forked from c3d2/nix-config
Compare commits
2 Commits
master
...
nek0/mail_
Author | SHA1 | Date |
---|---|---|
Nek0 - | b1b4d8c994 | |
Nek0 - | b666d334b9 |
|
@ -1,9 +1,745 @@
|
|||
{
|
||||
networking.hostName = "mail";
|
||||
networking.useNetworkd = true;
|
||||
networking.interfaces.eth0.ipv4.addresses = [{
|
||||
address = "172.20.73.58";
|
||||
prefixLength = 26;
|
||||
}];
|
||||
networking.defaultGateway = "172.20.73.1";
|
||||
}
|
||||
{pkgs ? <nixpkgs>, ...}:
|
||||
let
|
||||
maildomain = "c3d2.de";
|
||||
hostname = "mail.c3d2.de";
|
||||
virtual_map = ''
|
||||
### system
|
||||
# postmaster
|
||||
postmaster root
|
||||
hostmaster@redmine.c3d2.de root
|
||||
hostmaster@pentapad.c3d2.de root
|
||||
hostmaster@wiki.c3d2.de root
|
||||
hostmaster@chat.c3d2.de nulli
|
||||
# hostmaster
|
||||
hostmaster@dresden.ccc.de fb@alien8.de, root
|
||||
hostmaster@datenspuren.de daniel@plominski.eu, root
|
||||
hostmaster root
|
||||
# root
|
||||
root@c3d2.de astro, morphium, nulli, eri, tboston
|
||||
root root@c3d2.de
|
||||
# webmaster
|
||||
webmaster astro, root
|
||||
# c3d2web
|
||||
c3d2web astro
|
||||
# Abuse
|
||||
abuse abuse@c3d2.de
|
||||
abuse@c3d2.de abuse@q-ix.net, root
|
||||
# listmaster
|
||||
listmaster@c3d2.de fb@c3d2.de, ps@c3d2.de, mail@c3d2.de
|
||||
list@c3d2.de nulli, koeart, morphium, vv01f, tboston
|
||||
list list@c3d2.de
|
||||
mailer-daemon list@c3d2.de
|
||||
# logcheck
|
||||
logcheck root
|
||||
# admin fuer gitolite
|
||||
admin@c3d2.de root, blastmaster@c3d2.de, john@tuxcode.org, nulli
|
||||
admin admin@c3d2.de
|
||||
# flatbert admins
|
||||
flatbert-admin@c3d2.de daniel@plominski.eu, astro@spaceboyz.net, john@tuxcode.org, paul@schwanse.de, morphium, ccc@poelzi.org, nulli@c3d2.de
|
||||
wiki@c3d2.de root
|
||||
## VPN
|
||||
vpn@c3d2.de astro, ccc@poelzi.org, vv01f
|
||||
### c3d2 user local home
|
||||
# nulli
|
||||
nulli@dresden.ccc.de nulli
|
||||
nulli@c3d2.de nulli
|
||||
webzwo0i@c3d2.de nulli
|
||||
#ispconfig trial, can be removed?
