2 files changed, 67 insertions, 0 deletions
diff --git a/host/Rory-nginx/services/email/maddy.nix b/host/Rory-nginx/services/email/maddy.nix
new file mode 100644
index 0000000..995d6a2
--- /dev/null
+++ b/host/Rory-nginx/services/email/maddy.nix
@@ -0,0 +1,46 @@
+{
+ pkgs,
+ options,
+ config,
+ ...
+}:
+{
+ services.maddy = {
+ enable = true;
+ primaryDomain = "rory.gay";
+ hostname = "mail.rory.gay";
+ ensureAccounts = [
+ "root@rory.gay"
+ ];
+ ensureCredentials = {
+ "root@rory.gay".passwordFile = "/var/lib/maddy/passwd/root";
+ };
+ config =
+ builtins.replaceStrings
+ [
+ "imap tcp://0.0.0.0:143"
+ "submission tcp://0.0.0.0:587"
+ ]
+ [
+ "imap tls://0.0.0.0:993 tcp://0.0.0.0:143"
+ "submission tls://0.0.0.0:465 tcp://0.0.0.0:587"
+ ]
+ options.services.maddy.config.default;
+
+ tls = {
+ loader = "file";
+ certificates = [
+ "/var/lib/acme/certs/mail.rory.gay/fullchain.pem"
+ "/var/lib/acme/certs/mail.rory.gay/privkey.pem"
+ ];
+ };
+ };
+ networking.firewall.allowedTCPPorts = [
+ 993
+ 465
+ ];
+
+ security.acme.certs."mail.rory.gay" = {
+ group = config.services.maddy.group;
+ };
+}
diff --git a/host/Rory-nginx/services/email/nginx.nix b/host/Rory-nginx/services/email/nginx.nix
new file mode 100644
index 0000000..a55a65a
--- /dev/null
+++ b/host/Rory-nginx/services/email/nginx.nix
@@ -0,0 +1,21 @@
+{ config, ... }:
+{
+ services.nginx.virtualHosts = {
+ "mta-sts.rory.gay" = {
+ enableACME = true;
+ forceSSL = true;
+ locations = {
+ "/.well-known/mta-sts.txt" = {
+ # age 604800
+ return = ''
+ 200 'version: STSv1
+ mode: enforce
+ max_age: 120
+ mx: mail.rory.gay
+ ';'';
+
+ };
+ };
+ };
+ };
+}
|
