mail: add roundcube + radicale, enable virus scanning, upgrade passwords to bcrypt
Some checks failed
/ deploy (push) Failing after 9s
Some checks failed
/ deploy (push) Failing after 9s
This commit is contained in:
parent
ee456b274e
commit
31417b97a7
SSH key fingerprint:
SHA256:/NaO5I1nG3gYKzrzSiTYIdRyaIYxDWfr1U+d+yfJ/4k
2 changed files with 59 additions and 5 deletions
|
|
@ -1,4 +1,9 @@
|
|||
{config, ...}: let
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
mailDomain = config.customOps.domain;
|
||||
in {
|
||||
sops.secrets = {
|
||||
|
|
@ -11,6 +16,8 @@ in {
|
|||
fqdn = mailDomain;
|
||||
domains = [mailDomain];
|
||||
|
||||
virusScanning = true;
|
||||
|
||||
systemDomain = mailDomain;
|
||||
systemName = mailDomain;
|
||||
|
||||
|
|
@ -57,4 +64,51 @@ in {
|
|||
};
|
||||
certificateScheme = "acme";
|
||||
};
|
||||
|
||||
services.roundcube = {
|
||||
enable = true;
|
||||
hostName = "mail.${mailDomain}";
|
||||
extraConfig = ''
|
||||
$config['imap_host'] = "ssl://${mailDomain}";
|
||||
$config['smtp_host'] = "ssl://${mailDomain}";
|
||||
$config['smtp_user'] = "%u";
|
||||
$config['smtp_pass'] = "%p";
|
||||
'';
|
||||
};
|
||||
|
||||
services.radicale = let
|
||||
mailAccounts = config.mailserver.loginAccounts;
|
||||
htpasswd = pkgs.writeText "radicale.users" (
|
||||
lib.concatStrings
|
||||
(lib.flip lib.mapAttrsToList mailAccounts (
|
||||
mail: user:
|
||||
mail + ":" + user.hashedPassword + "\n"
|
||||
))
|
||||
);
|
||||
in {
|
||||
enable = true;
|
||||
settings = {
|
||||
auth = {
|
||||
type = "htpasswd";
|
||||
htpasswd_filename = "${htpasswd}";
|
||||
htpasswd_encryption = "bcrypt";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts."cal.${mailDomain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:5232/";
|
||||
extraConfig = ''
|
||||
proxy_set_header X-Script-Name /;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_pass_header Authorization;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@ ssh:
|
|||
owner: ENC[AES256_GCM,data:LqatOCIAcAvYF354I5itm/rAp5S8UdyONgtK/CEvUq66isiqp+QhV3L1WiW10R8OOm4+nD70uzu4hMnSVxGfNPd8ysE7PUoTGstNFf06uwDtbRiVkJ8=,iv:LW2LwZexi/WliJ7zsoWG0nUSjk2rk5y5++LFI80qLBQ=,tag:3MpE+WVLtMwl8XeFno5FBQ==,type:str]
|
||||
nix-deploy: ENC[AES256_GCM,data:zPNvcKrGwsBJUPeYUhGVB9jPsqxG0Wo5G1hj+iwu34u12Egq1w8MYLF/kOj8XN7OOtcNmN2sr09EaD/a70gIltSeNVmEJh8u+kIehFp2UC5IKYJ5FHlGJP8+BQ==,iv:t93JWiWsdi3ihxfI6zvt4KJbywvNw2IyIWeKu+KspX8=,tag:XhD3LD8DXFAEWZXt34MC+g==,type:str]
