mira/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nix-config/modules/email/default.nix

110 lines
2.7 KiB
Nix
Raw Permalink Blame History

{
config,
lib,
...
}: let
inherit (lib) mkIf;
inherit (lib.lists) forEach;
cfg = config.conf.email;
in
mkIf cfg.enable {
services.nginx = {
virtualHosts.${cfg.domain} = {
serverName = cfg.domain;
serverAliases =
forEach ["mail" "webadmin" "autoconfig" "autodiscover"]
(sub: "${sub}.${cfg.domain}");
forceSSL = true;
useACMEHost = cfg.domain;
locations = {
"/" = {
proxyPass = "http://localhost:${toString cfg.ports.local}";
};
};
};
};
users.users."stalwart-mail".extraGroups = ["nginx"];
services.stalwart-mail = {
enable = true;
openFirewall = true;
settings = {
server = {
hostname = cfg.domain;
tls = {
enable = true;
};
listener = {
smtp = {
protocol = "smtp";
bind = ["[::]:25"];
};
lmtp = {
protocol = "lmtp";
bind = ["[::]:24"];
};
jmap = {
protocol = "http";
bind = ["[::]:8080"];
tls.implicit = true;
};
imap = {
protocol = "imap";
bind = ["[::]:143"];
};
imaps = {
protocol = "imap";
bind = ["[::]:993"];
tls.implicit = true;
};
submission = {
protocol = "smtp";
bind = ["[::]:587"];
};
submissions = {
protocol = "smtp";
bind = ["[::]:465"];
tls.implicit = true;
};
management = {
protocol = "http";
bind = "127.0.0.1:${toString cfg.ports.local}";
};
};
};
lookup.default = {
hostname = cfg.domain;
domain = cfg.domain;
};
certificate.default = {
default = true;
cert = "%{file:/var/lib/acme/${cfg.domain}/cert.pem}%";
private-key = "%{file:/var/lib/acme/${cfg.domain}/key.pem}%";
};
storage = {
data = "db";
fts = "db";
block = "db";
lookup = "db";
directory = "internal";
};
directory."internal" = {
type = "internal";
store = "db";
};
tracer."stdout" = {
type = "stdout";
level = "info";
ansi = false;
enable = true;
};
session.rcpt = {
directory = "'internal'";
};
spam-filter = {
score.spam = "10.0";
};
};
};
}
Reference in a new issue View git blame Copy permalink