]>
Commit | Line | Data |
---|---|---|
1a64deeb IB |
1 | { lib, pkgs, config, ... }: |
2 | { | |
3 | imports = [ | |
4 | ./postfix.nix | |
5 | ./dovecot.nix | |
6 | ./rspamd.nix | |
7 | ./sympa.nix | |
8 | ]; | |
9 | ||
10 | options.myServices.mail.enable = lib.mkEnableOption "enable Mail services"; | |
11 | config = lib.mkIf config.myServices.mail.enable { | |
12 | myServices.mail.milters.enable = true; | |
13 | security.acme.certs."mail" = { | |
14 | postRun = lib.mkBefore '' | |
15 | cp -f fullchain.pem /etc/dovecot/fullchain.pem | |
16 | chown :dovecot2 /etc/dovecot/fullchain.pem | |
17 | chmod a+r /etc/dovecot/fullchain.pem | |
18 | ''; | |
19 | domain = config.hostEnv.fqdn; | |
20 | extraDomainNames = let | |
21 | zonesWithMx = builtins.attrNames (lib.filterAttrs (n: v: v.hasEmail) config.myServices.dns.zones); | |
22 | mxs = map (n: "${config.hostEnv.mx.subdomain}.${n}") zonesWithMx; | |
23 | in mxs; | |
24 | }; | |
25 | # This is for clients that don’t support elliptic curves (e.g. | |
26 | # printer) | |
27 | security.acme.certs."mail-rsa" = { | |
28 | postRun = lib.mkBefore '' | |
29 | cp -f fullchain.pem /etc/dovecot/fullchain-rsa.pem | |
30 | chown :dovecot2 /etc/dovecot/fullchain-rsa.pem | |
31 | chmod a+r /etc/dovecot/fullchain-rsa.pem | |
32 | ''; | |
33 | domain = config.hostEnv.fqdn; | |
34 | keyType = "rsa4096"; | |
35 | extraDomainNames = let | |
36 | zonesWithMx = builtins.attrNames (lib.filterAttrs (n: v: v.hasEmail) config.myServices.dns.zones); | |
37 | mxs = map (n: "${config.hostEnv.mx.subdomain}.${n}") zonesWithMx; | |
38 | in mxs; | |
39 | }; | |
40 | systemd.slices.mail = { | |
41 | description = "Mail slice"; | |
42 | }; | |
43 | }; | |
44 | } |