self-hosting/modules/mailserver.nix

{ config, lib, pkgs, ... }:
{

  sops.secrets = {
    paultrialPassword = {
      key = "email/accounts_passwords/paultrial";
    };
    eliosPassword = {
      key = "email/accounts_passwords/elios";
    };
    mariePassword = {
      key = "email/accounts_passwords/marie";
    };
    alicePassword = {
      key = "email/accounts_passwords/alice";
    };
    monitPassword = {
      key = "email/accounts_passwords/monit";
    };
  };

  mailserver = {
    enable = true;
    fqdn = "mail.banditlair.com";
    domains = [ "banditlair.com" "froidmont.org" "falbo.fr" ];
    mailDirectory = "/nix/var/data/vmail";
    lmtpSaveToDetailMailbox = "no";
    loginAccounts = {
      "paultrial@banditlair.com" = {
        # nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2 > /hashed/password/file/location
        hashedPasswordFile = config.sops.secrets.paultrialPassword.path;
        aliases = [
          "contact@froidmont.org"
          "account@banditlair.com"
        ];
      };
      "marie-alice@froidmont.org" = {
        hashedPasswordFile = config.sops.secrets.mariePassword.path;
        aliases = [
          "osteopathie@froidmont.org"
          "communication@froidmont.org"
          "crelan.communication@froidmont.org"
          "kerger.communication@froidmont.org"
          "3arcs.communication@froidmont.org"
          "7days.communication@froidmont.org"
          "ulb.communication@froidmont.org"
          "baijot.communication@froidmont.org"
          "alltrails.communication@froidmont.org"
          "alltricks.communication@froidmont.org"
          "amazon.communication@froidmont.org"
          "athletv.communication@froidmont.org"
          "bebecenter.communication@froidmont.org"
          "canyon.communication@froidmont.org"
          "cbc.communication@froidmont.org"
          "coursulb.communication@froidmont.org"
          "decathlon.communication@froidmont.org"
          "degiro.communication@froidmont.org"
          "delogne.communication@froidmont.org"
          "diagnosteo.communication@froidmont.org"
          "haptis.communication@froidmont.org"
          "fortis.communication@froidmont.org"
          "fox.communication@froidmont.org"
          "vandenborre.communication@froidmont.org"
          "swissquote.communication@froidmont.org"
          "belso.communication@froidmont.org"
          "hibike.communication@froidmont.org"
          "giromedical.communication@froidmont.org"
          "gymna.communication@froidmont.org"
          "hotmail.communication@froidmont.org"
          "hubo.communication@froidmont.org"
          "infopixel.communication@froidmont.org"
          "jysk.communication@froidmont.org"
          "kerger.communication@froidmont.org"
          "ldlc.communication@froidmont.org"
          "location.communication@froidmont.org"
          "mainslibres.communication@froidmont.org"
          "vistaprint.communication@froidmont.org"
          "solidaris.communication@froidmont.org"
          "coulon.communication@froidmont.org"
          "vlan.communication@froidmont.org"
          "hotel.communication@froidmont.org"
          "medipost.communication@froidmont.org"
          "proximus.communication@froidmont.org"
          "marie.communication@froidmont.org"
          "tuxedo.communication@froidmont.org"
          "corine.wallaux.communication@froidmont.org"
          "maziers.communication@froidmont.org"
          "miliboo.communication@froidmont.org"
          "nike.communication@froidmont.org"
          "partena.communication@froidmont.org"
          "payconiq.communication@froidmont.org"
          "plumart.communication@froidmont.org"
          "probikeshop.communication@froidmont.org"
          "ring.communication@froidmont.org"
          "teams.communication@froidmont.org"
          "trail.communication@froidmont.org"
          "wikiloc.communication@froidmont.org"
          "udemy.communication@froidmont.org"
        ];
      };
      "alice@froidmont.org" = {
        hashedPasswordFile = config.sops.secrets.alicePassword.path;
      };
      "elios@banditlair.com" = {
        hashedPasswordFile = config.sops.secrets.eliosPassword.path;
        aliases = [
          "webshit@banditlair.com"
          "outlook-pascal@banditlair.com"
          "nexusmods.webshit@banditlair.com"
          "pizza.webshit@banditlair.com"
          "fnac.webshit@banditlair.com"
          "paypal.webshit@banditlair.com"
          "zooplus.webshit@banditlair.com"
          "event.webshit@banditlair.com"
          "reservation.webshit@banditlair.com"
          "netflix.webshit@banditlair.com"
          "jvc.webshit@banditlair.com"
          "kickstarter.webshit@banditlair.com"
          "vpn.webshit@banditlair.com"
          "VOO.WEBSHIT@banditlair.com"
          "proximus.webshit@banditlair.com"
          "post.webshit@banditlair.com"
          "ikea.webshit@banditlair.com"
          "microsoft.webshit@banditlair.com"
          "zerotier.webshit@banditlair.com"
          "athome.webshit@banditlair.com"
          "nordvpn.webshit@banditlair.com"
          "sncf.webshit@banditlair.com"
          "paradox.webshit@banditlair.com"
          "oracle.webshit@banditlair.com"
          "kinepolis.webshit@banditlair.com"
          "leboncoin.webshit@banditlair.com"
          "wondercraft.webshit@banditlair.com"
          "petitvapoteur.webshit@banditlair.com"
          "ryanair.webshit@banditlair.com"
          "europapark.webshit@banditlair.com"
          "Tricount.webshit@banditlair.com"
          "huawei.webshit@banditlair.com"
          "facebook.webshit@banditlair.com"
          "roll20.webshit@banditlair.com"
          "drivethrurpg.webshit@banditlair.com"
          "chrono24.webshit@banditlair.com"
          "emby.webshit@banditlair.com"
          "amazon.webshit@banditlair.com"
          "steam.webshit@banditlair.com"
          "tinder.webshit@banditlair.com"
        ];
      };
      "monit@banditlair.com" = {
        hashedPasswordFile = config.sops.secrets.monitPassword.path;
        sendOnly = true;
      };
    };
    extraVirtualAliases = {
      "info@banditlair.com" = "paultrial@banditlair.com";
      "postmaster@banditlair.com" = "paultrial@banditlair.com";
      "abuse@banditlair.com" = "paultrial@banditlair.com";

