X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fmail%2Fdefault.nix;h=fd6d638a843e7fa08e8073d0e5d89227d826b231;hb=ded643e14096a7cb166c78dd961cf68fb4ddb0cf;hp=ad2c6846ba9687672c2c72e704d1ef881738aa65;hpb=a929614f94d11a4f397e72e74f38b3212c24cdee;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/mail/default.nix b/modules/private/mail/default.nix
index ad2c684..fd6d638 100644
--- a/modules/private/mail/default.nix
+++ b/modules/private/mail/default.nix
@@ -1,12 +1,52 @@
-{ lib, pkgs, config, myconfig,  ... }:
+{ lib, pkgs, config, ... }:
 {
-  config.security.acme.certs."mail" = config.services.myCertificates.certConfig // {
-    domain = "eldiron.immae.eu";
-    extraDomains = let
-      zonesWithMx = builtins.filter (zone:
-        lib.attrsets.hasAttr "withEmail" zone && lib.lists.length zone.withEmail > 0
-      ) myconfig.env.dns.masterZones;
-      mxs = map (zone: "mx-1.${zone.name}") zonesWithMx;
-    in builtins.listToAttrs (map (mx: lib.attrsets.nameValuePair mx null) mxs);
+  imports = [
+    ./milters.nix
+    ./postfix.nix
+    ./dovecot.nix
+    ./relay.nix
+    ./rspamd.nix
+    ./opensmtpd.nix
+    ./sympa.nix
+  ];
+  options.myServices.mail.enable = lib.mkEnableOption "enable Mail services";
+  options.myServices.mailRelay.enable = lib.mkEnableOption "enable Mail relay services";
+  options.myServices.mailBackup.enable = lib.mkEnableOption "enable MX backup services";
+
+  config = lib.mkIf config.myServices.mail.enable {
+    security.acme.certs."mail" = config.myServices.certificates.certConfig // {
+      domain = config.hostEnv.fqdn;
+      extraDomains = let
+        zonesWithMx = builtins.filter (zone:
+          lib.attrsets.hasAttr "withEmail" zone && lib.lists.length zone.withEmail > 0
+        ) config.myEnv.dns.masterZones;
+        mxs = map (zone: "${config.hostEnv.mx.subdomain}.${zone.name}") zonesWithMx;
+      in builtins.listToAttrs (map (mx: lib.attrsets.nameValuePair mx null) mxs);
+    };
+    # This is for clients that don’t support elliptic curves (e.g.
+    # printer)
+    security.acme.certs."mail-rsa" = config.myServices.certificates.certConfig // {
+      domain = config.hostEnv.fqdn;
+      keyType = "rsa4096";
+      extraDomains = let
+        zonesWithMx = builtins.filter (zone:
+          lib.attrsets.hasAttr "withEmail" zone && lib.lists.length zone.withEmail > 0
+        ) config.myEnv.dns.masterZones;
+        mxs = map (zone: "${config.hostEnv.mx.subdomain}.${zone.name}") zonesWithMx;
+      in builtins.listToAttrs (map (mx: lib.attrsets.nameValuePair mx null) mxs);
+    };
+    services.duplyBackup.profiles = {
+      mail = {
+        remotes = [ "eriomem" "ovh" ];
+        rootDir = "/var/lib";
+        excludeFile = lib.mkAfter ''
+          + /var/lib/vhost
+          - /var/lib
+          '';
+      };
+    };
+    systemd.slices.mail = {
+      description = "Mail slice";
+    };
   };
 }