Initial

.gitignore

@@ -0,0 +1,2 @@
+secrets.nix
+hardware-configuration.nix

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2019 Mikhail Klementev
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,24 @@
+# mail.dumpstack.io
+
+Note:
+1. Comment out fetchTarball and mailserver for initial installation,
+   I don't know why but there's issues with fetchTarball when it runs
+   from live nixos installer.
+
+2. Some cloud providers disallow outbound SMTP by default. Check it if
+   there'll be issues with outgoing emails.
+
+## Installation
+
+    parted /dev/vda mklabel msdos
+    parted /dev/vda mkpart primary ext4 0% 100%
+    mkfs.ext4 -L system /dev/vda1
+    mount /dev/vda1 /mnt/
+
+    nix-env -iA nixos.gitMinimal
+	git clone https://code.dumpstack.io/infra/mail.dumpstack.io.git /mnt/etc/nixos/
+
+    nixos-generate-config --root /mnt
+
+    nixos-install
+    reboot

configuration.nix

@@ -0,0 +1,54 @@
+{ config, pkgs, ... }:
+let
+  secrets = import ./secrets.nix;
+in {
+  imports = [
+    ./hardware-configuration.nix
+    # check https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/tags
+    # for new releases
+    (builtins.fetchTarball {
+      url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.0/nixos-mailserver-v2.2.0.tar.gz";
+      sha256 = "0gqzgy50hgb5zmdjiffaqp277a68564vflfpjvk1gv6079zahksc";
+    })
+  ];
+
+  users.extraUsers.root = {
+    openssh.authorizedKeys.keys = [ secrets.pubkey ];
+  };
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.device = "/dev/vda";
+
+  networking.hostName = "mail.dumpstack.io";
+
+  networking.firewall.allowedTCPPorts = [ 443 ];
+
+  environment.systemPackages = with pkgs; [
+    htop
+  ];
+
+  mailserver = {
+    enable = true;
+    fqdn = "mail.dumpstack.io";
+    domains = [ "dumpstack.io" ];
+    loginAccounts = {
+        "root@dumpstack.io" = {
+            hashedPassword = "${secrets.mailHashedPassword}";
+            aliases = secrets.aliases;
+            catchAll = [ "dumpstack.io" ];
+        };
+    };
+
+    certificateScheme = 3;      # Let's Encrypt
+    enableImapSsl = true;
+
+    rebootAfterKernelUpgrade.enable = true;
+  };
+
+  time.timeZone = "UTC";
+  services.openssh.enable = true;
+
+  system.autoUpgrade.enable = true;
+  system.stateVersion = "18.09";
+}

secrets.nix.example

@@ -0,0 +1,9 @@
+{
+  pubkey = "changeme"; # ssh-add -L
+  mailHashedPassword = "changeme"; # mkpasswd -m sha512
+  # keep it secret for avoid spam
+  aliases = [
+    "info@domain.tld"
+    "postmaster@domain.tld"
+  ];
+}