diff options
| author | sils <sils@sils.li> | 2023-03-07 19:40:49 +0100 |
|---|---|---|
| committer | sils <sils@sils.li> | 2023-03-07 19:48:12 +0100 |
| commit | 820efecae8c72ee3f9c6f4981d43ce19fe660dc3 (patch) | |
| tree | 9ca75dc7baebad7cf9eab78b28072d18ebaed311 | |
| parent | Feat: Add Website (diff) | |
| download | nixos-server-820efecae8c72ee3f9c6f4981d43ce19fe660dc3.tar.gz nixos-server-820efecae8c72ee3f9c6f4981d43ce19fe660dc3.zip | |
Feat: Add mailserver
Diffstat (limited to '')
| -rw-r--r-- | flake.lock | 86 | ||||
| -rw-r--r-- | flake.nix | 34 | ||||
| -rw-r--r-- | services/services/acme.nix | 23 |
3 files changed, 141 insertions, 2 deletions
diff --git a/flake.lock b/flake.lock index 8af459c..7848d91 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,21 @@ { "nodes": { + "blobs": { + "flake": false, + "locked": { + "lastModified": 1604995301, + "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=", + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "type": "gitlab" + } + }, "nixpkgs": { "locked": { "lastModified": 1675512093, @@ -16,9 +32,77 @@ "type": "github" } }, + "nixpkgs-22_11": { + "locked": { + "lastModified": 1669558522, + "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-22.11", + "type": "indirect" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1669542132, + "narHash": "sha256-DRlg++NJAwPh8io3ExBJdNW7Djs3plVI5jgYQ+iXAZQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a115bb9bd56831941be3776c8a94005867f316a7", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + }, "root": { "inputs": { - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs", + "simple-nixos-mailserver": "simple-nixos-mailserver" + } + }, + "simple-nixos-mailserver": { + "inputs": { + "blobs": "blobs", + "nixpkgs": "nixpkgs_2", + "nixpkgs-22_11": "nixpkgs-22_11", + "utils": "utils" + }, + "locked": { + "lastModified": 1671659164, + "narHash": "sha256-DbpT+v1POwFOInbrDL+vMbYV3mVbTkMxmJ5j50QnOcA=", + "owner": "simple-nixos-mailserver", + "repo": "nixos-mailserver", + "rev": "bc667fb6afc45f6cc2d118ab77658faf2227cffd", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "ref": "nixos-22.11", + "repo": "nixos-mailserver", + "type": "gitlab" + } + }, + "utils": { + "locked": { + "lastModified": 1605370193, + "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5021eac20303a61fafe17224c087f5519baed54d", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" } } }, diff --git a/flake.nix b/flake.nix index 9df3c84..e087f96 100644 --- a/flake.nix +++ b/flake.nix @@ -4,17 +4,49 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11-small"; + simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-22.11"; }; outputs = { self, nixpkgs, + simple-nixos-mailserver, ... } @ attrs: { nixosConfigurations."server1" = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = attrs; - modules = [./hosts/server1/configuration.nix]; + modules = [ + ./hosts/server1/configuration.nix + simple-nixos-mailserver.nixosModule + { + mailserver = { + enable = true; + fqdn = "server1.vhack.eu"; + domains = ["vhack.eu"]; + + mailDirectory = "/srv/mail/vmail"; + dkimKeyDirectory = "/srv/mail/dkim"; + backup.snapshotRoot = "/srv/mail/backup"; + + loginAccounts = { + "sils@vhack.eu" = { + hashedPasswordFile = "/srv/mail/.secrets/silsmailpswd"; + }; + }; + + extraVirtualAliases = { + "abuse@vhack.eu" = ["sils@vhack.eu"]; + "postmaster@vhack.eu" = ["sils@vhack.eu"]; + }; + + sieveDirectory = "/srv/mail/sieve"; + keyFile = "/var/lib/acme/server1.vhack.eu/key.pem"; + certificateScheme = 1; + certificateFile = "/var/lib/acme/server1.vhack.eu/fullchain.pem"; + }; + } + ]; }; }; } diff --git a/services/services/acme.nix b/services/services/acme.nix index 42f9ed5..7e39174 100644 --- a/services/services/acme.nix +++ b/services/services/acme.nix @@ -1,6 +1,29 @@ {...}: { + users.users.nginx.extraGroups = ["acme"]; + + services.nginx = { + enable = true; + virtualHosts = { + "acmechallenge.vhack.eu" = { + serverAliases = ["*.vhack.eu"]; + locations."/.well-known/acme-challenge" = { + root = "/var/lib/acme/.challenges"; + }; + locations."/" = { + return = "301 https://$host$request_uri"; + }; + }; + }; + }; + security.acme = { acceptTerms = true; defaults.email = "admin@vhack.eu"; + certs = { + "server1.vhack.eu" = { + webroot = "/var/lib/acme/.challenges"; + group = "nginx"; + }; + }; }; } |