69 lines
1.5 KiB
Nix
69 lines
1.5 KiB
Nix
{ config, pkgs, ... }:
|
|
let
|
|
secrets = import ./secrets.nix;
|
|
hostname = "mail-dumpstack-io";
|
|
domain = "dumpstack.io";
|
|
branch = "21.05";
|
|
in {
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
(builtins.fetchTarball {
|
|
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-${branch}/nixos-mailserver-nixos-${branch}.tar.gz";
|
|
})
|
|
];
|
|
|
|
users.extraUsers.root = {
|
|
openssh.authorizedKeys.keys = [ secrets.pubkey ];
|
|
};
|
|
|
|
boot.loader.grub.enable = true;
|
|
boot.loader.grub.version = 2;
|
|
boot.loader.grub.device = "/dev/vda";
|
|
|
|
networking.hostName = hostname;
|
|
|
|
networking.firewall.allowedTCPPorts = [ 443 ];
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
htop vim
|
|
];
|
|
|
|
security.acme.acceptTerms = true;
|
|
security.acme.certs."mail.${domain}".email = "letsencrypt@${domain}";
|
|
|
|
mailserver = {
|
|
enable = true;
|
|
fqdn = "mail.${domain}";
|
|
domains = [ "${domain}" ];
|
|
loginAccounts = {
|
|
"root@${domain}" = {
|
|
hashedPassword = "${secrets.mailHashedPassword}";
|
|
aliases = secrets.aliases;
|
|
catchAll = [ "${domain}" ];
|
|
};
|
|
};
|
|
|
|
certificateScheme = 3; # Let's Encrypt
|
|
enableImapSsl = true;
|
|
};
|
|
|
|
time.timeZone = "UTC";
|
|
services.openssh.enable = true;
|
|
|
|
system.autoUpgrade = {
|
|
enable = true;
|
|
allowReboot = true;
|
|
};
|
|
|
|
# read release notes carefully before changing it
|
|
system.stateVersion = "21.05";
|
|
|
|
nix = {
|
|
optimise.automatic = true;
|
|
gc = {
|
|
automatic = true;
|
|
options = "--delete-older-than 7d";
|
|
};
|
|
};
|
|
}
|