blob: 430391217aaf31d38f319ed110aa7df8a2d5a538 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
{ config, lib, pkgs, ... }:
{
networking.firewall.allowedTCPPorts = [ 25 465 587 ];
services.dovecot2 = {
enable = true;
sslServerCert = "${config.security.acme.directory}/shape.orbekk.com/fullchain.pem";
sslServerKey = "${config.security.acme.directory}/shape.orbekk.com/key.pem";
enablePAM = false;
extraConfig = ''
passdb {
driver = passwd-file
args = username_format=%n /opt/secret/dovecot-passwd
}
userdb {
driver = passwd-file
args = username_format=%n /opt/secret/dovecot-passwd
}
mail_debug = yes
service auth {
unix_listener auth-client-postfix {
group = postfix
mode = 0660
user = postfix
}
user = root
}
'';
};
services.postfix = {
enable = true;
hostname = "shape";
domain = "orbekk.com";
destination = ["orbekk.com" "kj.orbekk.com" "orbekk.no" "kj.orbekk.no" "kufieta.net"];
relayHost = "smtp.gmail.com";
relayPort = 587;
enableSubmission = true;
submissionOptions = {
"smtpd_tls_security_level" = "encrypt";
"smtpd_sasl_auth_enable" = "yes";
"smtpd_sasl_type" = "dovecot";
"smtpd_sasl_path" = "/var/run/dovecot2/auth-client-postfix";
"smtpd_client_restrictions" = "permit_sasl_authenticated,reject";
"milter_macro_daemon_name" = "ORIGINATING";
};
extraConfig = ''
smtp_tls_security_level = encrypt
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/opt/secret/postfix-sasl-passwd
header_size_limit = 4096000
smtp_sasl_security_options = noanonymous
'';
extraAliases = let
erik = "erikorbekk@gmail.com";
kjetil = "kjetil.orbekk@gmail.com";
lise = "lise.orbekk@gmail.com";
katharina = "katharina.kufieta@gmail.com";
in ''
eo: ${erik}
erik: ${erik}
orbekk: ${kjetil}
k: ${kjetil}
kj: ${kjetil}
kjetil: ${kjetil}
root: ${kjetil}
postmaster: ${kjetil}
katharina: ${katharina}
kathi: ${katharina}
kasiunia: ${katharina}
kat: ${katharina}
lise: ${lise}
'';
sslCert = "${config.security.acme.directory}/shape.orbekk.com/fullchain.pem";
sslCACert = "${config.security.acme.directory}/shape.orbekk.com/fullchain.pem";
sslKey = "${config.security.acme.directory}/shape.orbekk.com/key.pem";
};
}
|