|
||||
hostmaster@jabber.c3d2.de nulli
|
||||
0i@c3d2.de nulli
|
||||
rec0very@c3d2.de nulli
|
||||
vr@c3d2.de nulli
|
||||
dock@c3d2.de nulli
|
||||
shodan@c3d2.de nulli
|
||||
tkradio@c3d2.de nulli, honky
|
||||
dict@c3d2.de nulli
|
||||
eb@c3d2.de nulli
|
||||
dropbox@c3d2.de nulli
|
||||
ebi@c3d2.de nulli
|
||||
goo@c3d2.de nulli
|
||||
dmi@c3d2.de nulli
|
||||
impffein@c3d2.de nulli
|
||||
gaga@c3d2.de nulli
|
||||
# astro
|
||||
# formerly: astro@spaceboyz.net
|
||||
astro@c3d2.de astro
|
||||
astro@netzbiotop.org astro
|
||||
# alien8
|
||||
a8 a8, fb@alien8.de
|
||||
a8@c3d2.de a8, fb@alien8.de
|
||||
fb@c3d2.de a8, fb@alien8.de
|
||||
alien8@c3d2.de a8, fb@alien8.de
|
||||
# pentabugs
|
||||
pentabugs@c3d2.de pentabugs
|
||||
# herr flupke
|
||||
hf@c3d2.de hf
|
||||
# santex
|
||||
# formerly:
|
||||
santex@c3d2.de santex
|
||||
hagen@c3d2.de santex
|
||||
#nek0
|
||||
nek0@c3d2.de nek0
|
||||
nek0@netzbiotop.org nek0
|
||||
pizza@c3d2.de nek0
|
||||
# ju
|
||||
ju@c3d2.de ju
|
||||
# vater
|
||||
vater@c3d2.de vater
|
||||
pavel@c3d2.de vater
|
||||
# flatbert
|
||||
flatbert@c3d2.de flatbert
|
||||
|
||||
###Datenspuren
|
||||
datenspuren@c3d2.de martin@christianix.de, blastmaster, bigalex, nek0, honky, koeart, xyrill@c3d2.de
|
||||
twitter@datenspuren.de mail@c3d2.de
|
||||
lightningtalks@datenspuren.de bigalex@c3d2.de, hcx23@mailbox.org, honky
|
||||
|
||||
### c3d2 user forwarding
|
||||
# riot
|
||||
riot@c3d2.de riot@bsd-crew.de
|
||||
# fukami
|
||||
fukami@c3d2.de ccc@foo.io
|
||||
# jens
|
||||
jens@c3d2.de weisse_jens@web.de
|
||||
# matthias
|
||||
matthias@c3d2.de matthias@bsd-crew.de
|
||||
# morphium
|
||||
morphium@c3d2.de c3d2@morphium.info
|
||||
morphium c3d2@morphium.info
|
||||
# tibyr
|
||||
tibyr@c3d2.de tibyr@alien8.de
|
||||
# twobit
|
||||
twobit@c3d2.de s8572327@gmail.com
|
||||
tboston tboston@posteo.net
|
||||
xyrill majewsky@posteo.de
|
||||
polaris ursa.minor@posteo.de
|
||||
|
||||
### c3d2 aliases
|
||||
## viele bunte smarties
|
||||
#astro seins
|
||||
eris@c3d2.de astro
|
||||
flauschi@c3d2.de astro
|
||||
kabelsalat@c3d2.de eris@c3d2.de
|
||||
fnord@c3d2.de eris@c3d2.de
|
||||
f.nord@c3d2.de eris@c3d2.de
|
||||
frauke@c3d2.de eris@c3d2.de
