nixos-config/profiles/servers/mailserver.nix

163 lines
4.3 KiB
Nix
Raw Normal View History

2020-04-27 05:41:54 +04:00
{ pkgs, config, lib, inputs, ... }:
2023-02-06 22:36:26 +04:00
let module = toString inputs.simple-nixos-mailserver;
2020-02-17 17:00:59 +04:00
in {
imports = [ module ];
secrets.mailserver = {
owner = "dovecot2:dovecot2";
services = [ "dovecot2" ];
};
2021-03-18 23:37:59 +04:00
secrets.mailserver-mastodon = {
owner = "dovecot2:dovecot2";
services = [ "dovecot2" ];
};
2020-03-02 17:30:34 +04:00
services.postfix = {
2020-03-04 20:17:43 +04:00
dnsBlacklists = [
"all.s5h.net"
"b.barracudacentral.org"
"bl.spamcop.net"
"blacklist.woody.ch"
2020-03-04 20:18:38 +04:00
# "bogons.cymru.com"
2020-03-10 13:18:28 +04:00
# "cbl.abuseat.org"
# "combined.abuse.ch"
# "db.wpbl.info"
# "dnsbl-1.uceprotect.net"
# "dnsbl-2.uceprotect.net"
# "dnsbl-3.uceprotect.net"
2020-03-04 20:31:34 +04:00
# "dnsbl.anticaptcha.net"
2020-03-10 13:18:28 +04:00
# "dnsbl.dronebl.org"
# "dnsbl.inps.de"
# "dnsbl.sorbs.net"
# "dnsbl.spfbl.net"
# "drone.abuse.ch"
# "duinv.aupads.org"
# "dul.dnsbl.sorbs.net"
# "dyna.spamrats.com"
# "dynip.rothen.com"
# "http.dnsbl.sorbs.net"
# "ips.backscatterer.org"
# "ix.dnsbl.manitu.net"
# "korea.services.net"
# "misc.dnsbl.sorbs.net"
# "noptr.spamrats.com"
# "orvedb.aupads.org"
# "pbl.spamhaus.org"
# "proxy.bl.gweep.ca"
# "psbl.surriel.com"
# "relays.bl.gweep.ca"
# "relays.nether.net"
# "sbl.spamhaus.org"
# "singular.ttk.pte.hu"
# "smtp.dnsbl.sorbs.net"
# "socks.dnsbl.sorbs.net"
# "spam.abuse.ch"
# "spam.dnsbl.anonmails.de"
# "spam.dnsbl.sorbs.net"
# "spam.spamrats.com"
# "spambot.bls.digibase.ca"
# "spamrbl.imp.ch"
# "spamsources.fabel.dk"
# "ubl.lashback.com"
# "ubl.unsubscore.com"
# "virus.rbl.jp"
# "web.dnsbl.sorbs.net"
# "wormrbl.imp.ch"
# "xbl.spamhaus.org"
# "z.mailspike.net"
# "zen.spamhaus.org"
# "zombie.dnsbl.sorbs.net"
2020-03-04 20:17:43 +04:00
];
2020-03-04 20:40:40 +04:00
dnsBlacklistOverrides = ''
2020-03-04 20:41:16 +04:00
balsoft.ru OK
192.168.0.0/16 OK
2023-02-06 22:36:26 +04:00
${lib.concatMapStringsSep "\n" (machine: "${machine}.lan OK")
(builtins.attrNames inputs.self.nixosConfigurations)}
2020-03-04 20:40:40 +04:00
'';
2020-03-02 17:30:34 +04:00
};
2023-02-06 22:36:26 +04:00
services.dovecot2 = {
mailPlugins.globally.enable = [ "virtual" ];
extraConfig = ''
namespace {
prefix = virtual.
separator = .
location = virtual:~/Maildir/virtual
}
'';
};
systemd.tmpfiles.rules = [
"d /var/vmail/Maildir 700 virtualMail virtualMail - -"
"d /var/vmail/Maildir/virtual 700 virtualMail virtualMail - -"
"d /var/vmail/Maildir/virtual/all 700 virtualMail virtualMail - -"
"d /var/vmail/Maildir/virtual/INBOX 700 virtualMail virtualMail - -"
"L+ /var/vmail/Maildir/virtual/all/dovecot-virtual - - - - ${
pkgs.writeText "virtual.all" ''
*
all
''
}"
"L+ /var/vmail/Maildir/virtual/INBOX/dovecot-virtual - - - - ${
pkgs.writeText "virtual.INBOX" ''
virtual.all
inthread refs x-mailbox INBOX
''
}"
];
mailserver = {
2020-04-29 03:18:36 +04:00
enable = true;
fqdn = "balsoft.ru";
domains = [ "balsoft.ru" ];
2023-02-06 22:36:26 +04:00
mailboxes = {
Trash = {
auto = "no";
specialUse = "Trash";
};
Junk = {
auto = "subscribe";
specialUse = "Junk";
};
Drafts = {
auto = "subscribe";
specialUse = "Drafts";
};
Sent = {
auto = "subscribe";
specialUse = "Sent";
};
};
2020-02-17 17:00:59 +04:00
loginAccounts = {
"balsoft@balsoft.ru" = {
2023-02-06 22:36:26 +04:00
aliases = [
"balsoft"
"admin@balsoft.ru"
"patches"
"patches@balsoft.ru"
"issues"
"issues@balsoft.ru"
"admin"
"root@balsoft.ru"
"root"
2023-05-03 17:27:38 +04:00
"paypal@balsoft.ru"
"paypal"
2023-02-06 22:36:26 +04:00
];
hashedPasswordFile = config.secrets.mailserver.decrypted;
2023-02-03 15:02:27 +04:00
sieveScript = ''
if header :is "X-GitHub-Sender" "serokell-bot" {
discard;
stop;
}
'';
2020-02-17 17:00:59 +04:00
};
2021-03-18 23:37:59 +04:00
"mastodon@balsoft.ru" = {
aliases = [ "mastodon" ];
hashedPasswordFile = config.secrets.mailserver-mastodon.decrypted;
};
2020-02-17 17:00:59 +04:00
};
localDnsResolver = false;
2020-07-28 14:39:11 +04:00
certificateScheme = 1;
certificateFile = "/var/lib/acme/balsoft.ru/fullchain.pem";
keyFile = "/var/lib/acme/balsoft.ru/key.pem";
2020-02-17 17:00:59 +04:00
enableImap = true;
enableImapSsl = true;
virusScanning = false;
};
}