Creating a mail server!

nixos/queen/configuration.nix

@@ -17,6 +17,7 @@
     # ./nvim.nix
     ./hardware-configuration.nix
     ./nextcloud.nix
+    ./mail-server.nix
   ];
 
   boot.tmp.cleanOnBoot = true;
@@ -58,6 +59,8 @@
   sops.secrets."nextclouddb".owner = config.users.users.nextcloud.name;
   sops.secrets."local.json".mode = "0440";
   sops.secrets."local.json".owner = config.users.users.onlyoffice.name;
+  sops.secrets."mailpass".mode = "0440";
+  sops.secrets."mailpass".owner = config.users.users."no-reply@nextcloud.gladtherescake.eu".name;
 
   nix = {
     gc = {

nixos/queen/mail-server.nix

@@ -0,0 +1,35 @@
+{
+  inputs,
+  outputs,
+  config,
+  pkgs,
+  ...
+}: {
+  imports = [
+    (builtins.fetchTarball {
+      # Pick a release version you are interested in and set its hash, e.g.
+      url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.3.0/nixos-mailserver-v2.3.0.tar.gz";
+      # To get the sha256 of the nixos-mailserver tarball, we can use the nix-prefetch-url command:
+      # release="nixos-23.05"; nix-prefetch-url "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${release}/nixos-mailserver-${release}.tar.gz" --unpack
+      sha256 = "0lpz08qviccvpfws2nm83n7m2r8add2wvfg9bljx9yxx8107r919";
+    })
+  ];
+  mailserver = {
+    enable = true;
+    fqdn = "mail.gladtherescake.eu";
+    domains = ["nextcloud.gladtherescake.eu"];
+
+    loginAccounts = {
+      "no-reply@nextcloud.gladtherescake.eu" = {
+        hashedPasswordFile = config.sops.secrets."mailpass".path;
+        aliases = ["postmaster@nextcloud.gladtherescake.eu" "abuse@nextcloud.gladtherescake.eu" "security@nextcloud.gladtherescake.eu"];
+      };
+
+      # Use Let's Encrypt certificates. Note that this needs to set up a stripped
+      # down nginx and opens port 80.
+      certificateScheme = "acme-nginx";
+    };
+    security.acme.acceptTerms = true;
+    security.acme.defaults.email = "security@nextcloud.gladtherescake.eu";
+  };
+}

secrets/queen-Lillian.yaml

@@ -1,6 +1,7 @@
 nextcloudadmin: ENC[AES256_GCM,data:LqgutUXs1msmFUNa+4JI1BEq0R8=,iv:sLP52reqsJfUNQnA9MbtbcZjGeluHDaO3dlHpWCLU4M=,tag:ChG/hZIMcmc0wt2AWOBNCA==,type:str]
 nextclouddb: ENC[AES256_GCM,data:EFwVtVD4KnEiZ5SM+1XW0U0mR/I2IXcRYXhQTgwv788=,iv:blHbNqI/Gq4tUQuqKWgrX9tYj6XKLRrWl1LFN+cn71M=,tag:H/7vobp5OwPbqsapvw7mUw==,type:str]
 local.json: ENC[AES256_GCM,data:EWMZTvnP9DmJKZq3mejvlSc8e2BZxcREn+XB1tAM5NLS0G2fdWJThkkgRz2owdAiZV2BLc/yqr4DqJzDIXiOxWWBGAbqRFH5kPw2mAdkAcW76F8tUNQSBtQXM+Gu3W3EwjQwNiwVlb1jB0BNWU4TJfZGfdk2Vt0R7ggTJhRIAwQiXC1VtMWmlAOyRIaiMzaY4ktEMJT/nxF8koZV79kiCFcAGHzoYynW16y2QkaxFca/4bTvBJCAMBuK0lLF9xeipyGZUgxPV/OAQkrQGAqHcrHL+FmQiFEIuLUBzTDQp57kV1EKKCevRUcPCX/NhQGgLYVgDrsLTb1ftB30yHjWUap+JttKXBk2HElnQVEdS37zADyQ8tYrD+2l2CLrBGctVpg6K61OP44=,iv:VbJgmvIN1/FjQJl58KBsDNTyUWtIAYbBB0iPe6I0+hE=,tag:if16JgRVPeC+m8vFeYhKtA==,type:str]
+mailpass: ENC[AES256_GCM,data:UVrc1RUV0xJFPiZ8J4refglR0p35gUd21EvvTSoeXHVE9/xC0biKmjdPu8cBmimNPmKJMvZRf8wOz+/x,iv:zIYI9JY/bfUc3nNPNopKMbh09B6KUotMUAmNDzVUBN8=,tag:53N8WlQ5CDlrp/KIEQiHgQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -16,8 +17,8 @@ sops:
             KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
             NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-11-23T19:03:04Z"
+    lastmodified: "2023-11-24T14:30:34Z"
-    mac: ENC[AES256_GCM,data:SaC8fw76/O1C4ahiFmpDpF19X8jXUVAs+i86dDSkHLllRxUXsVujW4NUsX0aq2OOSAFZE5QVy/Aq7Os3MsEBNezd0YxCgVpzKOj/6YUUEoNDhZGvd2n1a3ULoqlWNBhmRd42MvEWVoTWPJHlv34fkoYD+NRD1jF3QLwANBGcVqA=,iv:x1AoAMdt6+M/+mLatWpLWBTPyaRS2/pYSj250DkZWdU=,tag:HHF/zb8VWIaj8Q9T4NFwAw==,type:str]
+    mac: ENC[AES256_GCM,data:Tl4eqh2SUEcgfOynbLoclpJKhMHkkaeV3bvkYB4dc3tv9hEWuX5HR1iI67+HVImdLcJ1zTyWkNSl+89MOWkSB85Rb643uCa5myDFQ30PHWN2ubPVoY3XzucW0nzBllZZsH6lPakNXwHTLkcf1etnWzL+/sXnYff2S/WPqTAdkwU=,iv:aWlA7jfBGStCELf/6ij2aT7EAwRp/RQP5Sw4WMPqbtE=,tag:bvSiyFrqPP0uB71zQTH08Q==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1