|
||||
fridolin@c3d2.de eris@c3d2.de
|
||||
pm@c3d2.de eris@c3d2.de
|
||||
# pre pre urzeit
|
||||
21c3fpdev@c3d2.de pentabarf@mail.skyhub.de
|
||||
ds-ic@c3d2.de ds-ic@mail.kruitzer.net
|
||||
# pentamusic
|
||||
podcast@c3d2.de pentaradio
|
||||
ps@c3d2.de koeart
|
||||
pentamusic@c3d2.de koeart
|
||||
pentaradio honky, xyrill@c3d2.de, siehm@c3d2.de, mole@mopox.de, vv01f, friedemann@wulff-woesten.de
|
||||
# autotopia - arbeitsgruppe zu atomatisierung
|
||||
autotopia@c3d2.de polaris, nos, nek0, adrien@informancer.eu
|
||||
# datenschleuder
|
||||
datenschleuder@c3d2.de koeart, nulli, john@tuxcode.org, datenschleuder@tuxcode.org
|
||||
# bestellungen fuer wem auch immer fuer den vllt. c3d2 oder privat, man weis es nicht
|
||||
bestellungen@c3d2.de c3d2@xvlc.de, bigalex, mail@c3d2.de
|
||||
#robmail addresse suchen
|
||||
peering@c3d2.de koeart, nulli, astro@spaceboyz.net
|
||||
freifunk@c3d2.de nulli, astro@spaceboyz.net
|
||||
# vorstand, schatzmeister, kassenwart
|
||||
schatzmeister@c3d2.de vorstand@c3d2.de
|
||||
kassenwart@c3d2.de vorstand@c3d2.de
|
||||
kassenwart@netzbiotop.org vorstand@c3d2.de
|
||||
vorstand@netzbiotop.org honky, winzlieb, nek0
|
||||
vorstand@c3d2.de honky, winzlieb, nek0
|
||||
# master of coin
|
||||
ln@c3d2.de bitcoin@c3d2.de
|
||||
crypto@c3d2.de bitcoin@c3d2.de
|
||||
bitcoin@c3d2.de vv01f
|
||||
# wire
|
||||
# project address, forward ziel fuer alle *.wire@c3d2.de siehe virtual.regex
|
||||
wire@c3d2.de wire
|
||||
|
||||
# adressen aus dem c3d2-web git
|
||||
2c3@c3d2.de mail@c3d2.de
|
||||
keysign@c3d2.de mail@c3d2.de
|
||||
news@c3d2.de mail@c3d2.de
|
||||
presse@c3d2.de mail@c3d2.de
|
||||
info@c3d2.de mail@c3d2.de
|
||||
# CmS Schule
|
||||
schule@c3d2.de cms@lists.c3d2.de
|
||||
|
||||
### c3d2 orga
|
||||
# mail@
|
||||
mail@c3d2.de astro, ibook@klobs.de, koeart, bigalex, morphium, nulli, vv01f, vater, nek0, tboston, xyrill, polaris, winzlieb, simon_ccc@liebing.cc
|
||||
mail@dresden.ccc.de mail@c3d2.de
|
||||
mail@c3dd.de mail@c3d2.de
|
||||
mail@cccdd.de mail@c3d2.de
|
||||
mail mail@c3d2.de
|
||||
werbung@c3d2.de mail@c3d2.de
|
||||
paypal@c3d2.de daniel@plominski.eu, astro, bigalex@c3d2.de, raz@c3d2.de, joerg@higgsboson.tk, mail
