2024-01-06 01:19:35 +01:00
|
|
|
|
# SPDX-FileCopyrightText: 2021-2023 Simon Bruder <simon@sbruder.de>
|
|
|
|
|
#
|
|
|
|
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
|
|
2023-05-31 13:11:12 +02:00
|
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
|
let
|
|
|
|
|
cfg = config.sbruder.mailserver;
|
|
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
options.sbruder.mailserver = with lib; with lib.types; {
|
|
|
|
|
enable = mkEnableOption "simple mail server";
|
|
|
|
|
fqdn = mkOption {
|
|
|
|
|
type = str;
|
|
|
|
|
description = ''
|
|
|
|
|
FQDN of the mail server
|
|
|
|
|
|
|
|
|
|
It needs to have a matching reverse DNS record.
|
|
|
|
|
By default, an acme certificate with this name has to be present.
|
|
|
|
|
See `certDir` for more details.
|
|
|
|
|
'';
|
|
|
|
|
example = "mail.example.com";
|
|
|
|
|
};
|
|
|
|
|
storage = mkOption {
|
|
|
|
|
type = path;
|
|
|
|
|
description = "Location of the storage for mails";
|
|
|
|
|
default = "/var/vmail";
|
|
|
|
|
};
|
|
|
|
|
domains = mkOption {
|
|
|
|
|
type = listOf str;
|
|
|
|
|
description = "Domains to serve";
|
|
|
|
|
example = [ "example.com" "example.org" ];
|
|
|
|
|
};
|
|
|
|
|
certDir = mkOption {
|
|
|
|
|
type = path;
|
|
|
|
|
description = "Directory with `fullchain.pem` and `key.pem` for the FQDN. Defaults to the ACME directory of the FQDN.";
|
|
|
|
|
default = config.security.acme.certs."${cfg.fqdn}".directory;
|
|
|
|
|
};
|
|
|
|
|
users = mkOption {
|
|
|
|
|
type = listOf (submodule {
|
|
|
|
|
options = {
|
|
|
|
|
address = mkOption {
|
|
|
|
|
type = str;
|
|
|
|
|
description = "Primary e-mail address of the user";
|
|
|
|
|
example = "jdoe@example.com";
|
|
|
|
|
};
|
|
|
|
|
passwordHash = mkOption {
|
|
|
|
|
type = str;
|
|
|
|
|
description = ''
|
|
|
|
|
Bcrypt hash of the user’s password. Please note that it will be
|
|
|
|
|
world-readable in the nix store.
|
|
|
|
|
|
|
|
|
|
You can generate a password with `nix run nixpkgs.apacheHttpd -c
|
|
|
|
|
htpasswd -nBC 12 "" | cut -d: -f2`
|
|
|
|
|
'';
|
|
|
|
|
example = "$2y$05$SHxhwVGx.XCd19HAcb1NKuidUxW1BwU7GeO0ZIcMTc5t2uZoYLVRK";
|
|
|
|
|
};
|
|
|
|
|
aliases = mkOption {
|
|
|
|
|
type = listOf str;
|
|
|
|
|
description = ''
|
|
|
|
|
A list of aliases for the user.
|
|
|
|
|
|
|
|
|
|
If multiple users have the same alias defined, mail will be
|
|
|
|
|
delivered to both of them.
|
|
|
|
|
'';
|
|
|
|
|
default = [ ];
|
|
|
|
|
example = [
|
|
|
|
|
"j.doe@example.com"
|
|
|
|
|
"jane.doe@example.com"
|
|
|
|
|
"postmaster@example.com"
|
|
|
|
|
];
|
|
|
|
|
};
|
2024-08-28 11:30:05 +02:00
|
|
|
|
localOnly = mkOption {
|
|
|
|
|
type = bool;
|
|
|
|
|
description = "Whether the user should only be able to send mails to local domains.";
|
|
|
|
|
default = false;
|
|
|
|
|
example = true;
|
|
|
|
|
};
|
2023-05-31 13:11:12 +02:00
|
|
|
|
};
|
|
|
|
|
});
|
|
|
|
|
description = "Users of the mail server";
|
|
|
|
|
};
|
|
|
|
|
cleanHeaders = mkOption {
|
|
|
|
|
type = listOf str;
|
|
|
|
|
description = "A list of regular expressions that define what headers are filtered";
|
|
|
|
|
default = [
|
|
|
|
|
"/^\\s*Received:/"
|
|
|
|
|
"/^\\s*User-Agent:/"
|
|
|
|
|
"/^\\s*X-Mailer:/"
|
|
|
|
|
"/^\\s*X-Originating-IP:/"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
imports = [
|
|
|
|
|
./autoconfig.nix
|
|
|
|
|
./dkim.nix
|
|
|
|
|
./dns.nix
|
|
|
|
|
./dovecot.nix
|
|
|
|
|
./postfix.nix
|
|
|
|
|
./rspamd.nix
|
|
|
|
|
./users.nix
|
|
|
|
|
];
|
|
|
|
|
}
|