59 lines
1.4 KiB
Nix
59 lines
1.4 KiB
Nix
{ config, pkgs, ... }:
|
|
let
|
|
secrets = import ./secrets.nix;
|
|
in {
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
# check https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/tags
|
|
# for new releases
|
|
(builtins.fetchTarball {
|
|
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.0/nixos-mailserver-v2.2.0.tar.gz";
|
|
sha256 = "0gqzgy50hgb5zmdjiffaqp277a68564vflfpjvk1gv6079zahksc";
|
|
})
|
|
];
|
|
|
|
users.extraUsers.root = {
|
|
openssh.authorizedKeys.keys = [ secrets.pubkey ];
|
|
};
|
|
|
|
boot.loader.grub.enable = true;
|
|
boot.loader.grub.version = 2;
|
|
boot.loader.grub.device = "/dev/vda";
|
|
|
|
networking.hostName = "mail.dumpstack.io";
|
|
|
|
networking.firewall.allowedTCPPorts = [ 443 ];
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
htop
|
|
];
|
|
|
|
mailserver = {
|
|
enable = true;
|
|
fqdn = "mail.dumpstack.io";
|
|
domains = [ "dumpstack.io" ];
|
|
loginAccounts = {
|
|
"root@dumpstack.io" = {
|
|
hashedPassword = "${secrets.mailHashedPassword}";
|
|
aliases = secrets.aliases;
|
|
catchAll = [ "dumpstack.io" ];
|
|
};
|
|
};
|
|
|
|
certificateScheme = 3; # Let's Encrypt
|
|
enableImapSsl = true;
|
|
|
|
rebootAfterKernelUpgrade.enable = true;
|
|
};
|
|
|
|
time.timeZone = "UTC";
|
|
services.openssh.enable = true;
|
|
|
|
system.autoUpgrade.enable = true;
|
|
system.stateVersion = "18.09";
|
|
|
|
nix.gc.automatic = true;
|
|
nix.gc.dates = "weekly";
|
|
nix.gc.options = "--delete-older-than 30d";
|
|
}
|