nixos-config/mastus/mail.nix

142 lines
3.7 KiB
Nix
Raw Normal View History

2015-10-18 12:25:54 +00:00
{ config, pkgs, ... }:
{
# services.opensmtpd = {
# enable = true;
# serverConfiguration = ''
# listen on 0.0.0.0
# filter sa spamassassin "-s accept"
# accept for any deliver to lmtp localhost:24
# '';
# procPackages = [ pkgs.opensmtpd-extras ];
# };
services.postfix = {
enable = true;
postmasterAlias = "gebner";
rootAlias = "gebner";
extraAliases = ''
ge: gebner
cutintro: gebner
2019-12-09 22:03:32 +00:00
gebne: gebner
2015-10-18 12:25:54 +00:00
'';
2015-10-18 13:17:38 +00:00
hostname = "mastus.gebner.org";
2016-06-17 05:48:07 +00:00
sslCert = "/var/lib/acme/gebner.org/fullchain.pem";
sslKey = "/var/lib/acme/gebner.org/key.pem";
2015-10-18 12:25:54 +00:00
2015-10-18 13:17:38 +00:00
destination = [ "gebner.org" "gabrielebner.at" "2b7e.org"
2015-11-06 07:28:19 +00:00
"mastus.gebner.org" "localhost" ];
2015-10-18 13:17:38 +00:00
2015-10-18 12:25:54 +00:00
extraConfig = ''
mailbox_command = ${pkgs.procmail}/bin/procmail
2015-10-25 08:29:49 +00:00
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
smtpd_tls_protocols=!SSLv2,!SSLv3
smtp_tls_protocols=!SSLv2,!SSLv3
2015-10-25 12:56:35 +00:00
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_tls_auth_only = yes
2016-05-31 11:44:21 +00:00
2017-06-12 19:33:42 +00:00
# Google sucks, https://serverfault.com/questions/832945/how-to-contact-gmail-team-regarding-block
smtp_address_preference = ipv4
2017-06-26 07:40:49 +00:00
message_size_limit = 81920000
2017-06-26 11:29:54 +00:00
mailbox_size_limit = 81920000
2017-06-26 07:40:49 +00:00
2016-05-31 11:44:21 +00:00
# Do not send spam bounces
# http://www.postfix.org/ADDRESS_VERIFICATION_README.html
smtpd_recipient_restrictions =
permit_mynetworks permit_sasl_authenticated
reject_unauth_destination
reject_unknown_recipient_domain
reject_unverified_recipient
2015-10-18 12:25:54 +00:00
'';
2015-10-27 08:08:29 +00:00
extraMasterConf = ''
submission inet n - n - - smtpd
'';
2015-10-18 12:25:54 +00:00
};
services.dovecot2 = {
enable = true;
enablePop3 = false;
mailLocation = "maildir:~/mail";
2016-06-17 05:48:07 +00:00
sslCACert = "/var/lib/acme/gebner.org/fullchain.pem";
sslServerCert = "/var/lib/acme/gebner.org/fullchain.pem";
sslServerKey = "/var/lib/acme/gebner.org-dovecot/key.pem";
2015-10-25 08:29:49 +00:00
extraConfig = ''
2015-10-25 12:56:35 +00:00
service auth {
unix_listener /var/lib/postfix/queue/private/auth {
2015-10-25 12:56:35 +00:00
mode = 0660
user = postfix
group = postfix
}
}
2020-06-13 13:12:39 +00:00
2020-10-30 18:09:18 +00:00
# # use mailPlugins.globally.enable after nixos 20.09
# mail_plugins = fts fts_xapian
#
# plugin {
# plugin = fts fts_xapian
#
# fts = xapian
# fts_xapian = partial=2 full=20 attachments=1 verbose=0
#
# fts_autoindex = yes
# fts_enforced = yes
#
# fts_autoindex_exclude = Trash
# fts_autoindex_exclude2 = spam
# }
#
# default_vsz_limit = 0
#
# service indexer-worker {
# vsz_limit = 0
# }
2015-10-25 08:29:49 +00:00
'';
2020-10-30 18:09:18 +00:00
# modules = [ (pkgs.callPackage ./fts_xapian.nix {}) ];
2015-10-18 12:25:54 +00:00
};
2016-06-17 05:48:07 +00:00
systemd.services.dovecotSslKey = rec {
wantedBy = [ "dovecot2.service" ];
before = wantedBy;
after = [ "acme-gebner.org.service" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";
};
script = ''
cd /var/lib/acme
mkdir -p gebner.org-dovecot
2016-06-17 05:48:07 +00:00
cp gebner.org/key.pem gebner.org-dovecot/key.pem
chown dovecot2 gebner.org-dovecot/key.pem
'';
};
2015-10-18 12:25:54 +00:00
services.spamassassin.enable = true;
systemd.services.setupSpamassassin = {
wantedBy = [ "spamd.service" ];
after = [ "network.target" ];
path = [ pkgs.spamassassin ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";
};
script = ''
if [ ! -d /etc/spamassassin ]; then
cp -rv ${pkgs.spamassassin}/share/spamassassin /etc/
sa-update
fi
'';
};
environment.systemPackages = with pkgs; [
spamassassin
procmail
mailutils
];
2015-10-18 12:25:54 +00:00
}