config/modules/nixos/services/mail/default.nix

{
  lib,
  config,
  pkgs,
  ...
}:
with lib;
with lib.custom; let
  cfg = config.services.mail;

  sec = config.age.secrets;
in {
  options.services.mail = with types; {
    enable = mkBoolOpt false "Enable Simple Nixos Mailserver";
  };

  config = mkIf cfg.enable {
    age.secrets = {
      webmaster-pw = {
        file = ./sec/webmaster-pw.age;
      };
      zoeycomputer-pw = {
        file = ./sec/zoey-zoeycomputer-pw.age;
      };
      zmio-pw = {
        file = ./sec/zmio-pw.age;
      };
      zach-pw.file = ./sec/zach-pw.age;
      emily-pw.file = ./sec/emily-piccat.age;

      smtp-password.file = ./sec/smtpPassword.age;

      gitlab-email-pw-hashed.file = ./sec/gitlab-email-pw-hashed.age;
    };

    mailserver = rec {
      enable = true;
      fqdn = "mail.zoeys.email";
      domains = ["zoeys.email" "zoeys.cloud" "zoeys.computer" "zackmyers.io" "zacharymyers.com" "pictureofcat.com"];

      loginAccounts = {
        "zoey@zoeys.email" = {
          hashedPasswordFile = sec.webmaster-pw.path;
          aliases = ["zoey@zoeys.cloud" "errors@zoeys.cloud" "admin@zoeys.cloud" "postmaster@zoeys.email" "abuse@zoeys.email"];
        };
        "hi@zoeys.computer" = {
          hashedPasswordFile = sec.zoeycomputer-pw.path;
          aliases = ["spam@zoeys.computer"];
        };
        "me@zackmyers.io" = {
          hashedPasswordFile = sec.zmio-pw.path;
          aliases = ["zach@zacharymyers.com" "zack@zacharymyers.com"];
        };
        "gf@zackmyers.io" = {
          hashedPasswordFile = sec.emily-pw.path;
          aliases = ["emily@pictureofcat.com"];
        };
        "gitlab@zoeys.cloud" = {
          hashedPasswordFile = sec.gitlab-email-pw-hashed.path;
          aliases = ["noreply@zoeys.cloud"];
        };
        "no-reply@code.zoeys.cloud" = {
          hashedPasswordFile = sec.smtp-password.path;
        };
      };

      enableManageSieve = true;

      dmarcReporting.enable = true;

      x509.useACMEHost = fqdn;
      virusScanning = true;
      stateVersion = 3;
    };

    services.nginx = {
      virtualHosts = {
        "${config.mailserver.fqdn}" = {
          forceSSL = true;
          enableACME = true;
        };
      };
    };

    services.roundcube = {
      enable = true;
      hostName = "zoeys.email";
      extraConfig = ''
        $config['smtp_server'] = "tls://${config.mailserver.fqdn}";
        $config['smtp_user'] = "%u";
        $config['smtp_pass'] = "%p";
      '';
    };
  };
}
smallest change 2025-03-22 16:03:07 -04:00			`{`
			`lib,`
			`config,`
			`pkgs,`
			`...`
			`}:`
			`with lib;`
			`with lib.custom; let`
			`cfg = config.services.mail;`

			`sec = config.age.secrets;`
			`in {`
			`options.services.mail = with types; {`
			`enable = mkBoolOpt false "Enable Simple Nixos Mailserver";`
			`};`

			`config = mkIf cfg.enable {`
			`age.secrets = {`
			`webmaster-pw = {`
			`file = ./sec/webmaster-pw.age;`
			`};`
			`zoeycomputer-pw = {`
			`file = ./sec/zoey-zoeycomputer-pw.age;`
			`};`
			`zmio-pw = {`
			`file = ./sec/zmio-pw.age;`
			`};`
			`zach-pw.file = ./sec/zach-pw.age;`
			`emily-pw.file = ./sec/emily-piccat.age;`
stuff and things 2025-04-07 13:07:15 -04:00
some changes 2025-04-27 11:11:51 -04:00			`smtp-password.file = ./sec/smtpPassword.age;`

stuff and things 2025-04-07 13:07:15 -04:00			`gitlab-email-pw-hashed.file = ./sec/gitlab-email-pw-hashed.age;`
smallest change 2025-03-22 16:03:07 -04:00			`};`

updates 2026-01-13 15:39:16 -05:00			`mailserver = rec {`
smallest change 2025-03-22 16:03:07 -04:00			`enable = true;`
			`fqdn = "mail.zoeys.email";`
			`domains = ["zoeys.email" "zoeys.cloud" "zoeys.computer" "zackmyers.io" "zacharymyers.com" "pictureofcat.com"];`

			`loginAccounts = {`
			`"zoey@zoeys.email" = {`
			`hashedPasswordFile = sec.webmaster-pw.path;`
some changes 2025-04-27 11:11:51 -04:00			`aliases = ["zoey@zoeys.cloud" "errors@zoeys.cloud" "admin@zoeys.cloud" "postmaster@zoeys.email" "abuse@zoeys.email"];`
smallest change 2025-03-22 16:03:07 -04:00			`};`
			`"hi@zoeys.computer" = {`
			`hashedPasswordFile = sec.zoeycomputer-pw.path;`
			`aliases = ["spam@zoeys.computer"];`
			`};`
			`"me@zackmyers.io" = {`
			`hashedPasswordFile = sec.zmio-pw.path;`
			`aliases = ["zach@zacharymyers.com" "zack@zacharymyers.com"];`
			`};`
			`"gf@zackmyers.io" = {`
			`hashedPasswordFile = sec.emily-pw.path;`
			`aliases = ["emily@pictureofcat.com"];`
			`};`
stuff and things 2025-04-07 13:07:15 -04:00			`"gitlab@zoeys.cloud" = {`
			`hashedPasswordFile = sec.gitlab-email-pw-hashed.path;`
			`aliases = ["noreply@zoeys.cloud"];`
			`};`
some changes 2025-04-27 11:11:51 -04:00			`"no-reply@code.zoeys.cloud" = {`
			`hashedPasswordFile = sec.smtp-password.path;`
			`};`
smallest change 2025-03-22 16:03:07 -04:00			`};`

updates 2026-01-13 15:39:16 -05:00			`enableManageSieve = true;`

			`dmarcReporting.enable = true;`

			`x509.useACMEHost = fqdn;`
smallest change 2025-03-22 16:03:07 -04:00			`virusScanning = true;`
add crypto 2025-07-22 20:21:21 -04:00			`stateVersion = 3;`
smallest change 2025-03-22 16:03:07 -04:00			`};`

updates 2026-01-13 15:39:16 -05:00			`services.nginx = {`
			`virtualHosts = {`
			`"${config.mailserver.fqdn}" = {`
			`forceSSL = true;`
			`enableACME = true;`
			`};`
			`};`
			`};`
smallest change 2025-03-22 16:03:07 -04:00
			`services.roundcube = {`
			`enable = true;`
			`hostName = "zoeys.email";`
			`extraConfig = ''`
			`$config['smtp_server'] = "tls://${config.mailserver.fqdn}";`
			`$config['smtp_user'] = "%u";`
			`$config['smtp_pass'] = "%p";`
			`'';`
			`};`
			`};`
			`}`