      "info@froidmont.org" = "paultrial@banditlair.com";
      "postmaster@froidmont.org" = "paultrial@banditlair.com";
      "abuse@froidmont.org" = "paultrial@banditlair.com";

      "info@falbo.fr" = "paultrial@banditlair.com";
      "postmaster@falbo.fr" = "paultrial@banditlair.com";
      "abuse@falbo.fr" = "paultrial@banditlair.com";

      #Catch all
      "@banditlair.com" = "paultrial@banditlair.com";
      "@froidmont.org" = "paultrial@banditlair.com";
      "@falbo.fr" = "elios@banditlair.com";
    };


    certificateScheme = 3;
  };

}
Start migration to NixOS for storage1 2021-11-29 02:04:29 +01:00			`{ config, lib, pkgs, ... }:`
			`{`

			`sops.secrets = {`
			`paultrialPassword = {`
			`key = "email/accounts_passwords/paultrial";`
			`};`
Migrate emails 2021-12-26 19:42:23 +01:00			`eliosPassword = {`
			`key = "email/accounts_passwords/elios";`
			`};`
			`mariePassword = {`
			`key = "email/accounts_passwords/marie";`
			`};`
			`alicePassword = {`
			`key = "email/accounts_passwords/alice";`
			`};`
			`monitPassword = {`
			`key = "email/accounts_passwords/monit";`
			`};`
Start migration to NixOS for storage1 2021-11-29 02:04:29 +01:00			`};`

