Creating a mail server!

nixos/queen/configuration.nix

@@ -17,6 +17,7 @@
     # ./nvim.nix
     ./hardware-configuration.nix
     ./nextcloud.nix
+    ./mail-server.nix
   ];
 
   boot.tmp.cleanOnBoot = true;
@@ -58,6 +59,8 @@
   sops.secrets."nextclouddb".owner = config.users.users.nextcloud.name;
   sops.secrets."local.json".mode = "0440";
   sops.secrets."local.json".owner = config.users.users.onlyoffice.name;
+  sops.secrets."mailpass".mode = "0440";
+  sops.secrets."mailpass".owner = config.users.users."no-reply@nextcloud.gladtherescake.eu".name;
 
   nix = {
     gc = {

nixos/queen/mail-server.nix

@@ -0,0 +1,35 @@
+{
+  inputs,
+  outputs,
+  config,
+  pkgs,
+  ...
+}: {
+  imports = [
+    (builtins.fetchTarball {
+      # Pick a release version you are interested in and set its hash, e.g.
+      url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.3.0/nixos-mailserver-v2.3.0.tar.gz";
+      # To get the sha256 of the nixos-mailserver tarball, we can use the nix-prefetch-url command:
+      # release="nixos-23.05"; nix-prefetch-url "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${release}/nixos-mailserver-${release}.tar.gz" --unpack
+      sha256 = "0lpz08qviccvpfws2nm83n7m2r8add2wvfg9bljx9yxx8107r919";
+    })
+  ];
+  mailserver = {
+    enable = true;
+    fqdn = "mail.gladtherescake.eu";
+    domains = ["nextcloud.gladtherescake.eu"];
+
+    loginAccounts = {
+      "no-reply@nextcloud.gladtherescake.eu" = {
+        hashedPasswordFile = config.sops.secrets."mailpass".path;
+        aliases = ["postmaster@nextcloud.gladtherescake.eu" "abuse@nextcloud.gladtherescake.eu" "security@nextcloud.gladtherescake.eu"];
+      };
+
+      # Use Let's Encrypt certificates. Note that this needs to set up a stripped
+      # down nginx and opens port 80.
+      certificateScheme = "acme-nginx";
+    };
+    security.acme.acceptTerms = true;
+    security.acme.defaults.email = "security@nextcloud.gladtherescake.eu";
+  };
+}