38 lines
1 KiB
Nix
38 lines
1 KiB
Nix
{config, ...}: {
|
|
# nix shell nixpkgs#apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2
|
|
age.secrets = {
|
|
leet-nrab-lol.file = ../../secrets/leet-nrab-lol-pass.age;
|
|
alert-nrab-lol.file = ../../secrets/alert-nrab-lol-pass.age;
|
|
};
|
|
|
|
users.users.nginx.extraGroups = ["acme"];
|
|
networking.firewall.allowedTCPPorts = [80 443 8448 2222];
|
|
|
|
mailserver = {
|
|
enable = true;
|
|
fqdn = "mail.nrab.lol";
|
|
domains = [
|
|
"nrab.lol"
|
|
"rab.lol"
|
|
];
|
|
lmtpSaveToDetailMailbox = "no";
|
|
recipientDelimiter = "+-";
|
|
|
|
loginAccounts = {
|
|
"1337@nrab.lol" = {
|
|
hashedPasswordFile = config.age.secrets.leet-nrab-lol.path;
|
|
aliases = ["n@rab.lol"];
|
|
};
|
|
"alert@nrab.lol" = {
|
|
hashedPasswordFile = config.age.secrets.alert-nrab-lol.path;
|
|
sendOnly = true;
|
|
sendOnlyRejectMessage = "";
|
|
};
|
|
};
|
|
|
|
certificateScheme = "acme-nginx";
|
|
};
|
|
|
|
# TODO: Remove once SNM gets their shit together
|
|
services.dovecot2.sieve.extensions = ["fileinto"];
|
|
}
|