diff --git a/default.nix b/default.nix
index 82a4075..ecdf6b8 100644
--- a/default.nix
+++ b/default.nix
@@ -253,15 +253,8 @@ in
./mail-server/environment.nix
./mail-server/networking.nix
./mail-server/systemd.nix
+ ./mail-server/dovecot.nix
+ ./mail-server/postfix.nix
+ ./mail-server/rmilter.nix
];
-
- config = mkIf cfg.enable {
- services = import ./mail-server/services.nix {
- inherit lib;
- inherit (cfg) mailDirectory vmailUserName vmailGroupName virtualAliases domain
- enableImap enablePop3 dkimSigning dkimSelector dkimKeyDirectory
- certificateScheme certificateFile keyFile certificateDirectory virusScanning;
- };
-
- };
}
diff --git a/mail-server/dovecot.nix b/mail-server/dovecot.nix
index 15d08ee..3caca10 100644
--- a/mail-server/dovecot.nix
+++ b/mail-server/dovecot.nix
@@ -14,73 +14,80 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see
-{ vmailGroupName, vmailUserName, mailDirectory, enableImap, enablePop3, cert,
-key }:
+{ config, pkgs, lib, ... }:
+
+with (import ./common.nix { inherit config; });
let
+ cfg = config.mailserver;
+
# maildir in format "/${domain}/${user}/"
- dovecot_maildir = "maildir:${mailDirectory}/%d/%n/";
+ dovecot_maildir = "maildir:${cfg.mailDirectory}/%d/%n/";
in
{
- enable = true;
- enableImap = enableImap;
- enablePop3 = enablePop3;
- mailGroup = vmailGroupName;
- mailUser = vmailUserName;
- mailLocation = dovecot_maildir;
- sslServerCert = cert;
- sslServerKey = key;
- enableLmtp = true;
- extraConfig = ''
- #Extra Config
- mail_access_groups = ${vmailGroupName}
- ssl = required
+ config = with cfg; lib.mkIf enable {
+ services.dovecot2 = {
+ enable = true;
+ enableImap = enableImap;
+ enablePop3 = enablePop3;
+ mailGroup = vmailGroupName;
+ mailUser = vmailUserName;
+ mailLocation = dovecot_maildir;
+ sslServerCert = certificatePath;
+ sslServerKey = keyPath;
+ enableLmtp = true;
+ extraConfig = ''
+ #Extra Config
+ mail_access_groups = ${vmailGroupName}
+ ssl = required
- service lmtp {
- unix_listener /var/lib/postfix/queue/private/dovecot-lmtp {
+ service lmtp {
+ unix_listener /var/lib/postfix/queue/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix # TODO: < make variable
- }
- }
+ }
+ }
- service auth {
- unix_listener /var/lib/postfix/queue/private/auth {
+ service auth {
+ unix_listener /var/lib/postfix/queue/private/auth {
mode = 0660
user = postfix # TODO: < make variable
group = postfix # TODO: < make variable
- }
- }
+ }
+ }
- auth_mechanisms = plain login
+ auth_mechanisms = plain login
- namespace inbox {
+ namespace inbox {
- #prefix = INBOX.
- # the namespace prefix isn't added again to the mailbox names.
- inbox = yes
- # ...
+ #prefix = INBOX.
+ # the namespace prefix isn't added again to the mailbox names.
+ inbox = yes
+ # ...
