1 files changed, 51 insertions, 0 deletions

diff --git a/system/mail/default.nix b/system/mail/default.nix
new file mode 100644
index 0000000..7102958
--- /dev/null
+++ b/system/mail/default.nix
@@ -0,0 +1,51 @@
+# vim: ts=2
+{...}: let
+  all_admins = [
+    "sils@vhack.eu"
+    "soispha@vhack.eu"
+    "nightingale@vhack.eu"
+  ];
+in {
+  enable = true;
+  fqdn = "server1.vhack.eu";
+  domains = ["vhack.eu"];
+
+  useFsLayout = true;
+
+  loginAccounts = {
+    "sils@vhack.eu" = {
+      hashedPassword = "$2b$05$RW/Svgk7iGxvP5W7ZwUZ1e.a3fj4fteevb2MtfFYYD0d1DQ17y9Fm";
+    };
+    "soispha@vhack.eu" = {
+      hashedPassword = "$2b$05$XX36sJuHNbTFvi8DFldscOeQBHahluSkiUqD9QGzQaET7NJusSuQW";
+    };
+    "nightingale@vhack.eu" = {
+      hashedPassword = "$2b$05$THIS_PASSWORD_HASH_IS_NOT_REAL,_PLEASE_CHANGE_IT_..._"; # TODO change
+    };
+  };
+
+  extraVirtualAliases = {
+    "abuse@vhack.eu" = all_admins;
+    "postmaster@vhack.eu" = all_admins;
+    "admin@vhack.eu" = all_admins;
+  };
+
+  mailDirectory = "/srv/mail/vmail";
+  dkimKeyDirectory = "/srv/mail/dkim";
+  sieveDirectory = "/srv/mail/sieve";
+  backup.snapshotRoot = "/srv/mail/backup";
+
+  enableImap = false;
+  enableImapSsl = true;
+  enablePop3 = false;
+  enablePop3Ssl = true;
+  # SMTP
+  enableSubmission = false;
+  enableSubmissionSsl = true;
+  openFirewall = false; # handled below
+
+  keyFile = "/var/lib/acme/server1.vhack.eu/key.pem";
+  certificateScheme = 1;
+  certificateFile = "/var/lib/acme/server1.vhack.eu/fullchain.pem";
+
+}