# SPDX-FileCopyrightText: 2021-2023 Simon Bruder # # SPDX-License-Identifier: AGPL-3.0-or-later { config, lib, pkgs, ... }: let cfg = config.sbruder.mailserver; in { options.sbruder.mailserver = with lib; with lib.types; { enable = mkEnableOption "simple mail server"; fqdn = mkOption { type = str; description = '' FQDN of the mail server It needs to have a matching reverse DNS record. By default, an acme certificate with this name has to be present. See `certDir` for more details. ''; example = "mail.example.com"; }; storage = mkOption { type = path; description = "Location of the storage for mails"; default = "/var/vmail"; }; domains = mkOption { type = listOf str; description = "Domains to serve"; example = [ "example.com" "example.org" ]; }; certDir = mkOption { type = path; description = "Directory with `fullchain.pem` and `key.pem` for the FQDN. Defaults to the ACME directory of the FQDN."; default = config.security.acme.certs."${cfg.fqdn}".directory; }; users = mkOption { type = listOf (submodule { options = { address = mkOption { type = str; description = "Primary e-mail address of the user"; example = "jdoe@example.com"; }; passwordHash = mkOption { type = str; description = '' Bcrypt hash of the user’s password. Please note that it will be world-readable in the nix store. You can generate a password with `nix run nixpkgs.apacheHttpd -c htpasswd -nBC 12 "" | cut -d: -f2` ''; example = "$2y$05$SHxhwVGx.XCd19HAcb1NKuidUxW1BwU7GeO0ZIcMTc5t2uZoYLVRK"; }; aliases = mkOption { type = listOf str; description = '' A list of aliases for the user. If multiple users have the same alias defined, mail will be delivered to both of them. ''; default = [ ]; example = [ "j.doe@example.com" "jane.doe@example.com" "postmaster@example.com" ]; }; localOnly = mkOption { type = bool; description = "Whether the user should only be able to send mails to local domains."; default = false; example = true; }; }; }); description = "Users of the mail server"; }; cleanHeaders = mkOption { type = listOf str; description = "A list of regular expressions that define what headers are filtered"; default = [ "/^\\s*Received:/" "/^\\s*User-Agent:/" "/^\\s*X-Mailer:/" "/^\\s*X-Originating-IP:/" ]; }; }; imports = [ ./autoconfig.nix ./dkim.nix ./dns.nix ./dovecot.nix ./postfix.nix ./rspamd.nix ./users.nix ]; }