- mailbox "Trash" {
- auto = no
- special_use = \Trash
- }
+ mailbox "Trash" {
+ auto = no
+ special_use = \Trash
+ }
- mailbox "Junk" {
- auto = subscribe
- special_use = \Junk
- }
+ mailbox "Junk" {
+ auto = subscribe
+ special_use = \Junk
+ }
- mailbox "Drafts" {
- auto = subscribe
- special_use = \Drafts
- }
+ mailbox "Drafts" {
+ auto = subscribe
+ special_use = \Drafts
+ }
- mailbox "Sent" {
- auto = subscribe
- special_use = \Sent
- }
- }
- '';
+ mailbox "Sent" {
+ auto = subscribe
+ special_use = \Sent
+ }
+ }
+ '';
+ };
+ };
}
diff --git a/mail-server/postfix.nix b/mail-server/postfix.nix
index cc2817e..b914ad5 100644
--- a/mail-server/postfix.nix
+++ b/mail-server/postfix.nix
@@ -14,21 +14,25 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see
-{ lib, mailDirectory, domain, virtualAliases, cert, key }:
+{ config, pkgs, lib, ... }:
+
+with (import ./common.nix { inherit config; });
let
+ cfg = config.mailserver;
+
# valiases_postfix :: [ String ]
valiases_postfix = map
(from:
- let to = virtualAliases.${from};
- in "${from}@${domain} ${to}@${domain}")
- (builtins.attrNames virtualAliases);
+ let to = cfg.virtualAliases.${from};
+ in "${from}@${cfg.domain} ${to}@${cfg.domain}")
+ (builtins.attrNames cfg.virtualAliases);
# valiases_file :: Path
valiases_file = builtins.toFile "valias" (lib.concatStringsSep "\n" valiases_postfix);
# vhosts_file :: Path
- vhosts_file = builtins.toFile "vhosts" domain;
+ vhosts_file = builtins.toFile "vhosts" cfg.domain;
# vaccounts_file :: Path
# see
@@ -39,50 +43,54 @@ let
in
{
- enable = true;
- networksStyle = "host";
- mapFiles."valias" = valiases_file;
- mapFiles."vaccounts" = vaccounts_file;
- sslCert = cert;
- sslKey = key;
- enableSubmission = true;
+ config = with cfg; lib.mkIf enable {
- extraConfig =
- ''
+ services.postfix = {
+ enable = true;
+ networksStyle = "host";
+ mapFiles."valias" = valiases_file;
+ mapFiles."vaccounts" = vaccounts_file;
+ sslCert = certificatePath;
+ sslKey = keyPath;
+ enableSubmission = true;
- # Extra Config
+ extraConfig =
+ ''
+ # Extra Config
- smtpd_banner = $myhostname ESMTP NO UCE
- smtpd_tls_auth_only = yes
- disable_vrfy_command = yes
- message_size_limit = 20971520
+ smtpd_banner = $myhostname ESMTP NO UCE
+ smtpd_tls_auth_only = yes
+ disable_vrfy_command = yes
+ message_size_limit = 20971520
- # virtual mail system
- virtual_uid_maps = static:5000
- virtual_gid_maps = static:5000
- virtual_mailbox_base = ${mailDirectory}
- virtual_mailbox_domains = ${vhosts_file}
- virtual_alias_maps = hash:/var/lib/postfix/conf/valias
- virtual_transport = lmtp:unix:private/dovecot-lmtp
+ # virtual mail system
+ virtual_uid_maps = static:5000
+ virtual_gid_maps = static:5000
+ virtual_mailbox_base = ${mailDirectory}
+ virtual_mailbox_domains = ${vhosts_file}
+ virtual_alias_maps = hash:/var/lib/postfix/conf/valias
+ virtual_transport = lmtp:unix:private/dovecot-lmtp
- # sasl with dovecot
- smtpd_sasl_type = dovecot
- smtpd_sasl_path = private/auth
- smtpd_sasl_auth_enable = yes
- smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
- '';
+ # sasl with dovecot
+ smtpd_sasl_type = dovecot
+ smtpd_sasl_path = private/auth
+ smtpd_sasl_auth_enable = yes
+ smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
+ '';
- submissionOptions =
- {
- smtpd_tls_security_level = "encrypt";
- smtpd_sasl_auth_enable = "yes";
- smtpd_sasl_type = "dovecot";
- smtpd_sasl_path = "private/auth";
- smtpd_sasl_security_options = "noanonymous";
- smtpd_sasl_local_domain = "$myhostname";
- smtpd_client_restrictions = "permit_sasl_authenticated,reject";
