104 lines
3 KiB
Nix
104 lines
3 KiB
Nix
# SPDX-FileCopyrightText: 2021-2023 Simon Bruder <simon@sbruder.de>
|
||
#
|
||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||
|
||
{ config, lib, pkgs, ... }:
|
||
let
|
||
cfg = config.sbruder.mailserver;
|
||
in
|
||
{
|
||
options.sbruder.mailserver = with lib; with lib.types; {
|
||
enable = mkEnableOption "simple mail server";
|
||
fqdn = mkOption {
|
||
type = str;
|
||
description = ''
|
||
FQDN of the mail server
|
||
|
||
It needs to have a matching reverse DNS record.
|
||
By default, an acme certificate with this name has to be present.
|
||
See `certDir` for more details.
|
||
'';
|
||
example = "mail.example.com";
|
||
};
|
||
storage = mkOption {
|
||
type = path;
|
||
description = "Location of the storage for mails";
|
||
default = "/var/vmail";
|
||
};
|
||
domains = mkOption {
|
||
type = listOf str;
|
||
description = "Domains to serve";
|
||
example = [ "example.com" "example.org" ];
|
||
};
|
||
certDir = mkOption {
|
||
type = path;
|
||
description = "Directory with `fullchain.pem` and `key.pem` for the FQDN. Defaults to the ACME directory of the FQDN.";
|
||
default = config.security.acme.certs."${cfg.fqdn}".directory;
|
||
};
|
||
users = mkOption {
|
||
type = listOf (submodule {
|
||
options = {
|
||
address = mkOption {
|
||
type = str;
|
||
description = "Primary e-mail address of the user";
|
||
example = "jdoe@example.com";
|
||
};
|
||
passwordHash = mkOption {
|
||
type = str;
|
||
description = ''
|
||
Bcrypt hash of the user’s password. Please note that it will be
|
||
world-readable in the nix store.
|
||
|
||
You can generate a password with `nix run nixpkgs.apacheHttpd -c
|
||
htpasswd -nBC 12 "" | cut -d: -f2`
|
||
'';
|
||
example = "$2y$05$SHxhwVGx.XCd19HAcb1NKuidUxW1BwU7GeO0ZIcMTc5t2uZoYLVRK";
|
||
};
|
||
aliases = mkOption {
|
||
type = listOf str;
|
||
description = ''
|
||
A list of aliases for the user.
|
||
|
||
If multiple users have the same alias defined, mail will be
|
||
delivered to both of them.
|
||
'';
|
||
default = [ ];
|
||
example = [
|
||
"j.doe@example.com"
|
||
"jane.doe@example.com"
|
||
"postmaster@example.com"
|
||
];
|
||
};
|
||
localOnly = mkOption {
|
||
type = bool;
|
||
description = "Whether the user should only be able to send mails to local domains.";
|
||
default = false;
|
||
example = true;
|
||
};
|
||
};
|
||
});
|
||
description = "Users of the mail server";
|
||
};
|
||
cleanHeaders = mkOption {
|
||
type = listOf str;
|
||
description = "A list of regular expressions that define what headers are filtered";
|
||
default = [
|
||
"/^\\s*Received:/"
|
||
"/^\\s*User-Agent:/"
|
||
"/^\\s*X-Mailer:/"
|
||
"/^\\s*X-Originating-IP:/"
|
||
];
|
||
};
|
||
};
|
||
|
||
imports = [
|
||
./autoconfig.nix
|
||
./dkim.nix
|
||
./dns.nix
|
||
./dovecot.nix
|
||
./postfix.nix
|
||
./rspamd.nix
|
||
./users.nix
|
||
];
|
||
}
|