Some initial updates to the mail server

2023-11-25 00:47:00 +01:00 · 2023-11-25 00:47:00 +01:00 · d2bff65f03
parent cfd0fcf082
commit d2bff65f03
2 changed files with 15 additions and 3 deletions
--- a/nixos/queen/configuration.nix
+++ b/nixos/queen/configuration.nix
@ -60,8 +60,8 @@
  sops.secrets."nextclouddb".owner = config.users.users.nextcloud.name;
  sops.secrets."local.json".mode = "0440";
  sops.secrets."local.json".owner = config.users.users.onlyoffice.name;
-  #sops.secrets."mailpass".mode = "0440";
+  sops.secrets."mailpass".mode = "0440";
-  #sops.secrets."mailpass".owner = config.users.users.virtualMail.name;
+  sops.secrets."mailpass".owner = config.users.users.virtualMail.name;
  nix = {
    gc = {
--- a/nixos/queen/mail-server.nix
+++ b/nixos/queen/mail-server.nix
@ -1,6 +1,7 @@
 {
  inputs,
  outputs,
  lib,
  config,
  pkgs,
  ...
@ -15,6 +16,8 @@
    })
  ];
  users.groups.virtualMail = {};
  users.users = {
    virtualMail = {
      isSystemUser = true;
@ -26,12 +29,21 @@
    enable = true;
    fqdn = "mail.gladtherescake.eu";
    domains = ["nextcloud.gladtherescake.eu"];
    mailserver.enableImapSsl = true;
    loginAccounts = {
      "no-reply@nextcloud.gladtherescake.eu" = {
        hashedPasswordFile = config.sops.secrets."mailpass".path;
        aliases = ["postmaster@nextcloud.gladtherescake.eu" "abuse@nextcloud.gladtherescake.eu" "security@nextcloud.gladtherescake.eu"];
      };
    };
    forwards = {
      "abuse@nextcloud.gladtherescake.eu" = "nextcloud@gladtherescake.eu";
      "postmaster@nextcloud.gladtherescake.eu" = "nextcloud@gladtherescake.eu";
    };
    openFirewall = true;
    mailserver.rejectRecipients = ["no-reply@nextcloud.gladtherescake.eu"];
    certificateScheme = "acme-nginx";
  };
  security.acme.acceptTerms = true;
  security.acme.defaults.email = "letsencryp@gladtherescake.eu";
 }