|
||||
mail@netzbiotop.org mail@c3d2.de
|
||||
|
||||
### ueber /home/blotter/bin/create_vmail_user hinzugefuegt
|
||||
# sven
|
||||
# formerly: sven@elektro-klemm.de
|
||||
sven@c3d2.de sven
|
||||
nevs@c3d2.de sven
|
||||
# blastmaster
|
||||
# formerly: oeste.sebastian@googlemail.com
|
||||
blastmaster@c3d2.de blastmaster
|
||||
blastermaster@c3d2.de blastmaster
|
||||
# koeart
|
||||
# formerly: paul@schwanse.de, koeart@zwoelfelf.org
|
||||
koeart@c3d2.de koeart
|
||||
# eri!
|
||||
# formerly: hans.orter@gmx.de
|
||||
eri@c3d2.de eri
|
||||
eri@cccdd.de eri
|
||||
eri@netzbiotop.org eri
|
||||
# pwnytail
|
||||
# formerly: jakobi@stura.htw-dresden.de
|
||||
pwnytail@c3d2.de pwnytail
|
||||
# darkwake
|
||||
# formerly: darkwake@freenet.de
|
||||
darkwake@c3d2.de darkwake
|
||||
# coeins
|
||||
# formerly: coeins@gmail.com
|
||||
coeins@c3d2.de coeins
|
||||
# bigalex
|
||||
# formerly: bigalex@gmx.de, alexander.lorz@tu-dresden.de
|
||||
bigalex@c3d2.de bigalex
|
||||
bigalex bigalex
|
||||
# lachmoewe
|
||||
# formerly: omg-lachmoewe@gmx.net
|
||||
lachmoewe@c3d2.de lachmoewe
|
||||
tf@c3d2.de lachmoewe
|
||||
# daniel.plominski
|
||||
daniel@c3d2.de daniel, daniel@plominski.eu
|
||||
daniel@dresden.ccc.de daniel, daniel@plominski.eu
|
||||
daniel.plominski@c3d2.de daniel, daniel@plominski.eu
|
||||
daniel.plominski@dresden.ccc.de daniel, daniel@plominski.eu
|
||||
# dodo
|
||||
# formerly: dodo.the.last@gmail.com
|
||||
dodo@c3d2.de dodo
|
||||
dodo@dresden.ccc.de dodo
|
||||
# payload
|
||||
# formerly: payload@payload-bay.de
|
||||
payload payload, s1394474@mail.zih.tu-dresden.de
|
||||
payload@c3d2.de payload, s1394474@mail.zih.tu-dresden.de
|
||||
# nos
|
||||
# formerly: s70341@htw-dresden.de
|
||||
nos@c3d2.de nos
|
||||
# mc
|
||||
# formerly: martin@christianix.de
|
||||
mc@c3d2.de mc
|
||||
norbert@c3d2.de mc
|
||||
# vany
|
||||
# formerly: eyke.schoeniger@gmx.de
|
||||
vany@c3d2.de vany
|
||||
# toon
|
||||
# formerly: s71156@htw-dresden.de
|
||||
toon@c3d2.de toon
|
||||
# meo
|
||||
# formerly: meodexter@gmail.com
|
||||
meo@c3d2.de meo
|
||||
meodexter@c3d2.de meo
|
||||
# j03
|
||||
j03@c3d2.de j03
|
||||
jo3@c3d2.de j03
|
||||
# nac
|
||||
nac@c3d2.de nac
|
||||
#vv01f
|
||||
vv01f@c3d2.de vv01f
|
||||
wolf@c3d2.de vv01f
|
||||
vv01f@dresden.ccc.de vv01f
|
||||
vv01f@c3dd.de vv01f
|
||||
vv01f@cccdd.de vv01f
|
||||
wolf@dresden.ccc.de vv01f
|
||||
vv01f@netzbiotop.org vv01f
|
||||
wolf@netzbiotop.org vv01f
|
||||
# polygon
|
||||
polygon@c3d2.de polygon
|
||||
# derped
|
||||
derped@c3d2.de derped
|
||||
# kalipso
|
||||
# formerly: kingkaiserprinz@gmail.com
|
||||
kalipso@c3d2.de kalipso
|
||||
# dzzzniel
|
||||
dzzzniel@c3d2.de dzzzniel
|
||||
# summi
|
||||
summi@c3d2.de summi
|
||||
# hendrix
|
||||
hendrix@c3d2.de ra.anti@gmx.net
|
||||
# testcopy
|
||||
testcopy@c3d2.de testcopy
|
||||
# blottervmail
|
||||
blotter@c3d2.de blotter
|
||||
blotter@c3dd.de blotter
|
||||
blotter@cccdd.de blotter
