config changes

- network: add tor relay + snowflake proxy - email: regex alias for admin - search: enable some additional engines
2026-01-29 21:45:04 +02:00 · 2026-01-29 21:45:04 +02:00 · 0fefd6137a
commit 0fefd6137a
parent f9a39222be
10 changed files with 128 additions and 47 deletions
--- a/config/mail/default.nix
+++ b/config/mail/default.nix
@ -1,5 +1,7 @@
 {config, ...}: let
-  mailDomain = config.customOps.domain;
+  domainFqdn = config.customOps.domain.fqdn;
+  domainName = config.customOps.domain.name;
+  domainTld = config.customOps.domain.tld;
 in {
  sops.secrets = {
    "mailserver/root".owner = "dovecot2";
@ -11,13 +13,13 @@ in {
  mailserver = {
    enable = true;
    stateVersion = 3;
-    fqdn = mailDomain;
-    domains = [mailDomain];
+    fqdn = domainFqdn;
+    domains = [domainFqdn];

    virusScanning = true;

-    systemDomain = mailDomain;
-    systemName = mailDomain;
+    systemDomain = domainFqdn;
+    systemName = domainFqdn;

    dmarcReporting.enable = true;
    fullTextSearch.enable = true;
@ -46,29 +48,31 @@ in {
    };

    loginAccounts = {
-      "dmarc@${mailDomain}" = {
+      "dmarc@${domainFqdn}" = {
        hashedPasswordFile = config.sops.secrets."mailserver/dmarc".path;
        aliases = [
-          "rua@${mailDomain}"
-          "ruf@${mailDomain}"
+          "rua@${domainFqdn}"
+          "ruf@${domainFqdn}"
        ];
      };
-      "root@${mailDomain}" = {
+      "root@${domainFqdn}" = {
        hashedPasswordFile = config.sops.secrets."mailserver/root".path;
        aliases = [
-          "postmaster@${mailDomain}"
-          "security@${mailDomain}"
-          "abuse@${mailDomain}"
-          "webmaster@${mailDomain}"
-          "admin@${mailDomain}"
-          "info@${mailDomain}"
-          "support@${mailDomain}"
+          "postmaster@${domainFqdn}"
+          "security@${domainFqdn}"
+          "abuse@${domainFqdn}"
+          "webmaster@${domainFqdn}"
+          "info@${domainFqdn}"
+          "support@${domainFqdn}"
+        ];
+        aliasesRegexp = [
+          "/^admin\\..*@${domainName}\\.${domainTld}$/"
        ];
      };
-      "contact@${mailDomain}" = {
+      "contact@${domainFqdn}" = {
        hashedPasswordFile = config.sops.secrets."mailserver/contact".path;
-        aliases = ["@${mailDomain}"];
-        catchAll = [mailDomain];
+        aliases = ["@${domainFqdn}"];
+        catchAll = [domainFqdn];
      };
    };
    certificateScheme = "acme";
@ -76,10 +80,10 @@ in {

  services.roundcube = {
    enable = true;
-    hostName = "mail.${mailDomain}";
+    hostName = "mail.${domainFqdn}";
    extraConfig = ''
-      $config['imap_host'] = "ssl://${mailDomain}";
-      $config['smtp_host'] = "ssl://${mailDomain}";
+      $config['imap_host'] = "ssl://${domainFqdn}";
+      $config['smtp_host'] = "ssl://${domainFqdn}";
      $config['smtp_user'] = "%u";
      $config['smtp_pass'] = "%p";
    '';
@ -98,7 +102,7 @@ in {

  services.nginx = {
    enable = true;
-    virtualHosts."cal.${mailDomain}" = {
+    virtualHosts."cal.${domainFqdn}" = {
      forceSSL = true;
      enableACME = true;
      locations."/" = {