summary refs log tree commit diff
path: root/host/Rory-nginx/services/email/maddy.nix
diff options
context:
space:
mode:
Diffstat (limited to 'host/Rory-nginx/services/email/maddy.nix')
-rw-r--r--host/Rory-nginx/services/email/maddy.nix46
1 files changed, 46 insertions, 0 deletions
diff --git a/host/Rory-nginx/services/email/maddy.nix b/host/Rory-nginx/services/email/maddy.nix
new file mode 100644
index 0000000..995d6a2
--- /dev/null
+++ b/host/Rory-nginx/services/email/maddy.nix
@@ -0,0 +1,46 @@
+{
+  pkgs,
+  options,
+  config,
+  ...
+}:
+{
+  services.maddy = {
+    enable = true;
+    primaryDomain = "rory.gay";
+    hostname = "mail.rory.gay";
+    ensureAccounts = [
+      "root@rory.gay"
+    ];
+    ensureCredentials = {
+      "root@rory.gay".passwordFile = "/var/lib/maddy/passwd/root";
+    };
+    config =
+      builtins.replaceStrings
+        [
+          "imap tcp://0.0.0.0:143"
+          "submission tcp://0.0.0.0:587"
+        ]
+        [
+          "imap tls://0.0.0.0:993 tcp://0.0.0.0:143"
+          "submission tls://0.0.0.0:465 tcp://0.0.0.0:587"
+        ]
+        options.services.maddy.config.default;
+
+    tls = {
+      loader = "file";
+      certificates = [
+        "/var/lib/acme/certs/mail.rory.gay/fullchain.pem"
+        "/var/lib/acme/certs/mail.rory.gay/privkey.pem"
+      ];
+    };
+  };
+  networking.firewall.allowedTCPPorts = [
+    993
+    465
+  ];
+
+  security.acme.certs."mail.rory.gay" = {
+    group = config.services.maddy.group;
+  };
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-21 11:56:01 +0000