From c9c97a1ce3384eda66bd3256af7dfb457130d2be Mon Sep 17 00:00:00 2001 From: s-prechtl Date: Sat, 30 Aug 2025 17:42:15 +0200 Subject: [PATCH] feat: mailserver lololo --- hosts/hitsugibune/mail.nix | 39 ++++++++++++++++++++++++++++++++++++++ secrets/mail-admin.age | 16 ++++++++++++++++ secrets/secrets.nix | 1 + 3 files changed, 56 insertions(+) create mode 100644 hosts/hitsugibune/mail.nix create mode 100644 secrets/mail-admin.age diff --git a/hosts/hitsugibune/mail.nix b/hosts/hitsugibune/mail.nix new file mode 100644 index 0000000..8e20ca9 --- /dev/null +++ b/hosts/hitsugibune/mail.nix @@ -0,0 +1,39 @@ +{ config, pkgs, ... }: { + imports = [ + (builtins.fetchTarball { + # Pick a release version you are interested in and set its hash, e.g. + url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-25.05/nixos-mailserver-nixos-25.05.tar.gz"; + # To get the sha256 of the nixos-mailserver tarball, we can use the nix-prefetch-url command: + # release="nixos-25.05"; nix-prefetch-url "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${release}/nixos-mailserver-${release}.tar.gz" --unpack + sha256 = "1qn5fg0h62r82q7xw54ib9wcpflakix2db2mahbicx540562la1y"; + }) + ]; + + age.secrets.mail-admin = { + file = ../../secrets/mail-admin.age; + owner = "virtualMail"; + group = "virtualMail"; + }; + + mailserver = { + enable = true; + stateVersion = 3; + fqdn = "mail.sprechtl.me"; + domains = [ "sprechtl.me" ]; + + # A list of all login accounts. To create the password hashes, use + # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' + loginAccounts = { + "admin@sprechtl.me" = { + hashedPasswordFile = config.age.secrets.mail-admin.path; + aliases = ["postmaster@sprechtl.me"]; + }; + }; + + # Use Let's Encrypt certificates. Note that this needs to set up a stripped + # down nginx and opens port 80. + certificateScheme = "acme-nginx"; + }; + security.acme.acceptTerms = true; + security.acme.defaults.email = "stefan@tague.at"; +} diff --git a/secrets/mail-admin.age b/secrets/mail-admin.age new file mode 100644 index 0000000..a83b93a --- /dev/null +++ b/secrets/mail-admin.age @@ -0,0 +1,16 @@ +age-encryption.org/v1 +-> ssh-ed25519 7PLkJg 5N3ktQBX28rsDQ7YRNIlDeoXljtxyMl8t37gVsRTf0U +bbVGfoR882Eg0iiXGSc51rdFLzE7/MAW7HWtY1SDmsk +-> ssh-rsa LgF3EQ +NRH0J1kTQPje0Y7FXcPeeaFIR+3bWXnpYByUeEXcp3mK7DmqeniAuWgDaZPHgEDY +2P5rD82iF5Zt1UO7cB/ttTd1mlMuqhnBKxu838kXbOMKiRo5wUG/kIBvWisfCG3k +0Dpn844gUoRgLdJzZUdAxMSEt03I8SJ5v/oB93nMidMJaBbPU3qzTGDsI+Ihr75V +us4dj5qqX7Pg274Cb1xhBPCWSMLI4sULwZNuMe8PPFRpYyBhNxr3hiFJw447eknv +rC897kWbf0RuFfDHCJ/XxtCg+5HJlnOF7NeOkWGhLrEw5tlFHpTZyCJkkCUGNx6H +3zI92rZQE9mW2byvWQIVKg+hdvpbqnZ9T58nxDnwR3pcuJDDDd5aeTHStPNH2J0O ++nqFqr/rksKNe4gtbNA0fiMVm4kA8UUCSloDqMjP596ixR9ZNb369eMADFJYDA6n +gN2kxtZtUhCBi7GNXwdH7ElxnKLytNfExAWg6p5nUL5Aho+reX6IO5dRY3nzqIqc + +--- 3TCR6AMS33iAH8StjxZA5N2Wf7F/5tQSBX2zuaLVGXk +‚žmæÍúYï¾ +ÆÂRSJâ« >=+Á§¯- „Ó¤Òì‹ø4üKžå„Öû­¨ü€+Ë \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 017a654..753922e 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -14,4 +14,5 @@ in { "mautrix-signal.age".publicKeys = [hitsugibune key]; "mautrix-whatsapp.age".publicKeys = [hitsugibune key]; "coturn.age".publicKeys = [hitsugibune key]; + "mail-admin.age".publicKeys = [hitsugibune key]; }