- smtpd_sender_login_maps = "hash:/etc/postfix/vaccounts";
- smtpd_sender_restrictions = "reject_sender_login_mismatch";
- smtpd_recipient_restrictions = "reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject";
+ submissionOptions =
+ {
+ smtpd_tls_security_level = "encrypt";
+ smtpd_sasl_auth_enable = "yes";
+ smtpd_sasl_type = "dovecot";
+ smtpd_sasl_path = "private/auth";
+ smtpd_sasl_security_options = "noanonymous";
+ smtpd_sasl_local_domain = "$myhostname";
+ smtpd_client_restrictions = "permit_sasl_authenticated,reject";
+ smtpd_sender_login_maps = "hash:/etc/postfix/vaccounts";
+ smtpd_sender_restrictions = "reject_sender_login_mismatch";
+ smtpd_recipient_restrictions = "reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject";
+ };
+ };
};
}
diff --git a/mail-server/rmilter.nix b/mail-server/rmilter.nix
index d003779..f358e2f 100644
--- a/mail-server/rmilter.nix
+++ b/mail-server/rmilter.nix
@@ -14,10 +14,12 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see
-{ domain, virusScanning, dkimSigning, dkimKeyDirectory, dkimSelector }:
+{ config, pkgs, lib, ... }:
let
- clamav = if virusScanning
+ cfg = config.mailserver;
+
+ clamav = if cfg.virusScanning
then
''
clamav {
@@ -25,14 +27,14 @@ let
};
''
else "";
- dkim = if dkimSigning
+ dkim = if cfg.dkimSigning
then
''
dkim {
domain {
- key = "${dkimKeyDirectory}";
+ key = "${cfg.dkimKeyDirectory}";
domain = "*";
- selector = "${dkimSelector}";
+ selector = "${cfg.dkimSelector}";
};
sign_alg = sha256;
auth_only = yes;
@@ -41,15 +43,17 @@ let
else "";
in
{
- enable = true;
- # debug = true;
- postfix.enable = true;
- rspamd.enable = true;
- extraConfig =
- ''
+ config = with cfg; lib.mkIf enable {
+ services.rmilter.enable = true;
+ # services.rmilter.debug = true;
+ services.rmilter.postfix.enable = true;
+ services.rmilter.rspamd.enable = true;
+ services.rmilter.extraConfig =
+ ''
${clamav}
${dkim}
- '';
+ '';
+ };
}
diff --git a/mail-server/services.nix b/mail-server/services.nix
index c17b961..2cebdaf 100644
--- a/mail-server/services.nix
+++ b/mail-server/services.nix
@@ -14,42 +14,31 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see
-{ lib, mailDirectory, vmailUserName, vmailGroupName, virtualAliases, domain,
-enableImap, enablePop3, virusScanning, dkimSigning, dkimSelector,
-dkimKeyDirectory, certificateScheme, certificateFile, keyFile,
-certificateDirectory }:
+
+{ config, pkgs, lib, ... }:
let
+ cfg = config.mailserver;
+
# cert :: PATH
- cert = if certificateScheme == 1
- then certificateFile
- else if certificateScheme == 2
- then "${certificateDirectory}/cert-${domain}.pem"
+ cert = if cfg.certificateScheme == 1
+ then cfg.certificateFile
+ else if cfg.certificateScheme == 2
+ then "${cfg.certificateDirectory}/cert-${cfg.domain}.pem"
else "";
# key :: PATH
- key = if certificateScheme == 1
- then keyFile
- else if certificateScheme == 2
- then "${certificateDirectory}/key-${domain}.pem"
+ key = if cfg.certificateScheme == 1
+ then cfg.keyFile
+ else if cfg.certificateScheme == 2
+ then "${cfg.certificateDirectory}/key-${cfg.domain}.pem"
else "";
in
{
- # rspamd
- rspamd = {
- enable = true;
- };
-
- rmilter = import ./rmilter.nix {
- inherit domain virusScanning dkimSigning dkimSelector dkimKeyDirectory;
- };
-
- postfix = import ./postfix.nix {
- inherit lib mailDirectory domain virtualAliases cert key;
- };
-
- dovecot2 = import ./dovecot.nix {
- inherit vmailGroupName vmailUserName mailDirectory enableImap
- enablePop3 cert key;
- };
+
+ imports = [
+ ./rmilter.nix
+ ./postfix.nix key
+ ./dovecot.nix
+ ];
}