migrate to nix flake

2021-10-11 10:43:57 +02:00 · 2021-10-11 10:43:57 +02:00 · 53cf463bba
commit 53cf463bba
parent 999ee11693
7 changed files with 183 additions and 95 deletions
--- a/systems/LoutreOS/services.nix
+++ b/systems/LoutreOS/services.nix
@ -26,7 +26,6 @@ in

 {
  imports = [
-    ../../services/mail-server.nix
    ../../services/python-ci.nix
    ../../services/sdtdserver.nix
    # ../../containers/vsftpd.nix
@ -36,7 +35,62 @@ in
    ./web.nix
  ];

+  security.acme.certs = {
+    "${domaine}" = {
+      extraDomainNames = [
+        "mail.${domaine}"
+      ];
+      postRun = ''
+        systemctl reload dovecot2.service
+      '';
+    };
+  };
+
+  mailserver = {
+    enable = true;
+    fqdn = "mail.${domaine}";
+    domains = [ domaine ];
+
+    # A list of all login accounts. To create the password hashes, use
+    # mkpasswd -m sha-512 "super secret password"
+    loginAccounts = {
+      "paul@${domaine}" = {
+        hashedPassword = "$6$8wWQbtqVqUoH8$pQKg0bZPcjCbuPvyhjJ1lQy949M/AgfmAye/hDEIVUnCfwtlUxC1yj8CBHpNKeiiXhd8IUqk9r0/IJNvB6okf0";
+      };
+      "claire@${domaine}" = {
+        hashedPassword = "$6$Y.vlWP9./DX$NEQQOLzYftbHOvXDkKdBYFAjzIjh8mlpomDuQRq6qkkZijrdy/p6jSbrpBLhoWwVmj4j1OWekHU1f4C9xCNJk.";
+      };
+    };
+
+    # Certificate setup
+    certificateScheme = 1;
+    certificateFile = "/var/lib/acme/${domaine}/fullchain.pem";
+    keyFile = "/var/lib/acme/${domaine}/key.pem";
+
+    # Enable IMAP and POP3
+    enableImap = true;
+    enablePop3 = true;
+    enableImapSsl = true;
+    enablePop3Ssl = true;
+
+    # Enable the ManageSieve protocol
+    enableManageSieve = true;
+  };
+
  services = {
+    postfix = {
+      relayHost = "mailvps.nyanlout.re";
+      relayPort = 587;
+      config = {
+        smtp_tls_cert_file = lib.mkForce "/var/lib/postfix/postfixrelay.crt";
+        smtp_tls_key_file = lib.mkForce "/var/lib/postfix/postfixrelay.key";
+      };
+    };
+
+    rspamd.workers.controller.extraConfig = ''
+      secure_ip = ["127.0.0.1", "10.30.135.71"];
+    '';
+
    redis.enable = true;

    logrotate = {
@ -58,11 +112,6 @@ in

    fstrim.enable = true;

-    mailserver = {
-      enable = true;
-      domaine = domaine;
-    };
-
    syncthing = {
      enable = true;
      dataDir = "/var/lib/syncthing";