diff options
| author | Max Audron <audron@cocaine.farm> | 2025-08-11 12:02:45 +0200 |
|---|---|---|
| committer | Max Audron <audron@cocaine.farm> | 2025-08-11 12:02:45 +0200 |
| commit | fc6c1353a936884f50bcd727422b6606d17bc63b (patch) | |
| tree | 46cdb9c696066d1615eb433c939dd20f873c9e98 /modules | |
| parent | add prometheus alerting rules (diff) | |
add mail server
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/default.nix | 2 | ||||
| -rw-r--r-- | modules/hetzner/default.nix | 2 | ||||
| -rw-r--r-- | modules/mailserver/default.nix | 45 |
3 files changed, 48 insertions, 1 deletions
diff --git a/modules/default.nix b/modules/default.nix index 934aa4e..afabc28 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -35,4 +35,6 @@ monitoring = import ./monitoring; monitoring-node = import ./monitoring/node-exporter.nix; homepage = import ./homepage; + + mailserver = import ./mailserver; } diff --git a/modules/hetzner/default.nix b/modules/hetzner/default.nix index d24908d..af44deb 100644 --- a/modules/hetzner/default.nix +++ b/modules/hetzner/default.nix @@ -3,7 +3,7 @@ { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ]; boot.initrd.kernelModules = [ "nvme" ]; boot.loader.grub.device = "/dev/sda"; diff --git a/modules/mailserver/default.nix b/modules/mailserver/default.nix new file mode 100644 index 0000000..9188129 --- /dev/null +++ b/modules/mailserver/default.nix @@ -0,0 +1,45 @@ +{ config, lib, pkgs, ...}: + +{ + mailserver = { + enable = true; + + fqdn = "mail.vapor.systems"; + domains = [ "vapor.systems" ]; + + # A list of all login accounts. To create the password hashes, use + # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' + loginAccounts = { + # "user1@example.com" = { + # hashedPasswordFile = "/a/file/containing/a/hashed/password"; + # aliases = ["postmaster@example.com"]; + # }; + # "user2@example.com" = { ... }; + }; + + ldap = { + enable = true; + uris = [ "ldaps://ettves:636" ]; + + bind = { + dn = "cn=mail,ou=users,dc=mail,dc=vapor,dc=systems"; + passwordFile = "/etc/secrets/ldap"; + }; + + searchBase = "dc=mail,dc=vapor,dc=systems"; + }; + + certificateScheme = "acme"; + }; + + secrets = { + minecraft = { + source = ../../secrets/authentik/mail; + dest = "/etc/secrets/ldap"; + }; + }; + + security.acme.certs = { + "mail.vapor.systems" = { }; + }; +} |