{ config, lib, pkgs, ... }: { networking.firewall.allowedTCPPorts = [ 25 465 587 ]; services.dovecot2 = { enable = true; sslServerCert = "${config.security.acme.directory}/shape.orbekk.com/fullchain.pem"; sslServerKey = "${config.security.acme.directory}/shape.orbekk.com/key.pem"; enablePAM = false; extraConfig = '' passdb { driver = passwd-file args = username_format=%n /var/lib/dovecot/passwd } userdb { driver = passwd-file args = username_format=%n /var/lib/dovecot/passwd } mail_debug = yes service auth { unix_listener auth-client-postfix { group = postfix mode = 0660 user = postfix } user = root } ''; }; services.postfix = { enable = true; hostname = "semeai"; domain = "orbekk.com"; destination = ["orbekk.com" "kj.orbekk.com" "orbekk.no" "kj.orbekk.no" "kufieta.net"]; lookupMX = true; # This causes it to use the relayhost verbatim. relayHost = "[smtp.sendgrid.net]:2525"; enableSubmission = true; submissionOptions = { "smtpd_tls_security_level" = "encrypt"; "smtpd_sasl_auth_enable" = "yes"; "smtpd_sasl_type" = "dovecot"; "smtpd_sasl_path" = "/var/run/dovecot2/auth-client-postfix"; "smtpd_client_restrictions" = "permit_sasl_authenticated,reject"; "milter_macro_daemon_name" = "ORIGINATING"; }; extraConfig = '' smtp_tls_security_level = encrypt smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/opt/secret/sasl_passwd header_size_limit = 4096000 smtp_sasl_security_options = noanonymous ''; extraAliases = let erik = "erikorbekk@gmail.com"; kjetil = "kjetil.orbekk@gmail.com"; lise = "lise.orbekk@gmail.com"; katharina = "katharina.kufieta@gmail.com"; in '' eo: ${erik} erik: ${erik} orbekk: ${kjetil} k: ${kjetil} kj: ${kjetil} kjetil: ${kjetil} root: ${kjetil} postmaster: ${kjetil} katharina: ${katharina} kathi: ${katharina} kasiunia: ${katharina} lise: ${lise} ''; }; }