{ lib, config, pkgs, ... }: with lib; with lib.custom; let cfg = config.services.mail; sec = config.age.secrets; in { options.services.mail = with types; { enable = mkBoolOpt false "Enable Simple Nixos Mailserver"; }; config = mkIf cfg.enable { age.secrets = { webmaster-pw = { file = ./sec/webmaster-pw.age; }; zoeycomputer-pw = { file = ./sec/zoey-zoeycomputer-pw.age; }; zmio-pw = { file = ./sec/zmio-pw.age; }; zach-pw.file = ./sec/zach-pw.age; emily-pw.file = ./sec/emily-piccat.age; smtp-password.file = ./sec/smtpPassword.age; gitlab-email-pw-hashed.file = ./sec/gitlab-email-pw-hashed.age; }; mailserver = rec { enable = true; fqdn = "mail.zoeys.email"; domains = ["zoeys.email" "zoeys.cloud" "zoeys.computer" "zackmyers.io" "zacharymyers.com" "pictureofcat.com"]; loginAccounts = { "zoey@zoeys.email" = { hashedPasswordFile = sec.webmaster-pw.path; aliases = ["zoey@zoeys.cloud" "errors@zoeys.cloud" "admin@zoeys.cloud" "postmaster@zoeys.email" "abuse@zoeys.email"]; }; "hi@zoeys.computer" = { hashedPasswordFile = sec.zoeycomputer-pw.path; aliases = ["spam@zoeys.computer"]; }; "me@zackmyers.io" = { hashedPasswordFile = sec.zmio-pw.path; aliases = ["zach@zacharymyers.com" "zack@zacharymyers.com"]; }; "gf@zackmyers.io" = { hashedPasswordFile = sec.emily-pw.path; aliases = ["emily@pictureofcat.com"]; }; "gitlab@zoeys.cloud" = { hashedPasswordFile = sec.gitlab-email-pw-hashed.path; aliases = ["noreply@zoeys.cloud"]; }; "no-reply@code.zoeys.cloud" = { hashedPasswordFile = sec.smtp-password.path; }; }; enableManageSieve = true; dmarcReporting.enable = true; x509.useACMEHost = fqdn; virusScanning = true; stateVersion = 3; }; services.nginx = { virtualHosts = { "${config.mailserver.fqdn}" = { forceSSL = true; enableACME = true; }; }; }; services.roundcube = { enable = true; hostName = "zoeys.email"; extraConfig = '' $config['smtp_server'] = "tls://${config.mailserver.fqdn}"; $config['smtp_user'] = "%u"; $config['smtp_pass'] = "%p"; ''; }; }; }