1
0
Fork 0
mail.dumpstack.io/configuration.nix

63 lines
1.5 KiB
Nix

{ config, pkgs, ... }:
let
secrets = import ./secrets.nix;
in {
imports = [
./hardware-configuration.nix
# check https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/tags
# for new releases
(builtins.fetchTarball {
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.1/nixos-mailserver-v2.2.1.tar";
sha256 = "03d49v8qnid9g9rha0wg2z6vic06mhp0b049s3whccn1axvs2zzx";
})
];
users.extraUsers.root = {
openssh.authorizedKeys.keys = [ secrets.pubkey ];
};
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/vda";
networking.hostName = "mail.dumpstack.io";
networking.firewall.allowedTCPPorts = [ 443 ];
environment.systemPackages = with pkgs; [
htop
];
mailserver = {
enable = true;
fqdn = "mail.dumpstack.io";
domains = [ "dumpstack.io" ];
loginAccounts = {
"root@dumpstack.io" = {
hashedPassword = "${secrets.mailHashedPassword}";
aliases = secrets.aliases;
catchAll = [ "dumpstack.io" ];
};
};
certificateScheme = 3; # Let's Encrypt
enableImapSsl = true;
rebootAfterKernelUpgrade.enable = true;
};
time.timeZone = "UTC";
services.openssh.enable = true;
system.autoUpgrade.enable = true;
system.stateVersion = "19.03";
nix = {
optimise.automatic = true;
gc = {
automatic = true;
options = "--delete-older-than 7d";
};
};
}