blob: c12e79d107558caac4cb88973ad53038cb77486c (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
{
config,
lib,
...
}: let
domainFqdn = config.customOps.domain.fqdn;
hostname = config.networking.hostName;
in {
sops.secrets = let
accounts = config.customOps.mailAccounts;
in
builtins.listToAttrs (
map (acc: {
name = accounts.${acc}.passwdFile;
value = {owner = "dovecot2";};
}) (builtins.attrNames accounts)
);
mailserver = {
enable = true;
stateVersion = 3;
fqdn = "${hostname}.${domainFqdn}";
domains = [domainFqdn];
systemDomain = domainFqdn;
systemName = domainFqdn;
systemContact = "postmaster@${domainFqdn}";
dmarcReporting.enable = true;
tlsrpt.enable = true;
fullTextSearch.enable = true;
virusScanning = true;
mailboxes = {
Archive = {
auto = "subscribe";
specialUse = "Archive";
};
Drafts = {
auto = "subscribe";
specialUse = "Drafts";
};
Junk = {
auto = "subscribe";
specialUse = "Junk";
};
Sent = {
auto = "subscribe";
specialUse = "Sent";
};
Trash = {
auto = "subscribe";
specialUse = "Trash";
};
};
loginAccounts =
lib.mapAttrs (account: cfg: {
aliases = cfg.aliases;
aliasesRegexp = cfg.aliasesRegex;
catchAll = cfg.catchAll;
hashedPasswordFile = config.sops.secrets.${cfg.passwdFile}.path;
sendOnly = cfg.sendOnly;
})
config.customOps.mailAccounts;
certificateScheme = "acme";
};
services.roundcube = {
enable = true;
hostName = "mail.${domainFqdn}";
extraConfig = ''
$config['imap_host'] = "ssl://${hostname}.${domainFqdn}";
$config['smtp_host'] = "ssl://${hostname}.${domainFqdn}";
$config['smtp_user'] = "%u";
$config['smtp_pass'] = "%p";
'';
};
}
|