			`mailserver = {`
			`enable = true;`
Migrate emails 2021-12-26 19:42:23 +01:00			`fqdn = "mail.banditlair.com";`
Start migration to NixOS for storage1 2021-11-29 02:04:29 +01:00			`domains = [ "banditlair.com" "froidmont.org" "falbo.fr" ];`
Migrate emails 2021-12-26 19:42:23 +01:00			`mailDirectory = "/nix/var/data/vmail";`
			`lmtpSaveToDetailMailbox = "no";`
Start migration to NixOS for storage1 2021-11-29 02:04:29 +01:00			`loginAccounts = {`
			`"paultrial@banditlair.com" = {`
			`# nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "super secret password" \| cut -d: -f2 > /hashed/password/file/location`
			`hashedPasswordFile = config.sops.secrets.paultrialPassword.path;`
Migrate emails 2021-12-26 19:42:23 +01:00			`aliases = [`
			`"contact@froidmont.org"`
			`"account@banditlair.com"`
			`];`
			`};`
			`"marie-alice@froidmont.org" = {`
			`hashedPasswordFile = config.sops.secrets.mariePassword.path;`
			`aliases = [`
			`"osteopathie@froidmont.org"`
			`"communication@froidmont.org"`
			`"crelan.communication@froidmont.org"`
			`"kerger.communication@froidmont.org"`
			`"3arcs.communication@froidmont.org"`
			`"7days.communication@froidmont.org"`
			`"ulb.communication@froidmont.org"`
			`"baijot.communication@froidmont.org"`
			`"alltrails.communication@froidmont.org"`
			`"alltricks.communication@froidmont.org"`
			`"amazon.communication@froidmont.org"`
			`"athletv.communication@froidmont.org"`
			`"bebecenter.communication@froidmont.org"`
			`"canyon.communication@froidmont.org"`
			`"cbc.communication@froidmont.org"`
			`"coursulb.communication@froidmont.org"`
			`"decathlon.communication@froidmont.org"`
			`"degiro.communication@froidmont.org"`
			`"delogne.communication@froidmont.org"`
			`"diagnosteo.communication@froidmont.org"`
			`"haptis.communication@froidmont.org"`
			`"fortis.communication@froidmont.org"`
			`"fox.communication@froidmont.org"`
			`"vandenborre.communication@froidmont.org"`
			`"swissquote.communication@froidmont.org"`
			`"belso.communication@froidmont.org"`
			`"hibike.communication@froidmont.org"`
			`"giromedical.communication@froidmont.org"`
			`"gymna.communication@froidmont.org"`
			`"hotmail.communication@froidmont.org"`
			`"hubo.communication@froidmont.org"`
			`"infopixel.communication@froidmont.org"`
			`"jysk.communication@froidmont.org"`
			`"kerger.communication@froidmont.org"`
			`"ldlc.communication@froidmont.org"`
			`"location.communication@froidmont.org"`
			`"mainslibres.communication@froidmont.org"`
			`"vistaprint.communication@froidmont.org"`
			`"solidaris.communication@froidmont.org"`
			`"coulon.communication@froidmont.org"`
			`"vlan.communication@froidmont.org"`
			`"hotel.communication@froidmont.org"`
			`"medipost.communication@froidmont.org"`
			`"proximus.communication@froidmont.org"`
			`"marie.communication@froidmont.org"`
			`"tuxedo.communication@froidmont.org"`
			`"corine.wallaux.communication@froidmont.org"`
			`"maziers.communication@froidmont.org"`
			`"miliboo.communication@froidmont.org"`
			`"nike.communication@froidmont.org"`
			`"partena.communication@froidmont.org"`
			`"payconiq.communication@froidmont.org"`
			`"plumart.communication@froidmont.org"`
			`"probikeshop.communication@froidmont.org"`
