622a3a21307bd6aab4 Mon Sep 17 00:00:00 2001
From: Kjetil Orbekk <kjetil.orbekk@gmail.com>
Date: Sat, 20 May 2017 18:30:10 -0400
Subject: shape: Add mail server.

---
 config/mail-server.nix       | 80 ++++++++++++++++++++++++++++++++++++++++++++
 machines/container-shape.nix |  1 +
 2 files changed, 81 insertions(+)
 create mode 100644 config/mail-server.nix

diff --git a/config/mail-server.nix b/config/mail-server.nix
new file mode 100644
index 0000000..3c4b7b7
--- /dev/null
+++ b/config/mail-server.nix
@@ -0,0 +1,80 @@
+{ config, lib, pkgs, ... }:
+{
+  services.dovecot2 = {
+    enable = true;
+    sslServerCert = "${config.security.acme.directory}/shape.orbekk.com/fullchain.pem";
+    sslServerKey = "${config.security.acme.directory}/shape.orbekk.com/key.pem";
+    enablePAM = false;
+    extraConfig = ''
+      passdb {
+        driver = passwd-file
+        args = username_format=%n /var/lib/dovecot/passwd
+      }
+      userdb {
+        driver = passwd-file
+        args = username_format=%n /var/lib/dovecot/passwd
+      }
+      mail_debug = yes
+      service auth {
+          unix_listener auth-client-postfix {
+              group = postfix
+              mode = 0660
+              user = postfix
+          }
+          user = root
+      }
+    '';
+  };
+
+  services.postfix = {
+    enable = true;
+
+    hostname = "semeai";
+    domain = "orbekk.com";
+    destination = ["orbekk.com" "kj.orbekk.com" "orbekk.no" "kj.orbekk.no" "kufieta.net"];
+
+    lookupMX = true;  # This causes it to use the relayhost verbatim.
+    relayHost = "[smtp.sendgrid.net]:2525";
+
+    enableSubmission = true;
+    submissionOptions = {
+      "smtpd_tls_security_level" = "encrypt";
+      "smtpd_sasl_auth_enable" = "yes";
+      "smtpd_sasl_type" = "dovecot";
+      "smtpd_sasl_path" = "/var/run/dovecot2/auth-client-postfix";
+      "smtpd_client_restrictions" = "permit_sasl_authenticated,reject";
+      "milter_macro_daemon_name" = "ORIGINATING";
+    };
+
+    extraConfig = ''
+      smtp_tls_security_level = encrypt
+      smtp_sasl_auth_enable = yes
+      smtp_sasl_password_maps = hash:/opt/secret/sasl_passwd
+      header_size_limit = 4096000
+      smtp_sasl_security_options = noanonymous
+    '';
+
+    extraAliases = let
+        erik = "erikorbekk@gmail.com";
+        kjetil = "kjetil.orbekk@gmail.com";
+        lise = "lise.orbekk@gmail.com";
+        katharina = "katharina.kufieta@gmail.com";
+      in ''
+        eo: ${erik}
+        erik: ${erik}
+  
+        orbekk: ${kjetil}
+        k: ${kjetil}
+        kj: ${kjetil}
+        kjetil: ${kjetil}
+        root: ${kjetil}
+        postmaster: ${kjetil}
+  
+        katharina: ${katharina}
+        kathi: ${katharina}
+        kasiunia: ${katharina}
+
+        lise: ${lise}
+      '';
+  };
+}
diff --git a/machines/container-shape.nix b/machines/container-shape.nix
index 70c5cd0..1a5d832 100644
--- a/machines/container-shape.nix
+++ b/machines/container-shape.nix
@@ -10,6 +10,7 @@
     ../config/cgit.nix
     ../config/weechat.nix
     ../config/web-server.nix
+    ../config/mail-server.nix
   ];
 
   users.defaultUserShell = lib.mkForce pkgs.bash;
-- 
cgit v1.2.3