NixOS configuration https://mail.dumpstack.io
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

configuration.nix 1.5KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768
  1. { config, pkgs, ... }:
  2. let
  3. secrets = import ./secrets.nix;
  4. hostname = "mail-dumpstack-io";
  5. domain = "dumpstack.io";
  6. branch = "20.09";
  7. in {
  8. imports = [
  9. ./hardware-configuration.nix
  10. (builtins.fetchTarball {
  11. url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-${branch}/nixos-mailserver-nixos-${branch}.tar.gz";
  12. })
  13. ];
  14. users.extraUsers.root = {
  15. openssh.authorizedKeys.keys = [ secrets.pubkey ];
  16. };
  17. boot.loader.grub.enable = true;
  18. boot.loader.grub.version = 2;
  19. boot.loader.grub.device = "/dev/vda";
  20. networking.hostName = hostname;
  21. networking.firewall.allowedTCPPorts = [ 443 ];
  22. environment.systemPackages = with pkgs; [
  23. htop vim
  24. ];
  25. security.acme.acceptTerms = true;
  26. security.acme.certs."mail.${domain}".email = "letsencrypt@${domain}";
  27. mailserver = {
  28. enable = true;
  29. fqdn = "mail.${domain}";
  30. domains = [ "${domain}" ];
  31. loginAccounts = {
  32. "root@${domain}" = {
  33. hashedPassword = "${secrets.mailHashedPassword}";
  34. aliases = secrets.aliases;
  35. catchAll = [ "${domain}" ];
  36. };
  37. };
  38. certificateScheme = 3; # Let's Encrypt
  39. enableImapSsl = true;
  40. };
  41. time.timeZone = "UTC";
  42. services.openssh.enable = true;
  43. system.autoUpgrade = {
  44. enable = true;
  45. allowReboot = true;
  46. };
  47. # read release notes carefully before changing it
  48. system.stateVersion = "20.09";
  49. nix = {
  50. optimise.automatic = true;
  51. gc = {
  52. automatic = true;
  53. options = "--delete-older-than 7d";
  54. };
  55. };
  56. }