|
||||
blotter@dresden.ccc.de blotter
|
||||
no blotter
|
||||
blottervmail@c3d2.de blotter
|
||||
blottervmail@mail.c3d2.de blotter
|
||||
# simon
|
||||
# formerly: simon.toermer@gmx.de
|
||||
simon@c3d2.de simon
|
||||
# ventolin
|
||||
# formerly: sackgasse@gmx.net
|
||||
ventolin@c3d2.de ventolin
|
||||
# honky
|
||||
# formerly: honky@defendtheplanet.net
|
||||
honky@c3d2.de honky
|
||||
honky@cccdd.de honky
|
||||
honky@c3dd.de honky
|
||||
honky@netzbiotop.org honky
|
||||
# matemat
|
||||
matemat@c3d2.de matemat
|
||||
# nero
|
||||
# formerly: nero@w1r3.net
|
||||
nero@c3d2.de nero
|
||||
# billy
|
||||
# formerly: annettgerlach@gmx.net
|
||||
billy@c3d2.de annettgerlach@gmx.net
|
||||
# winzlieb
|
||||
winzlieb graviola@posteo.de
|
||||
winzlieb@netzbiotop.org winzlieb
|
||||
# broken_pipe
|
||||
# formerly: urban@subnet.email
|
||||
broken_pipe@c3d2.de broken_pipe
|
||||
# autotopia
|
||||
# formerly: broken_pipe@c3d2.de
|
||||
# servicemail
|
||||
servicemail@c3d2.de servicemail
|
||||
monitoring@c3d2.de monitoring
|
||||
# polaris
|
||||
# formerly: ursa.minor@posteo.de
|
||||
polaris@c3d2.de polaris
|
||||
# xeri
|
||||
xeri@c3d2.de xeri
|
||||
# xyrill
|
||||
# formerly: majewsky@posteo.de
|
||||
xyrill@dresden.ccc.de majewsky@posteo.de
|
||||
xyrill@c3d2.de majewsky@posteo.de
|
||||
xyrill@c3dd.de majewsky@posteo.de
|
||||
xyrill@netzbiotop.org majewsky@posteo.de
|
||||
# neda
|
||||
neda@c3d2.de n.sultova@hzdr.de
|
||||
# ehmry
|
||||
ehmry@c3d2.de ehmry@posteo.net
|
||||
ehmry@dresden.ccc.de ehmry@posteo.net
|
||||
ehmry@c3dd.de ehmry@posteo.net
|
||||
# antranes
|
||||
antranes@c3d2.de antranes
|
||||
# antrares
|
||||
antrares@c3d2.de antrares
|
||||
# siehm: simon_ccc@liebing.cc
|
||||
siehm@c3d2.de simon_ccc@liebing.cc
|
||||
siehm@c3dd.de simon_ccc@liebing.cc
|
||||
siehm@dresden.ccc.de simon_ccc@liebing.cc
|
||||
# sandro
|
||||
# formerly: sandro.jaeckel@posteo.de
|
||||
sandro@c3d2.de sandro
|
||||
# leonvita91
|
||||
leonvita91@c3d2.de leonvita91
|
||||
# wiki-sender
|
||||
wiki-sender@c3d2.de wiki-sender
|
||||
# etherpad-notify
|
||||
etherpad-notify@c3d2.de etherpad-notify
|
||||
# zylens
|
||||
# formerly: zylens
|
||||
zylens@c3d2.de zylens
|
||||
# formerly: Mirko <mirko@zeiban.de>
|
||||
mirko@c3d2.de mirko@c3d2.zeiban.de
|
||||
'';
|
||||
mynetworks = [
|
||||
"127.0.0.0/8"
|
||||
"172.22.99.0/24"
|
||||
"172.22.100.0/24"
|
||||
"81.201.149.152/32"
|
||||
"24.134.104.53/32"
|
||||
"[::1]/128"
|
||||
"[fe80::]/10"
|
||||
"[2a00:1828:a008::]/48"
|
||||
"[2001:470:6d:670::]/64"
|
||||
"[2001:67c:1400:2240::]/64"
|
||||
"[2a00:8180:2c00:200::]/56"
|
||||
];
|
||||
virtual_domains = [
|
||||
"dresden.ccc.de"
|
||||
"cccdd.de"
|
||||
"c3dd.de"
|
||||
"datenspuren.de"
|
||||
"jabber.c3d2.de"
|
||||
"webmail.c3d2.de"
|
||||
"chat.c3d2.de"
|
||||
"zengelsystem.c3d2.space"
|
||||
"c3d2.space"
|
||||
"netzbiotop.org"
|
||||
# "nc.c3d2.space"
|
||||
];
|
||||
in
|
||||
{
|
||||
#imports = [
|
||||
