Simon Bruder
f945341668
This applies the REUSE specification to the repository, so the licensing information can be tracked for every file individually.
98 lines
2.8 KiB
Nix
98 lines
2.8 KiB
Nix
# SPDX-FileCopyrightText: 2021-2023 Simon Bruder <simon@sbruder.de>
|
||
#
|
||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||
|
||
{ config, lib, pkgs, ... }:
|
||
let
|
||
cfg = config.sbruder.mailserver;
|
||
in
|
||
{
|
||
options.sbruder.mailserver = with lib; with lib.types; {
|
||
enable = mkEnableOption "simple mail server";
|
||
fqdn = mkOption {
|
||
type = str;
|
||
description = ''
|
||
FQDN of the mail server
|
||
|
||
It needs to have a matching reverse DNS record.
|
||
By default, an acme certificate with this name has to be present.
|
||
See `certDir` for more details.
|
||
'';
|
||
example = "mail.example.com";
|
||
};
|
||
storage = mkOption {
|
||
type = path;
|
||
description = "Location of the storage for mails";
|
||
default = "/var/vmail";
|
||
};
|
||
domains = mkOption {
|
||
type = listOf str;
|
||
description = "Domains to serve";
|
||
example = [ "example.com" "example.org" ];
|
||
};
|
||
certDir = mkOption {
|
||
type = path;
|
||
description = "Directory with `fullchain.pem` and `key.pem` for the FQDN. Defaults to the ACME directory of the FQDN.";
|
||
default = config.security.acme.certs."${cfg.fqdn}".directory;
|
||
};
|
||
users = mkOption {
|
||
type = listOf (submodule {
|
||
options = {
|
||
address = mkOption {
|
||
type = str;
|
||
description = "Primary e-mail address of the user";
|
||
example = "jdoe@example.com";
|
||
};
|
||
passwordHash = mkOption {
|
||
type = str;
|
||
description = ''
|
||
Bcrypt hash of the user’s password. Please note that it will be
|
||
world-readable in the nix store.
|
||
|
||
You can generate a password with `nix run nixpkgs.apacheHttpd -c
|
||
htpasswd -nBC 12 "" | cut -d: -f2`
|
||
'';
|
||
example = "$2y$05$SHxhwVGx.XCd19HAcb1NKuidUxW1BwU7GeO0ZIcMTc5t2uZoYLVRK";
|
||
};
|
||
aliases = mkOption {
|
||
type = listOf str;
|
||
description = ''
|
||
A list of aliases for the user.
|
||
|
||
If multiple users have the same alias defined, mail will be
|
||
delivered to both of them.
|
||
'';
|
||
default = [ ];
|
||
example = [
|
||
"j.doe@example.com"
|
||
"jane.doe@example.com"
|
||
"postmaster@example.com"
|
||
];
|
||
};
|
||
};
|
||
});
|
||
description = "Users of the mail server";
|
||
};
|
||
cleanHeaders = mkOption {
|
||
type = listOf str;
|
||
description = "A list of regular expressions that define what headers are filtered";
|
||
default = [
|
||
"/^\\s*Received:/"
|
||
"/^\\s*User-Agent:/"
|
||
"/^\\s*X-Mailer:/"
|
||
"/^\\s*X-Originating-IP:/"
|
||
];
|
||
};
|
||
};
|
||
|
||
imports = [
|
||
./autoconfig.nix
|
||
./dkim.nix
|
||
./dns.nix
|
||
./dovecot.nix
|
||
./postfix.nix
|
||
./rspamd.nix
|
||
./users.nix
|
||
];
|
||
}
|