			`"ring.communication@froidmont.org"`
			`"teams.communication@froidmont.org"`
			`"trail.communication@froidmont.org"`
			`"wikiloc.communication@froidmont.org"`
			`"udemy.communication@froidmont.org"`
			`];`
			`};`
			`"alice@froidmont.org" = {`
			`hashedPasswordFile = config.sops.secrets.alicePassword.path;`
			`};`
			`"elios@banditlair.com" = {`
			`hashedPasswordFile = config.sops.secrets.eliosPassword.path;`
			`aliases = [`
			`"webshit@banditlair.com"`
Migrate Nextcloud data 2021-12-26 23:01:12 +01:00			`"outlook-pascal@banditlair.com"`
Migrate emails 2021-12-26 19:42:23 +01:00			`"nexusmods.webshit@banditlair.com"`
			`"pizza.webshit@banditlair.com"`
			`"fnac.webshit@banditlair.com"`
			`"paypal.webshit@banditlair.com"`
			`"zooplus.webshit@banditlair.com"`
			`"event.webshit@banditlair.com"`
			`"reservation.webshit@banditlair.com"`
			`"netflix.webshit@banditlair.com"`
			`"jvc.webshit@banditlair.com"`
			`"kickstarter.webshit@banditlair.com"`
			`"vpn.webshit@banditlair.com"`
			`"VOO.WEBSHIT@banditlair.com"`
			`"proximus.webshit@banditlair.com"`
			`"post.webshit@banditlair.com"`
			`"ikea.webshit@banditlair.com"`
			`"microsoft.webshit@banditlair.com"`
			`"zerotier.webshit@banditlair.com"`
			`"athome.webshit@banditlair.com"`
			`"nordvpn.webshit@banditlair.com"`
			`"sncf.webshit@banditlair.com"`
			`"paradox.webshit@banditlair.com"`
			`"oracle.webshit@banditlair.com"`
			`"kinepolis.webshit@banditlair.com"`
			`"leboncoin.webshit@banditlair.com"`
			`"wondercraft.webshit@banditlair.com"`
			`"petitvapoteur.webshit@banditlair.com"`
			`"ryanair.webshit@banditlair.com"`
			`"europapark.webshit@banditlair.com"`
			`"Tricount.webshit@banditlair.com"`
			`"huawei.webshit@banditlair.com"`
			`"facebook.webshit@banditlair.com"`
			`"roll20.webshit@banditlair.com"`
			`"drivethrurpg.webshit@banditlair.com"`
			`"chrono24.webshit@banditlair.com"`
			`"emby.webshit@banditlair.com"`
			`"amazon.webshit@banditlair.com"`
			`"steam.webshit@banditlair.com"`
			`"tinder.webshit@banditlair.com"`
			`];`
			`};`
			`"monit@banditlair.com" = {`
			`hashedPasswordFile = config.sops.secrets.monitPassword.path;`
			`sendOnly = true;`
Start migration to NixOS for storage1 2021-11-29 02:04:29 +01:00			`};`
			`};`
			`extraVirtualAliases = {`
			`"info@banditlair.com" = "paultrial@banditlair.com";`
			`"postmaster@banditlair.com" = "paultrial@banditlair.com";`
			`"abuse@banditlair.com" = "paultrial@banditlair.com";`

			`"info@froidmont.org" = "paultrial@banditlair.com";`
			`"postmaster@froidmont.org" = "paultrial@banditlair.com";`
			`"abuse@froidmont.org" = "paultrial@banditlair.com";`

			`"info@falbo.fr" = "paultrial@banditlair.com";`
			`"postmaster@falbo.fr" = "paultrial@banditlair.com";`
			`"abuse@falbo.fr" = "paultrial@banditlair.com";`
Migrate emails 2021-12-26 19:42:23 +01:00
			`#Catch all`
			`"@banditlair.com" = "paultrial@banditlair.com";`
			`"@froidmont.org" = "paultrial@banditlair.com";`
			`"@falbo.fr" = "elios@banditlair.com";`
Start migration to NixOS for storage1 2021-11-29 02:04:29 +01:00			`};`


Use letsencrypt certificate for mail server 2021-12-07 00:44:36 +01:00			`certificateScheme = 3;`
Start migration to NixOS for storage1 2021-11-29 02:04:29 +01:00			`};`

			`}`