1 files changed, 45 insertions, 0 deletions

diff --git a/machines/109-199-104-83/configuration.nix b/machines/109-199-104-83/configuration.nix
index 32f9ffa..2699370 100644
--- a/machines/109-199-104-83/configuration.nix
+++ b/machines/109-199-104-83/configuration.nix
@@ -4,6 +4,46 @@
   machine,
   ...
 }: {
+  # roundcube config
+  services.roundcube = {
+    enable = true;
+    hostName = "webmail.${config.networking.domain}";
+    extraConfig = ''
+      $config['imap_host'] = "ssl://${config.mailserver.fqdn}";
+      $config['smtp_host'] = "ssl://${config.mailserver.fqdn}";
+      $config['smtp_user'] = "%u";
+      $config['smtp_pass'] = "%p";
+    '';
+  };
+
+  # mailserver config
+  mailserver = {
+    enable = true;
+    stateVersion = 3;
+    fqdn = "mail.${config.networking.domain}";
+    domains = ["${config.networking.domain}"];
+    x509.useACMEHost = config.mailserver.fqdn;
+    loginAccounts = {
+      "test@${config.networking.domain}" = {
+        hashedPasswordFile = builtins.toString config.age.secrets.secret3.path;
+      };
+    };
+  };
+
+  # cert config
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "mtgmonket@gmail.com";
+  };
+  services.nginx = {
+    enable = true;
+    virtualHosts."mail.${config.networking.domain}" = {
+      forceSSL = true;
+      enableACME = true;
+    };
+  };
+
+  # system config
   system.stateVersion = "25.11";
   nix.settings.experimental-features = ["flakes" "nix-command"];
   imports = [(modulesPath + "/profiles/qemu-guest.nix")];
@@ -22,6 +62,11 @@
     usePredictableInterfaceNames = true;
     hostName = machine.hostname;
     domain = "galaxious.de";
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [80 443];
+      allowedUDPPorts = [80 443];
+    };
   };
   systemd.network = {
     enable = true;