2020-01-15 09:24:11 -08:00
|
|
|
{ config, lib, pkgs, environment, ... }:
|
|
|
|
|
|
|
|
|
|
with lib;
|
|
|
|
|
let
|
|
|
|
|
inherit (lib.strings) concatStringsSep;
|
|
|
|
|
cfg = config.fudo.mail-server;
|
|
|
|
|
|
|
|
|
|
in {
|
|
|
|
|
|
|
|
|
|
options.fudo.mail-server = {
|
|
|
|
|
enable = mkEnableOption "Fudo Email Server";
|
|
|
|
|
|
|
|
|
|
enableContainer = mkEnableOption ''
|
|
|
|
|
Run the mail server in a container.
|
|
|
|
|
|
|
|
|
|
Mutually exclusive with mail-server.enable.
|
|
|
|
|
'';
|
|
|
|
|
|
|
|
|
|
domain = mkOption {
|
|
|
|
|
type = types.str;
|
|
|
|
|
description = "The main and default domain name for this email server.";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
hostname = mkOption {
|
|
|
|
|
type = types.str;
|
|
|
|
|
description = "The domain name to use for the mail server.";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
monitoring = mkEnableOption "Enable monitoring for the mail server.";
|
|
|
|
|
|
|
|
|
|
mail-user = mkOption {
|
|
|
|
|
type = types.str;
|
|
|
|
|
description = "User to use for mail delivery.";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# No group id, because NixOS doesn't seem to use it
|
|
|
|
|
mail-group = mkOption {
|
|
|
|
|
type = types.str;
|
|
|
|
|
description = "Group to use for mail delivery.";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
mail-user-id = mkOption {
|
|
|
|
|
type = types.int;
|
|
|
|
|
description = "UID of mail-user.";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
local-domains = mkOption {
|
|
|
|
|
type = with types; listOf str;
|
|
|
|
|
description = "A list of domains for which we accept mail.";
|
|
|
|
|
default = ["localhost" "localhost.localdomain"];
|
|
|
|
|
example = [
|
|
|
|
|
"localhost"
|
|
|
|
|
"localhost.localdomain"
|
|
|
|
|
"somedomain.com"
|
|
|
|
|
"otherdomain.org"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
mail-directory = mkOption {
|
|
|
|
|
type = types.str;
|
|
|
|
|
description = "Path to use for mail storage.";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
state-directory = mkOption {
|
|
|
|
|
type = types.str;
|
|
|
|
|
description = "Path to use for state data.";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
trusted-networks = mkOption {
|
|
|
|
|
type = with types; listOf str;
|
|
|
|
|
description = "A list of trusted networks, for which we will happily relay without auth.";
|
|
|
|
|
example = [
|
|
|
|
|
"10.0.0.0/16"
|
|
|
|
|
"192.168.0.0/24"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
sender-blacklist = mkOption {
|
|
|
|
|
type = with types; listOf str;
|
|
|
|
|
description = "A list of email addresses for whom we will not send email.";
|
|
|
|
|
default = [];
|
|
|
|
|
example = [
|
|
|
|
|
"baduser@test.com"
|
|
|
|
|
"change-pw@test.com"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
recipient-blacklist = mkOption {
|
|
|
|
|
type = with types; listOf str;
|
|
|
|
|
description = "A list of email addresses for whom we will not accept email.";
|
|
|
|
|
default = [];
|
|
|
|
|
example = [
|
|
|
|
|
"baduser@test.com"
|
|
|
|
|
"change-pw@test.com"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
message-size-limit = mkOption {
|
|
|
|
|
type = types.int;
|
|
|
|
|
description = "Size of max email in megabytes.";
|
|
|
|
|
default = 30;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
user-aliases = mkOption {
|
2021-03-02 19:03:35 -08:00
|
|
|
type = with types; attrsOf(listOf str);
|
2020-01-15 09:24:11 -08:00
|
|
|
description = "A map of real user to list of aliases.";
|
2020-06-25 20:38:50 -07:00
|
|
|
default = {};
|
2020-01-15 09:24:11 -08:00
|
|
|
example = {
|
|
|
|
|
someuser = ["alias0" "alias1"];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
alias-users = mkOption {
|
2021-03-02 19:03:35 -08:00
|
|
|
type = with types; attrsOf(listOf str);
|
2020-01-15 09:24:11 -08:00
|
|
|
description = "A map of email alias to a list of users.";
|
|
|
|
|
example = {
|
|
|
|
|
alias = ["realuser0" "realuser1"];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
mailboxes = mkOption {
|
|
|
|
|
description = ''
|
|
|
|
|
The mailboxes for dovecot.
|
|
|
|
|
|
|
|
|
|
Depending on the mail client used it might be necessary to change some mailbox's name.
|
|
|
|
|
'';
|
2021-04-14 11:05:55 -07:00
|
|
|
default = {
|
|
|
|
|
Trash = {
|
|
|
|
|
auto = "create";
|
2020-01-15 09:24:11 -08:00
|
|
|
specialUse = "Trash";
|
2021-04-14 11:05:55 -07:00
|
|
|
autoexpunge = "30d";
|
|
|
|
|
};
|
|
|
|
|
Junk = {
|
|
|
|
|
auto = "create";
|
2020-01-15 09:24:11 -08:00
|
|
|
specialUse = "Junk";
|
2021-04-14 11:05:55 -07:00
|
|
|
autoexpunge = "60d";
|
|
|
|
|
};
|
|
|
|
|
Drafts = {
|
|
|
|
|
auto = "create";
|
2020-01-15 09:24:11 -08:00
|
|
|
specialUse = "Drafts";
|
2021-04-14 11:05:55 -07:00
|
|
|
autoexpunge = "60d";
|
|
|
|
|
};
|
|
|
|
|
Sent = {
|
2020-01-15 09:24:11 -08:00
|
|
|
auto = "subscribe";
|
|
|
|
|
specialUse = "Sent";
|
2021-04-14 11:05:55 -07:00
|
|
|
};
|
|
|
|
|
Archive = {
|
|
|
|
|
auto = "no";
|
|
|
|
|
specialUse = "Archive";
|
|
|
|
|
};
|
|
|
|
|
Flagged = {
|
|
|
|
|
auto = "no";
|
|
|
|
|
specialUse = "Flagged";
|
|
|
|
|
};
|
|
|
|
|
};
|
2020-01-15 09:24:11 -08:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
debug = mkOption {
|
|
|
|
|
description = "Enable debugging on mailservers.";
|
|
|
|
|
type = types.bool;
|
|
|
|
|
default = false;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
max-user-connections = mkOption {
|
|
|
|
|
description = "Max simultaneous connections per user.";
|
|
|
|
|
type = types.int;
|
|
|
|
|
default = 20;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
imports = [
|
|
|
|
|
./mail/dkim.nix
|
|
|
|
|
./mail/dovecot.nix
|
|
|
|
|
./mail/postfix.nix
|
|
|
|
|
./mail/rspamd.nix
|
|
|
|
|
./mail/clamav.nix
|
|
|
|
|
];
|
2020-06-25 20:38:50 -07:00
|
|
|
|
|
|
|
|
config = mkIf cfg.enable {
|
2021-04-15 22:15:31 -07:00
|
|
|
networking.firewall = {
|
|
|
|
|
allowedTCPPorts = [ 25 110 143 587 993 995 ];
|
|
|
|
|
};
|
|
|
|
|
|
2020-06-25 20:38:50 -07:00
|
|
|
users = {
|
|
|
|
|
users = {
|
|
|
|
|
mailuser = {
|
|
|
|
|
isSystemUser = true;
|
|
|
|
|
uid = cfg.mail-user-id;
|
|
|
|
|
group = "mailgroup";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
groups = {
|
|
|
|
|
mailgroup = {
|
|
|
|
|
members = ["mailuser"];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
2020-01-15 09:24:11 -08:00
|
|
|
}
|
