1
0
Forka 0
mail.dumpstack.io/configuration.nix

68 righe
1.5 KiB
Nix

{ config, pkgs, ... }:
let
secrets = import ./secrets.nix;
hostname = "mail-dumpstack-io";
domain = "dumpstack.io";
branch = "22.11";
in {
imports = [
./hardware-configuration.nix
(builtins.fetchTarball {
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-${branch}/nixos-mailserver-nixos-${branch}.tar.gz";
})
];
users.extraUsers.root = {
openssh.authorizedKeys.keys = [ secrets.pubkey ];
};
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/vda";
networking.hostName = hostname;
networking.firewall.allowedTCPPorts = [ 443 ];
environment.systemPackages = with pkgs; [
htop vim git
];
security.acme.acceptTerms = true;
security.acme.certs."mail.${domain}".email = "letsencrypt@${domain}";
mailserver = {
enable = true;
fqdn = "mail.${domain}";
domains = [ "${domain}" ];
loginAccounts = {
"root@${domain}" = {
hashedPassword = "${secrets.mailHashedPassword}";
aliases = [ "@${domain}" ];
};
};
certificateScheme = 3; # Let's Encrypt
enableImapSsl = true;
};
time.timeZone = "UTC";
services.openssh.enable = true;
system.autoUpgrade = {
enable = true;
allowReboot = true;
};
# read release notes carefully before changing it
system.stateVersion = "21.05";
nix = {
optimise.automatic = true;
gc = {
automatic = true;
options = "--delete-older-than 7d";
};
};
}