|
||||
mailserver:
|
||||
contact: ENC[AES256_GCM,data:bDC9e4GzBn6c+yT4NOOVlcqQ86ynDkTZhKKE6Ck6xlwWpPYfngP+rffzsX0bL61N0ruMUuUD1XEcdRNz,iv:wqgBzTYa3ipeuUN7YhkH87U6vKb9pGyOS89SekqojLc=,tag:lQfSZm9OVYJ9dgT2WoBYsg==,type:str]
|
||||
forgejo: ENC[AES256_GCM,data:nDGMlxhJIlLr3ynR9ftRPqSdKNxxy8FVItRNLXVrbbbaIttpHUve68hz7O7s/v9qo1a14HvP5Z/NKuErRVsUzJJFRuDqwoywWg==,iv:eyf33mOOCOtEfRGLQqXFO2KEIJzWAflUXssf8qWwck4=,tag:sti3pRMbhunTsAVqQ6JJVw==,type:str]
|
||||
contact: ENC[AES256_GCM,data:VjQfXiEzvBrIeLwLtS2UPjG/fAICk3hUtFPRKHN+v7cd8aSc45u90Ho3uKyKvnIaVyfoRwN21NvK4Vbb,iv:VJbxNwzipmV2yIruBsHX4z/FNy+AJq8Xp97bw/Bogpc=,tag:bc3BwY4xQNmQbQZpIEynYQ==,type:str]
|
||||
forgejo: ENC[AES256_GCM,data:7bZQ5+WET1aAFXO2+R9kt9aA2PpEqhDaj9IE1t4UEgGNzn5D+tRsh+YEI73PPTRmjH7p8HKoo/eutVj3,iv:FD+gjIz5/o1sZGWRMMQEzoX09UJD8Ptk37GuMGcnB7o=,tag:6syos0wvs2e98JNyIoFHsg==,type:str]
|
||||
searx: ENC[AES256_GCM,data:n451XLvOi2D2YvL0/+ko+HyXWEU7uuVlivkFsKxIzq1EWqMVEhFgEAt1k8W15AdgLY1xo455fUbL6/W1uSFO8w==,iv:QfX7s4l4QuZ8/85Q/+0OWezDGqOKXdY7B5M6wq/5tAM=,tag:ppZXewIAN0IdRMgrIIKTmg==,type:str]
|
||||
actions_runner:
|
||||
token: ENC[AES256_GCM,data:K3l1i8TlOh4P0m0HvI/U97weP2BzPxkiz1DYvAFL8ergFVYHsE62A92rVxIAlQ==,iv:BIITpfqKa/IA7dQfmoNTA2dhB91jn7Ay7Ihib+2Mddg=,tag:Ojk4407BhM7b4LjmnPuZjA==,type:str]
|
||||
|
|
@ -23,7 +23,7 @@ sops:
|
|||
L0NsZWFmd3UwblExc3UrVVVraHVTTm8KyUN1t1NgQG8+zHViKXT4fwnuFBVgzhYw
|
||||
WbCHfzut3a55ta1B50hQGFlPcUZDPImUg4wKmkdc7vurg02vOTgwUQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2026-01-07T04:26:03Z"
|
||||
mac: ENC[AES256_GCM,data:4gTYhPcQ9ejFDiCtCqH5y+pDEez7pvtoAIySp2tyJ/8Q/DUQE2xhqBd7kvCZyo88jOujpjIbbppKKwfrOafK9M31v6tUgqTHLu9bsl2T91+qJCZVrrDZ8xMj4FoQ2c5zXNWPVQCjsMHWbRJTxgdb+HCb9PtUO//et+okiSoITek=,iv:GqVlL+126jmUfVhyQuvorULlkDDE2w+idYsAqrAqw7Q=,tag:p3dPQMFllXNKG8C9CfM7Xg==,type:str]
|
||||
lastmodified: "2026-01-28T16:51:31Z"
|
||||
mac: ENC[AES256_GCM,data:WEbG4365DWEy9Fz/SyP6uI8Vr6+wbi6o5J82lxvTB7QXLMqXSKyKdMMy1LOdiY2EVnXIBlgC9rzMJoJgwr00SdgVjH/ZJRZWjM7f8qk8yUzMqnMk+M82/SqD6pLqoLrguuSEsRgHSHNSt5qn0mH4vJ6OABAiquCsRHy4swe6Z8g=,iv:1WPSoebje5WRTIe7ww2/9iLpeVvS4xS/SRharN8B4/s=,tag:a28eAA7d3tHL3rQ+gQkFHQ==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.11.0
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue