stash

author: andromeda <andromeda@lenovo> 2026-01-06 14:52:34 +0100
committer: andromeda <andromeda@lenovo> 2026-01-06 14:52:34 +0100
commit: c9a5c521dbc7785aa4a6c1f410e547202075c13b (patch)
tree: 4362c945c787bac5d7d1bb63d04d7281bfddf6c8 /modules/nixos/mailserver.nix
parent: 0a7e0c699e2f4fa07fb6dde0080da4eb3ac8f746 (diff)
1 files changed, 30 insertions, 0 deletions
diff --git a/modules/nixos/mailserver.nix b/modules/nixos/mailserver.nix
new file mode 100644
index 0000000..c71dc03
--- /dev/null
+++ b/modules/nixos/mailserver.nix
@@ -0,0 +1,30 @@
+{config, ...}: {
+  mailserver = {
+    enable = true;
+    stateVersion = 3;
+    fqdn = "mail.${config.networking.domain}";
+    domains = ["${config.networking.domain}"];
+    x509.useACMEHost = config.mailserver.fqdn;
+    loginAccounts = {
+      "test@${config.networking.domain}" = {
+        hashedPasswordFile = builtins.toString config.age.secrets.mailserver-acc-test-pw.path;
+      };
+      "admin@${config.networking.domain}" = {
+        hashedPasswordFile = builtins.toString config.age.secrets.mailserver-acc-admin-pw.path;
+      };
+    };
+  };
+  services.nginx = {
+    enable = true;
+    virtualHosts = {
+      "mail.${config.networking.domain}" = {
+        forceSSL = true;
+        enableACME = true;
+      };
+    };
+  };
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "mtgmonket@gmail.com";
+  };
+}
author	andromeda <andromeda@lenovo>	2026-01-06 14:52:34 +0100
committer	andromeda <andromeda@lenovo>	2026-01-06 14:52:34 +0100
commit	c9a5c521dbc7785aa4a6c1f410e547202075c13b (patch)
tree	4362c945c787bac5d7d1bb63d04d7281bfddf6c8 /modules/nixos/mailserver.nix
parent	0a7e0c699e2f4fa07fb6dde0080da4eb3ac8f746 (diff)