118 lines
2.7 KiB
Nix
118 lines
2.7 KiB
Nix
{ config, lib, ... }:
|
|
|
|
{
|
|
microvm.mem = 2048;
|
|
|
|
networking.hostName = "mail";
|
|
|
|
c3d2 = {
|
|
deployment.server = "server10";
|
|
};
|
|
|
|
mailserver = let
|
|
inherit (config.security) ldap;
|
|
ldapFilter = ldap.searchFilterWithGroupFilter "mail-users" "(uid=%n)";
|
|
in {
|
|
enable = true;
|
|
certificateScheme = "acme-nginx";
|
|
# dmarcReporting = {
|
|
# enable = true;
|
|
# domain = "c3d2.de";
|
|
# organizationName = "Netzbiotop Dresden e.V.";
|
|
# };
|
|
domains = [ "netzbiotop.org" ];
|
|
dkimKeyBits = 2048;
|
|
dkimSelector = "default";
|
|
dkimSigning = true;
|
|
enableImap = true;
|
|
enableImapSsl = true;
|
|
enableManageSieve = true;
|
|
enablePop3 = true;
|
|
enablePop3Ssl = true;
|
|
enableSubmission = true;
|
|
enableSubmissionSsl = true;
|
|
extraVirtualAliases = {};
|
|
fqdn = "mail.flpk.zentralwerk.org";
|
|
ldap = {
|
|
enable = true;
|
|
bind = {
|
|
dn = ldap.bindDN;
|
|
passwordFile = config.sops.secrets."dovecot/ldapSearchUserPassword".path;
|
|
};
|
|
dovecot = {
|
|
passFilter = ldapFilter;
|
|
# userAttrs = "uidNumber=uid";
|
|
userFilter = ldapFilter;
|
|
};
|
|
postfix = {
|
|
filter = ldap.searchFilterWithGroupFilter "mail-users" "(isMemberOf=cn=%d-mail-users,ou=groups,dc=c3d2,dc=de)";
|
|
mailAttribute = "uid";
|
|
# uidAttribute = "uid";
|
|
};
|
|
searchBase = ldap.userBaseDN;
|
|
uris = [ "ldaps://${ldap.domainName}" ];
|
|
};
|
|
mailboxes = {
|
|
Drafts = {
|
|
auto = "subscribe";
|
|
specialUse = "Drafts";
|
|
};
|
|
Sent = {
|
|
auto = "subscribe";
|
|
specialUse = "Sent";
|
|
};
|
|
Spam = {
|
|
auto = "subscribe";
|
|
specialUse = "Junk";
|
|
};
|
|
Trash = {
|
|
auto = "subscribe";
|
|
specialUse = "Trash";
|
|
};
|
|
};
|
|
maxConnectionsPerUser = 10;
|
|
messageSizeLimit = 10240000; # 10 MiB
|
|
monitoring = {
|
|
# enable = true;
|
|
# alertAddress = "example@c3d2.de";
|
|
};
|
|
rejectRecipients = [ config.mailserver.dmarcReporting.localpart ];
|
|
virusScanning = false;
|
|
vmailGroupName = "vmail";
|
|
vmailUserName = "vmail";
|
|
};
|
|
|
|
services = {
|
|
backup = {
|
|
enable = true;
|
|
paths = [
|
|
"/var/lib/dovecot/"
|
|
"/var/lib/postfix/"
|
|
"/var/dkim/"
|
|
"/var/sieve/"
|
|
"/var/vmail/"
|
|
];
|
|
};
|
|
|
|
portunus.addToHosts = true;
|
|
|
|
postfix.mapFiles."valias" = lib.mkForce "/home/root/valias";
|
|
|
|
nginx = {
|
|
enable = true;
|
|
commonHttpConfig = /* nginx */ ''
|
|
proxy_headers_hash_bucket_size 96;
|
|
'';
|
|
};
|
|
};
|
|
|
|
sops = {
|
|
defaultSopsFile = ./secrets.yaml;
|
|
secrets."dovecot/ldapSearchUserPassword" = {
|
|
owner = config.users.users.dovecot2.name;
|
|
};
|
|
};
|
|
|
|
system.stateVersion = "23.11";
|
|
}
|