ktiu/omniflake
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor

Browse source
This commit is contained in:
Till 2025-05-03 22:10:55 +02:00
parent 99394cb573
commit bed6aaca07
7 changed files with 101 additions and 86 deletions
Download patch file Download diff file Expand all files Collapse all files

1
system/web-server/mail/default.nix
View file

@ -3,6 +3,7 @@
{
imports = [
./postfix.nix
./dkim.nix
./dovecot.nix
./roundcube.nix
];

14
system/web-server/mail/dkim.nix Normal file
View file

@ -0,0 +1,14 @@
{ config, pkgs, ... }:
{
services.opendkim = {
enable = true;
domains = "csl:ktiu.net,t9e.me";
selector = "202412";
settings.UMask = "007";
};
users.users.postfix.extraGroups = [ "opendkim" ];
services.postfix.config.smtpd_milters = [ "unix:/run/opendkim/opendkim.sock" ];
}

65
system/web-server/mail/dovecot.nix Normal file
View file

@ -0,0 +1,65 @@
{ config, pkgs, ... }:
{
networking.firewall.allowedTCPPorts = [
993 # IMAP
];
security.acme.certs."${config.networking.fqdn}-dovecot" = {
domain = config.networking.fqdn;
webroot = "/var/lib/acme/.challenges";
group = config.services.dovecot2.group;
};
users.groups."vmail" = {};
users.users."vmail" = {
group = "vmail";
isSystemUser = true;
};
services.dovecot2 = {
enable = true;
sslServerKey = config.security.acme.certs."${config.networking.fqdn}-dovecot".directory + "/key.pem";
sslServerCert = config.security.acme.certs."${config.networking.fqdn}-dovecot".directory + "/cert.pem";
mailboxes = {
Junk = { specialUse = "Junk"; auto = "subscribe"; };
Sent = { specialUse = "Sent"; auto = "subscribe"; };
Drafts = { specialUse = "Drafts"; auto = "subscribe"; };
Trash = { specialUse = "Trash"; auto = "subscribe"; };
Archive = { specialUse = "Archive"; auto = "subscribe"; };
};
mailUser = "vmail";
mailGroup = "vmail";
enablePAM = false;
enableLmtp = true;
mailLocation = "maildir:/var/spool/mail/vmail/mailboxes/%u";
extraConfig = ''
ssl = required
service auth {
unix_listener auth {
mode = 0660
user = postfix
group = postfix
}
}
mail_home = /var/spool/mail/vmail/users/%u
passdb {
driver = passwd-file
args = /var/custom-access/dovecot.passwd
}
userdb {
driver = passwd-file
args = /var/custom-access/dovecot.passwd
default_fields = uid=vmail gid=vmail home=/var/spool/mail/vmail/users/%u
}
service lmtp {
unix_listener lmtp {
group = postfix
mode = 0600
user = postfix
}
}
'';
};
}

81
system/web-server/mail.nix → system/web-server/mail/postfix.nix
View file

@ -14,19 +14,10 @@ let
in {
networking.firewall.allowedTCPPorts = [
993 # IMAP
25 # SMTP
587 # SMTP w/ TLS
];
services.opendkim = {
enable = true;
domains = "csl:ktiu.net,t9e.me";
selector = "202412";
settings.UMask = "007";
};
users.users.postfix.extraGroups = [ "opendkim" ];
security.acme.certs."${config.networking.fqdn}-postfix" = {
domain = config.networking.fqdn;
webroot = "/var/lib/acme/.challenges";
@ -52,7 +43,6 @@ in {
virtual_mailbox_maps = "hash:/etc/postfix/virtual-mailboxes";
virtual_transport = "lmtp:unix:/var/run/dovecot2/lmtp";
smtpd_tls_security_level = "may";
smtpd_milters = [ "unix:/run/opendkim/opendkim.sock" ];
};
networks = [
@ -88,75 +78,4 @@ in {
};
};
};
security.acme.certs."${config.networking.fqdn}-dovecot" = {
domain = config.networking.fqdn;
webroot = "/var/lib/acme/.challenges";
group = config.services.dovecot2.group;
};
users.groups."vmail" = {};
users.users."vmail" = {
group = "vmail";
isSystemUser = true;
};
services.dovecot2 = {
enable = true;
sslServerKey = config.security.acme.certs."${config.networking.fqdn}-dovecot".directory + "/key.pem";
sslServerCert = config.security.acme.certs."${config.networking.fqdn}-dovecot".directory + "/cert.pem";
mailboxes = {
Junk = { specialUse = "Junk"; auto = "subscribe"; };
Sent = { specialUse = "Sent"; auto = "subscribe"; };
Drafts = { specialUse = "Drafts"; auto = "subscribe"; };
Trash = { specialUse = "Trash"; auto = "subscribe"; };
Archive = { specialUse = "Archive"; auto = "subscribe"; };
};
mailUser = "vmail";
mailGroup = "vmail";
enablePAM = false;
enableLmtp = true;
mailLocation = "maildir:/var/spool/mail/vmail/mailboxes/%u";
extraConfig = ''
ssl = required
service auth {
unix_listener auth {
mode = 0660
user = postfix
group = postfix
}
}
passdb {
driver = passwd-file
args = /var/custom-access/dovecot.passwd
}
userdb {
driver = passwd-file
args = /var/custom-access/dovecot.passwd
default_fields = uid=vmail gid=vmail home=/var/spool/mail/vmail/users/%u
}
service lmtp {
unix_listener lmtp {
group = postfix
mode = 0600
user = postfix
}
}
'';
};
services.roundcube = {
enable = true;
hostName = "webmail.ktiu.net";
extraConfig = ''
$config['smtp_host'] = 'tls://%h';
$config['smtp_conn_options'] = [
'ssl' => [
'verify_peer' => false,
'verify_peer_name' => false,
],
];
'';
};
}

17
system/web-server/mail/roundcube.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, pkgs, ... }:
{
services.roundcube = {
enable = true;
hostName = "webmail.ktiu.net";
extraConfig = ''
$config['smtp_host'] = 'tls://%h';
$config['smtp_conn_options'] = [
'ssl' => [
'verify_peer' => false,
'verify_peer_name' => false,
],
];
'';
};
}

7
system/web-server/outline.nix
View file

@ -18,16 +18,15 @@ in {
enable = true;
publicUrl = "https://${outline.hostname}";
storage.storageType = "local";
defaultLanguage = "de_DE";
smtp = {
username = "outline";
passwordFile = "/var/custom-access/outline-smtp-password.txt";
passwordFile = "/dev/null";
fromEmail = outline.mail;
replyEmail = outline.mail;
# host = "arielle.ktiu.net";
replyEmail = config.services.outline.smtp.fromEmail;
host = "localhost";
secure = false;
# port = 587;
port = 25;
};