[perso/Immae/Config/Nix.git] / modules / private / mail / default.nix

{ lib, pkgs, config, ... }:
{
  imports = [
    ./milters.nix
    ./postfix.nix
    ./dovecot.nix
    ./relay.nix
    ./rspamd.nix
    ./opensmtpd.nix
    ./sympa.nix
  ];
  options.myServices.mail.enable = lib.mkEnableOption "enable Mail services";
  options.myServices.mailRelay.enable = lib.mkEnableOption "enable Mail relay services";
  options.myServices.mailBackup.enable = lib.mkEnableOption "enable MX backup services";

  config = lib.mkIf config.myServices.mail.enable {
    security.acme.certs."mail" = config.myServices.certificates.certConfig // {
      postRun = lib.mkBefore ''
        cp -f fullchain.pem /etc/dovecot/fullchain.pem
        chown :dovecot2 /etc/dovecot/fullchain.pem
        chmod a+r /etc/dovecot/fullchain.pem
      '';
      domain = config.hostEnv.fqdn;
      extraDomainNames = let
        zonesWithMx = builtins.filter (zone:
          lib.attrsets.hasAttr "withEmail" zone && lib.lists.length zone.withEmail > 0
        ) config.myEnv.dns.masterZones;
        mxs = map (zone: "${config.hostEnv.mx.subdomain}.${zone.name}") zonesWithMx;
      in mxs;
    };
    # This is for clients that don’t support elliptic curves (e.g.
    # printer)
    security.acme.certs."mail-rsa" = config.myServices.certificates.certConfig // {
      postRun = lib.mkBefore ''
        cp -f fullchain.pem /etc/dovecot/fullchain-rsa.pem
        chown :dovecot2 /etc/dovecot/fullchain-rsa.pem
        chmod a+r /etc/dovecot/fullchain-rsa.pem
      '';
      domain = config.hostEnv.fqdn;
      keyType = "rsa4096";
      extraDomainNames = let
        zonesWithMx = builtins.filter (zone:
          lib.attrsets.hasAttr "withEmail" zone && lib.lists.length zone.withEmail > 0
        ) config.myEnv.dns.masterZones;
        mxs = map (zone: "${config.hostEnv.mx.subdomain}.${zone.name}") zonesWithMx;
      in mxs;
    };
    systemd.slices.mail = {
      description = "Mail slice";
    };
  };
}
Commit	Line	Data
619e4f46	1	{ lib, pkgs, config, ... }:
a929614f	2	{
8415083e IB	3	imports = [
	4	./milters.nix
	5	./postfix.nix
	6	./dovecot.nix
619e4f46	7	./relay.nix
8415083e	8	./rspamd.nix
deca5e9b	9	./opensmtpd.nix
418a4ed7	10	./sympa.nix
8415083e IB	11	];
8415083e IB	12	options.myServices.mail.enable = lib.mkEnableOption "enable Mail services";
deca5e9b	13	options.myServices.mailRelay.enable = lib.mkEnableOption "enable Mail relay services";
619e4f46	14	options.myServices.mailBackup.enable = lib.mkEnableOption "enable MX backup services";
8415083e IB	15
8415083e IB	16	config = lib.mkIf config.myServices.mail.enable {
5400b9b6	17	security.acme.certs."mail" = config.myServices.certificates.certConfig // {
e34b3079 IB	18	postRun = lib.mkBefore ''
	19	cp -f fullchain.pem /etc/dovecot/fullchain.pem
	20	chown :dovecot2 /etc/dovecot/fullchain.pem
	21	chmod a+r /etc/dovecot/fullchain.pem
	22	'';
619e4f46	23	domain = config.hostEnv.fqdn;
e34b3079	24	extraDomainNames = let
8415083e IB	25	zonesWithMx = builtins.filter (zone:
8415083e IB	26	lib.attrsets.hasAttr "withEmail" zone && lib.lists.length zone.withEmail > 0
ab8f306d	27	) config.myEnv.dns.masterZones;
619e4f46	28	mxs = map (zone: "${config.hostEnv.mx.subdomain}.${zone.name}") zonesWithMx;
e34b3079	29	in mxs;
8415083e	30	};
5153eb54 IB	31	# This is for clients that don’t support elliptic curves (e.g.
	32	# printer)
	33	security.acme.certs."mail-rsa" = config.myServices.certificates.certConfig // {
e34b3079 IB	34	postRun = lib.mkBefore ''
	35	cp -f fullchain.pem /etc/dovecot/fullchain-rsa.pem
	36	chown :dovecot2 /etc/dovecot/fullchain-rsa.pem
	37	chmod a+r /etc/dovecot/fullchain-rsa.pem
	38	'';
5153eb54 IB	39	domain = config.hostEnv.fqdn;
5153eb54 IB	40	keyType = "rsa4096";
e34b3079	41	extraDomainNames = let
5153eb54 IB	42	zonesWithMx = builtins.filter (zone:
	43	lib.attrsets.hasAttr "withEmail" zone && lib.lists.length zone.withEmail > 0
	44	) config.myEnv.dns.masterZones;
	45	mxs = map (zone: "${config.hostEnv.mx.subdomain}.${zone.name}") zonesWithMx;
e34b3079	46	in mxs;
5153eb54	47	};
850adcf4 IB	48	systemd.slices.mail = {
	49	description = "Mail slice";
	50	};
6a8252b1	51	};
a929614f	52	}