# <nixpkgs/nixos/modules/virtualisation/lxc-container.nix>
|
||||
#];
|
||||
networking.hostName = "mail";
|
||||
networking.useNetworkd = true;
|
||||
networking.interfaces.eth0.ipv4.addresses = [{
|
||||
address = "172.20.73.58";
|
||||
prefixLength = 26;
|
||||
}];
|
||||
networking.defaultGateway = "172.20.73.1";
|
||||
|
||||
networking.firewall = {
|
||||
enable = true;
|
||||
allowedTCPPorts = [
|
||||
25 587 143
|
||||
4190
|
||||
80 443
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
];
|
||||
};
|
||||
|
||||
users.users."mailowner" = {
|
||||
createHome = false;
|
||||
extraGroups = [];
|
||||
group = "users";
|
||||
home = "/vor/spool/mail";
|
||||
isSystemUser = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
];
|
||||
uid = 5000;
|
||||
};
|
||||
|
||||
services = {
|
||||
postfix = {
|
||||
enable = true;
|
||||
enableSmtp = true;
|
||||
enableSubmission = true;
|
||||
enableHeaderChecks = true;
|
||||
domain = maildomain;
|
||||
hostname = hostname;
|
||||
sslCert = "/var/lib/acme/${hostname}/fullchain.pem";
|
||||
sslKey = "/var/lib/acme/${hostname}/key.pem";
|
||||
networks = [
|
||||
];
|
||||
virtual = virtual_map;
|
||||
config = {
|
||||
myorigin = maildomain;
|
||||
mydestination = [
|
||||
"127.0.0.1"
|
||||
];
|
||||
mynetworks = mynetworks;
|
||||
mail_owner = "postfix";
|
||||
smtp_use_tls = true;
|
||||
smtp_tls_security_level = "may";
|
||||
smtpd_use_tls = true;
|
||||
smtpd_tls_security_level = "may";
|
||||
smtpd_recipient_restrictions = [
|
||||
"permit_mynetworks"
|
||||
"permit_sasl_authenticated"
|
||||
"reject_unauth_destination"
|
||||
];
|
||||
smtpd_relay_restrictions = [
|
||||
"permit_mynetworks"
|
||||
"permit_sasl_authenticated"
|
||||
"reject_unauth_destination"
|
||||
];
|
||||
smtpd_sasl_auth_enable = true;
|
||||
smtpd_tls_auth_only = false;
|
||||
smtpd_tls_protocols = [
|
||||
"!SSLv2" "!SSLv3" "!TLSv1" "!TLSv1.1"
|
||||
];
|
||||
smtpd_tls_mandatory_ciphers = "high";
|
||||
smtpd_sasl_path = "/var/lib/postfix/auth";
|
||||
smtpd_sasl_type = "dovecot";
|
||||
virtual_mailbox_domains =
|
||||
[ maildomain ] ++ virtual_domains;
|
||||
relay_domains = [
|
||||
"$mydestination"
|
||||
"lists.c3d2.de"
|
||||
];
|
||||
message_size_limit = "40960000";
|
||||
# Dovecot delivery
|
||||
virtual_transport = "lmtp:unix:/run/dovecot2/dovecot-lmtp";
|
||||
virtual_gid_maps = "static:5000";
|
||||
virtual_uid_maps = "static:5000";
|
||||
virtual_minimum_uid = "5000";
|
||||
virtual_mailbox_base = "/var/vmail";
|
||||
# tarpitting
|
||||
smtpd_error_sleep_time = "10s";
|
||||
smtpd_soft_error_limit = 2;
|
||||
smtpd_hard_error_limit = 5;
|
||||
smtpd_junk_command_limit = 2;
|
||||
};
|
||||
};
|
||||
|
||||
dovecot2 = {
|
||||
enable = true;
|
||||
enableImap = true;
|
||||
enableLmtp = true;
|
||||
enablePop3 = false;
|
||||
enablePAM = false;
|
||||
enableQuota = true;
|
||||
createMailUser = true;
|
||||
mailLocation = "maildir:~/maildir";
|
||||
mailboxes = {
|
||||
