Portable changes, email server

author: Rory& <root@rory.gay> 2024-11-03 00:31:17 +0100
committer: Rory& <root@rory.gay> 2024-11-03 00:31:17 +0100
commit: 8aa83e2bcc11f33eedff9e19fbb32f0bcda4b53e (patch)
tree: 30c27129e37328e120f4618e63ae9204a67b292f /host/Rory-nginx
parent: Add desktop changes (diff)
download: Rory-Open-Architecture-8aa83e2bcc11f33eedff9e19fbb32f0bcda4b53e.tar.xz
3 files changed, 70 insertions, 0 deletions
diff --git a/host/Rory-nginx/configuration.nix b/host/Rory-nginx/configuration.nix
index a1f3938..c52ab51 100755
--- a/host/Rory-nginx/configuration.nix
+++ b/host/Rory-nginx/configuration.nix
@@ -24,6 +24,9 @@
     ./services/cgit.nix
     #./services/ollama.nix
     ./services/prometheus.nix
+    
+    ./services/email/maddy.nix
+    ./services/email/nginx.nix
   ];
   users.groups.ocp = { };
   networking = {
diff --git a/host/Rory-nginx/services/email/maddy.nix b/host/Rory-nginx/services/email/maddy.nix
new file mode 100644
index 0000000..995d6a2
--- /dev/null
+++ b/host/Rory-nginx/services/email/maddy.nix
@@ -0,0 +1,46 @@
+{
+  pkgs,
+  options,
+  config,
+  ...
+}:
+{
+  services.maddy = {
+    enable = true;
+    primaryDomain = "rory.gay";
+    hostname = "mail.rory.gay";
+    ensureAccounts = [
+      "root@rory.gay"
+    ];
+    ensureCredentials = {
+      "root@rory.gay".passwordFile = "/var/lib/maddy/passwd/root";
+    };
+    config =
+      builtins.replaceStrings
+        [
+          "imap tcp://0.0.0.0:143"
+          "submission tcp://0.0.0.0:587"
+        ]
+        [
+          "imap tls://0.0.0.0:993 tcp://0.0.0.0:143"
+          "submission tls://0.0.0.0:465 tcp://0.0.0.0:587"
+        ]
+        options.services.maddy.config.default;
+
+    tls = {
+      loader = "file";
+      certificates = [
+        "/var/lib/acme/certs/mail.rory.gay/fullchain.pem"
+        "/var/lib/acme/certs/mail.rory.gay/privkey.pem"
+      ];
+    };
+  };
+  networking.firewall.allowedTCPPorts = [
+    993
+    465
+  ];
+
+  security.acme.certs."mail.rory.gay" = {
+    group = config.services.maddy.group;
+  };
+}
diff --git a/host/Rory-nginx/services/email/nginx.nix b/host/Rory-nginx/services/email/nginx.nix
new file mode 100644
index 0000000..a55a65a
--- /dev/null
+++ b/host/Rory-nginx/services/email/nginx.nix
@@ -0,0 +1,21 @@
+{ config, ... }:
+{
+  services.nginx.virtualHosts = {
+    "mta-sts.rory.gay" = {
+      enableACME = true;
+      forceSSL = true;
+      locations = {
+        "/.well-known/mta-sts.txt" = {
+          # age 604800
+          return = ''
+            200 'version: STSv1
+                 mode: enforce
+                 max_age: 120
+                 mx: mail.rory.gay
+                 ';'';
+
+        };
+      };
+    };
+  };
+}
author	Rory& <root@rory.gay>	2024-11-03 00:31:17 +0100
committer	Rory& <root@rory.gay>	2024-11-03 00:31:17 +0100
commit	8aa83e2bcc11f33eedff9e19fbb32f0bcda4b53e (patch)
tree	30c27129e37328e120f4618e63ae9204a67b292f /host/Rory-nginx
parent	Add desktop changes (diff)
download	Rory-Open-Architecture-8aa83e2bcc11f33eedff9e19fbb32f0bcda4b53e.tar.xz