jsw/NiksOS
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Started working on mail server

Browse source
This commit is contained in:
Jurn Wubben 2025-06-11 12:05:45 +02:00
parent 7d0e799e8f
commit 500ed29f42
7 changed files with 103 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
hosts/lapserv/default.nix
View file

@ -5,7 +5,7 @@
niksos = { niksos = {
server = true; server = true;
graphics.nvidia = true; graphics.nvidia = false; #FIXME: Compile error
graphics.intel = true; graphics.intel = true;
}; };

11
secrets/cloudflare-acme.age Normal file
View file

@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 WCPLrA Qx18plLxh4puHXEbGkSllUYdHTRHTuzWSVa9+a8LTjs
rbvHgdQQO/3zRqltjrhRwlTG3Qxh229XDiMdowY6eOQ
-> ssh-ed25519 7/ziYw 8E2YjDNyz0nDtzU4DsDKfZVsysDT1PSi5vlbRS81cVY
Y9e+Ijs9/3v9UjKA2QEbC+YO2cAk5akTeFpTqHztq+4
-> ssh-ed25519 GQzYWA fwQu2OX+NcgABahCmRoRgndjyKXKk2oJ9XUnC3VSVjM
hkF10T5hipEPyBv/aeoqv/Ti7wvcTRE7MgrGZsXPiFc
-> ssh-ed25519 MfR7VA nEFPMwy5muKAQMKKgS+zfMmaHR2yxNWnEfgXJQUnEjA
fDj5QT/NTitdVH4u99ht3SBoLM/6OiX4oAGbHYH+9bY
--- 37290H3ViuAvNz1Y/gpmHDlYQ0Hg5q1tCQmjgFtKwQc
Š½Ëð¨kF÷Ë¥5un<75>˜0skfH˜¼ðÓF£ŸR¬½tna<6E>ç¥Ñûî8ð)µ#zÛ`B<>Û„sI :5Æ[È*h

1
secrets/default.nix
View file

@ -19,5 +19,6 @@
then config.services.matrix-continuwuity.user then config.services.matrix-continuwuity.user
else "root"; else "root";
}; };
cloudflare-acme.file = ./cloudflare-acme.age;
}; };
} }

1
secrets/secrets.nix
View file

@ -11,4 +11,5 @@ in {
"password.age".publicKeys = systems; "password.age".publicKeys = systems;
"dcbot.age".publicKeys = systems; "dcbot.age".publicKeys = systems;
"matrix-registration.age".publicKeys = systems; "matrix-registration.age".publicKeys = systems;
"cloudflare-acme.age".publicKeys = systems;
} }

2
system/server/default.nix
View file

@ -1,4 +1,4 @@
{lib, ...}: { {lib, ...}: {
imports = [./caddy.nix ./transfer-sh.nix ./seafile.nix ./bot.nix ./immich.nix ./matrix.nix]; imports = [./caddy.nix ./transfer-sh.nix ./seafile.nix ./bot.nix ./immich.nix ./matrix.nix ./mail.nix];
options.niksos.server = lib.mkEnableOption "server servcies (such as caddy)."; #TODO: per service option. options.niksos.server = lib.mkEnableOption "server servcies (such as caddy)."; #TODO: per service option.
} }

87
system/server/mail.nix Normal file
View file

@ -0,0 +1,87 @@
{config, ...}: {
services.stalwart-mail = {
enable = true;
openFirewall = true;
settings = {
server = {
hostname = "mx1.jsw.tf";
tls = {
enable = true;
implicit = true;
};
listener = {
smtp = {
protocol = "smtp";
bind = "[::]:25";
};
submissions = {
bind = "[::]:465";
protocol = "smtp";
};
imaps = {
bind = "[::]:993";
protocol = "imap";
};
jmap = {
bind = "[::]:8080";
url = "https://mail.jsw.tf";
protocol = "jmap";
};
management = {
bind = ["127.0.0.1:8080"];
protocol = "http";
};
};
};
lookup.default = {
hostname = "mx1.jsw.tf";
domain = "jsw.tf";
};
acme."letsencrypt" = {
directory = "https://acme-v02.api.letsencrypt.org/directory";
challenge = "dns-01";
contact = "jswmail@proton.me";
domains = ["jsw.tf" "mx1.jsw.tf"];
provider = "cloudflare";
secret = "%{file:${config.age.secrets.cloudflare-acme.path}}%";
};
session.auth = {
mechanisms = "[plain]";
directory = "'in-memory'";
};
storage.directory = "in-memory";
session.rcpt.directory = "'in-memory'";
queue.outbound.next-hop = "'local'";
directory."imap".lookup.domains = ["jsw.tf"];
# directory."in-memory" = {
# type = "memory";
# principals = [
# {
# class = "individual";
# name = "User 1";
# secret = "%{file:/etc/stalwart/mail-pw1}%";
# email = [""];
# }
# ];
# };
authentication.fallback-admin = {
user = "admin";
secret = "%{file:${config.age.secrets.password.path}}%";
};
};
};
services.caddy.virtualHosts = {
"webadmin.jsw.tf" = {
extraConfig = ''
reverse_proxy http://127.0.0.1:8080
'';
serverAliases = [
"mta-sts.example.org"
"autoconfig.example.org"
"autodiscover.example.org"
"mail.example.org"
];
};
};
}

2
system/server/seafile.nix
View file

@ -6,7 +6,7 @@
}: { }: {
services.seafile = { services.seafile = {
enable = config.niksos.server; enable = config.niksos.server;
seahubPackage = inputs.nixpkgs-stable.legacyPackages.${pkgs.system}.seahub; seahubPackage = inputs.nixpkgs.legacyPackages.${pkgs.system}.seahub;
adminEmail = "jurnwubben@gmail.com"; adminEmail = "jurnwubben@gmail.com";
initialAdminPassword = "ChangeMeTheFuckNow!"; initialAdminPassword = "ChangeMeTheFuckNow!";