Spam = {
|
||||
auto = "create";
|
||||
specialUse = "Junk";
|
||||
};
|
||||
Sent = {
|
||||
auto = "create";
|
||||
specialUse = "Sent";
|
||||
};
|
||||
Drafts = {
|
||||
auto = "create";
|
||||
specialUse = "Drafts";
|
||||
};
|
||||
Trash = {
|
||||
auto = "create";
|
||||
specialUse = "Trash";
|
||||
};
|
||||
};
|
||||
modules = [
|
||||
pkgs.dovecot_pigeonhole
|
||||
];
|
||||
quotaGlobalPerUser = "1G";
|
||||
sslServerCert = "/var/lib/acme/${hostname}/fullchain.pem";
|
||||
sslServerKey = "/var/lib/acme/${hostname}/key.pem";
|
||||
protocols = [
|
||||
"sieve"
|
||||
];
|
||||
mailPlugins = {
|
||||
perProtocol = {
|
||||
imap = {
|
||||
enable = [
|
||||
"imap_sieve"
|
||||
];
|
||||
};
|
||||
lmtp = {
|
||||
enable = [
|
||||
"sieve"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
extraConfig = ''
|
||||
passdb {
|
||||
driver = passwd-file
|
||||
args = username_format=%u /etc/dovecot/auth.d/passwd
|
||||
}
|
||||
userdb {
|
||||
driver = passwd-file
|
||||
args = username_format=%u /etc/dovecot/auth.d/passwd
|
||||
}
|
||||
service lmtp {
|
||||
unix_listener dovecot-lmtp {
|
||||
group = postfix
|
||||
mode = 0660
|
||||
user = postfix
|
||||
}
|
||||
}
|
||||
service auth {
|
||||
unix_listener /var/lib/postfix/auth {
|
||||
group = postfix
|
||||
mode = 0660
|
||||
user = postfix
|
||||
}
|
||||
user = dovecot2
|
||||
}
|
||||
|
||||
service managesieve-login {
|
||||
}
|
||||
|
||||
service managesieve {
|
||||
}
|
||||
|
||||
protocol sieve {
|
||||
}
|
||||
|
||||
protocol lmtp {
|
||||
postmaster_address = postmaster@nek0.eu
|
||||
}
|
||||
|
||||
protocol imap {
|
||||
mail_max_userip_connections = 100
|
||||
}
|
||||
|
||||
plugin {
|
||||
sieve = file:~/sieve;active=~/.dovecot.sieve
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
fail2ban = {
|
||||
enable = true;
|
||||
ignoreIP = mynetworks;
|
||||
jails = {
|
||||
"postfix" = ''
|
||||
enabled = true
|
||||
'';
|
||||
"dovecot-imap" = ''
|
||||
enabled = true
|
||||
port = imap,imaps
|
||||
filter = dovecot-imap
|
||||
#logpath = /var/log/dovecot.log
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
nginx = {
|
||||
enable = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedTlsSettings = true;
|
||||
virtualHosts."${maildomain}" = {
|
||||
serverAliases = virtual_domains;
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
http2 = true;
|
||||
locations."/rspamd/" = {
|
||||
proxyPass = "http://127.0.0.1:11334/";
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
rspamd = {
|
||||
enable = true;
|
||||
user = "rspamd";
|
||||
group = "rspamd";
|
||||
postfix = {
|
||||
enable = true;
|
||||
config = {
|
||||
non_smtpd_milters = [ "inet:127.0.0.1:11332" ];
|
||||
smtpd_milters = [ "inet:127.0.0.1:11332" ];
|
||||
milter_protocol = "6";
|
||||
milter_mail_macros = "i {mail_addr} {client_addr} {client_name} {auth_authen}";
|
||||
milter_default_action = "accept";
|
||||
};
|
||||
};
|
||||
workers = {
|
||||
"normal" = {
|
||||
