[perso/Immae/Config/Nix.git] / modules / private / mail / default.nix

{ lib, pkgs, config, ... }:
{
  imports = [
    ./milters.nix
    ./postfix.nix
    ./dovecot.nix
    ./relay.nix
    ./rspamd.nix
    ./opensmtpd.nix
    ./sympa.nix
  ];
  options.myServices.mail.enable = lib.mkEnableOption "enable Mail services";
  options.myServices.mailRelay.enable = lib.mkEnableOption "enable Mail relay services";
  options.myServices.mailBackup.enable = lib.mkEnableOption "enable MX backup services";

  config = lib.mkIf config.myServices.mail.enable {
    security.acme.certs."mail" = config.myServices.certificates.certConfig // {
      domain = config.hostEnv.fqdn;
      extraDomains = let
        zonesWithMx = builtins.filter (zone:
          lib.attrsets.hasAttr "withEmail" zone && lib.lists.length zone.withEmail > 0
        ) config.myEnv.dns.masterZones;
        mxs = map (zone: "${config.hostEnv.mx.subdomain}.${zone.name}") zonesWithMx;
      in builtins.listToAttrs (map (mx: lib.attrsets.nameValuePair mx null) mxs);
    };
    # This is for clients that don’t support elliptic curves (e.g.
    # printer)
    security.acme.certs."mail-rsa" = config.myServices.certificates.certConfig // {
      domain = config.hostEnv.fqdn;
      keyType = "rsa4096";
      extraDomains = let
        zonesWithMx = builtins.filter (zone:
          lib.attrsets.hasAttr "withEmail" zone && lib.lists.length zone.withEmail > 0
        ) config.myEnv.dns.masterZones;
        mxs = map (zone: "${config.hostEnv.mx.subdomain}.${zone.name}") zonesWithMx;
      in builtins.listToAttrs (map (mx: lib.attrsets.nameValuePair mx null) mxs);
    };
    services.duplyBackup.profiles = {
      mail = {
        rootDir = "/var/lib";
        excludeFile = lib.mkAfter ''
          + /var/lib/vhost
          - /var/lib
          '';
      };
    };
  };
}
Commit	Line	Data
	1	{ lib, pkgs, config, ... }:
	2	{
	3	imports = [
	4	./milters.nix
	5	./postfix.nix
	6	./dovecot.nix
	7	./relay.nix
	8	./rspamd.nix
	9	./opensmtpd.nix
	10	./sympa.nix
	11	];
	12	options.myServices.mail.enable = lib.mkEnableOption "enable Mail services";
	13	options.myServices.mailRelay.enable = lib.mkEnableOption "enable Mail relay services";
	14	options.myServices.mailBackup.enable = lib.mkEnableOption "enable MX backup services";
	15
	16	config = lib.mkIf config.myServices.mail.enable {
	17	security.acme.certs."mail" = config.myServices.certificates.certConfig // {
	18	domain = config.hostEnv.fqdn;
	19	extraDomains = let
	20	zonesWithMx = builtins.filter (zone:
	21	lib.attrsets.hasAttr "withEmail" zone && lib.lists.length zone.withEmail > 0
	22	) config.myEnv.dns.masterZones;
	23	mxs = map (zone: "${config.hostEnv.mx.subdomain}.${zone.name}") zonesWithMx;
	24	in builtins.listToAttrs (map (mx: lib.attrsets.nameValuePair mx null) mxs);
	25	};
	26	# This is for clients that don’t support elliptic curves (e.g.
	27	# printer)
	28	security.acme.certs."mail-rsa" = config.myServices.certificates.certConfig // {
	29	domain = config.hostEnv.fqdn;
	30	keyType = "rsa4096";
	31	extraDomains = let
	32	zonesWithMx = builtins.filter (zone:
	33	lib.attrsets.hasAttr "withEmail" zone && lib.lists.length zone.withEmail > 0
	34	) config.myEnv.dns.masterZones;
	35	mxs = map (zone: "${config.hostEnv.mx.subdomain}.${zone.name}") zonesWithMx;
	36	in builtins.listToAttrs (map (mx: lib.attrsets.nameValuePair mx null) mxs);
	37	};
	38	services.duplyBackup.profiles = {
	39	mail = {
	40	rootDir = "/var/lib";
	41	excludeFile = lib.mkAfter ''
	42	+ /var/lib/vhost
	43	- /var/lib
	44	'';
	45	};
	46	};
	47	};
	48	}