plasmagoat/homelab
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions
homelab/machines/mail/mailserver.nix
plasmagoat bcbcc8b17b
Some checks failed
Test / tests (push) Has been cancelled
Details
/ OpenTofu (push) Has been cancelled
Details
homelab framework module init (everything is a mess)
2025-07-28 02:05:13 +02:00

48 lines
1.6 KiB
Nix
Raw Blame History

{config, ...}: {
sops.secrets."service_accounts/mail/password" = {};
sops.secrets."cloudflare/dns-api-token" = {};
sops.secrets."cloudflare/zone-api-token" = {};
mailserver = {
enable = true;
stateVersion = 3;
fqdn = "mail.procopius.dk";
domains = ["procopius.dk"];
dmarcReporting.enable = true;
localDnsResolver = false;
ldap = {
enable = true;
uris = [
"ldap://auth.lab:3890"
];
bind = {
dn = "cn=mail,ou=people,dc=procopius,dc=dk";
passwordFile = config.sops.secrets."service_accounts/mail/password".path;
};
postfix = {
filter = "(&(objectClass=person)(memberOf=cn=mail,ou=groups,dc=procopius,dc=dk)(|(mail=%s)(mail-alias=%s)))"; # Will require MR!351 for aliases to work properly
mailAttribute = "mail";
};
dovecot = {
userFilter = "(&(objectClass=person)(memberOf=cn=mail,ou=groups,dc=procopius,dc=dk)(mail=%u))";
passFilter = "(&(objectClass=person)(memberOf=cn=mail,ou=groups,dc=procopius,dc=dk)(mail=%u))";
};
searchBase = "ou=people,dc=procopius,dc=dk";
};
certificateScheme = "acme";
acmeCertificateName = "mail.procopius.dk";
};
security.acme.acceptTerms = true;
security.acme.defaults.email = "david.mikael@proton.me";
security.acme.defaults = {
dnsProvider = "cloudflare";
dnsResolver = "1.1.1.1:53";
credentialFiles = {
"CF_DNS_API_TOKEN_FILE" = config.sops.secrets."cloudflare/dns-api-token".path;
"CF_ZONE_API_TOKEN_FILE" = config.sops.secrets."cloudflare/zone-api-token".path;
};
};
}
Reference in a new issue View git blame Copy permalink