enable = true;
|
||||
type = "normal";
|
||||
includes = [ "$CONFDIR/worker-normal.inc" ];
|
||||
bindSockets = [{
|
||||
socket = "/run/rspamd/rspamd.sock";
|
||||
mode = "0660";
|
||||
owner = "rspamd";
|
||||
group = "rspamd";
|
||||
}];
|
||||
};
|
||||
"controller" = {
|
||||
enable = true;
|
||||
count = 1;
|
||||
type = "controller";
|
||||
includes = [ "$CONFDIR/worker-controller.inc" ];
|
||||
bindSockets = [ "127.0.0.1:11334" ];
|
||||
};
|
||||
"rspamd_proxy" = {
|
||||
enable = true;
|
||||
type = "rspamd_proxy";
|
||||
includes = [ "$CONFDIR/worker-proxy.inc" ];
|
||||
extraConfig = ''
|
||||
milter = yes;
|
||||
timeout = 120s;
|
||||
upstream "local" {
|
||||
default = yes;
|
||||
self_scan = yes;
|
||||
}
|
||||
'';
|
||||
};
|
||||
};
|
||||
locals = {
|
||||
"options.inc" = {
|
||||
enable = true;
|
||||
text = ''
|
||||
#local_addrs = "127.0.0.0/8, ::1, 10.0.0.0/8, 2a01:4f8:222:2b41::/64";
|
||||
local_addrs = ${builtins foldl (acc: a: acc + a + " ") "" mynetworks}
|
||||
dns {
|
||||
nameserver = ["10.0.0.53:53:10"];
|
||||
}
|
||||
'';
|
||||
};
|
||||
"worker-normal.inc" = {
|
||||
enable = true;
|
||||
text = ''
|
||||
bind_socket = "127.0.0.1:11333";
|
||||
count = 2;
|
||||
'';
|
||||
};
|
||||
"worker-controller.inc" = {
|
||||
enable = true;
|
||||
text = ''
|
||||
# create with "rspamadm pw"
|
||||
password = "$2$ybs6zdxgq17ys7azr4iwkwr3tg4ifx5z$79hoz8ah1w6f4b5rs7u8x7gst6ioidzcwijj8uu5zap9t6cw4tjb";
|
||||
'';
|
||||
};
|
||||
"worker-proxy.inc" = {
|
||||
enable = true;
|
||||
text = ''
|
||||
bind_socket = "127.0.0.1:11332";
|
||||
milter = yes;
|
||||
timeout = 120s;
|
||||
upstream "local" {
|
||||
default = yes;
|
||||
self_scan = yes;
|
||||
}
|
||||
'';
|
||||
};
|
||||
"logging.inc" = {
|
||||
enable = true;
|
||||
text = ''
|
||||
type = "file";
|
||||
filename = "/var/lib/rspamd/rspamd.log";
|
||||
level = "error";
|
||||
debug_modules = [];
|
||||
'';
|
||||
};
|
||||
"milter_headers.conf" = {
|
||||
enable = true;
|
||||
text = ''
|
||||
use = ["x-spamd-bar", "x-spam-level", "authentication-results"];
|
||||
authenticated_headers = ["authentication-results"];
|
||||
'';
|
||||
};
|
||||
"classifier-bayes.conf" = {
|
||||
enable = true;
|
||||
text = ''
|
||||
backend = "redis";
|
||||
servers = "127.0.0.1:6378";
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
redis = {
|
||||
enable = true;
|
||||
bind = "127.0.0.1";
|
||||
port = 6378;
|
||||
vmOverCommit = true;
|
||||
settings = {
|
||||
supervised = "systemd";
|
||||
maxmemory = "1GB";
|
||||
maxmemory-policy = "volatile-lru";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
preliminarySelfsigned = true;
|
||||
renewInterval = "*-01,03,05,07,09,11-01 00:00:00";
|
||||
certs = {
|
||||
"${maildomain}" = {
|
||||
email = "nek0@nek0.eu";
|
||||
extraDomainNames = [
|
||||
virtual_domains
|
||||
];
|
||||
postRun = "systemctl restart postfix.service dovecot2.service";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue