From fc6c1353a936884f50bcd727422b6606d17bc63b Mon Sep 17 00:00:00 2001
From: Max Audron <audron@cocaine.farm>
Date: Mon, 11 Aug 2025 12:02:45 +0200
Subject: add mail server

---
 modules/mailserver/default.nix | 45 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 modules/mailserver/default.nix

(limited to 'modules/mailserver')

diff --git a/modules/mailserver/default.nix b/modules/mailserver/default.nix
new file mode 100644
index 0000000..9188129
--- /dev/null
+++ b/modules/mailserver/default.nix
@@ -0,0 +1,45 @@
+{ config, lib, pkgs, ...}:
+
+{
+  mailserver = {
+    enable = true;
+
+    fqdn = "mail.vapor.systems";
+    domains = [ "vapor.systems" ];
+
+    # A list of all login accounts. To create the password hashes, use
+    # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
+    loginAccounts = {
+      # "user1@example.com" = {
+      #   hashedPasswordFile = "/a/file/containing/a/hashed/password";
+      #   aliases = ["postmaster@example.com"];
+      # };
+      # "user2@example.com" = { ... };
+    };
+
+    ldap = {
+      enable = true;
+      uris = [ "ldaps://ettves:636" ];
+
+      bind = {
+        dn = "cn=mail,ou=users,dc=mail,dc=vapor,dc=systems";
+        passwordFile = "/etc/secrets/ldap";
+      };
+
+      searchBase = "dc=mail,dc=vapor,dc=systems";
+    };
+
+    certificateScheme = "acme";
+  };
+
+  secrets = {
+    minecraft = {
+      source = ../../secrets/authentik/mail;
+      dest = "/etc/secrets/ldap";
+    };
+  };
+
+  security.acme.certs = {
+    "mail.vapor.systems" = { };
+  };
+}
-- 
cgit v1.2.3