Move emails to hel1

2025-12-25 05:36:59 +01:00 · 2024-12-18 06:01:30 +01:00 · 2024-12-18 06:01:30 +01:00 · 7c1f95f11b
commit 7c1f95f11b
parent 0cc7619ee0
4 changed files with 104 additions and 165 deletions
--- a/profiles/hel.nix
+++ b/profiles/hel.nix
@ -18,6 +18,27 @@
    dmarcExporterPassword = {
      key = "dmarc_exporter/password";
    };
+    paultrialPassword = {
+      key = "email/accounts_passwords/paultrial";
+    };
+    eliosPassword = {
+      key = "email/accounts_passwords/elios";
+    };
+    mariePassword = {
+      key = "email/accounts_passwords/marie";
+    };
+    alicePassword = {
+      key = "email/accounts_passwords/alice";
+    };
+    monitPassword = {
+      key = "email/accounts_passwords/monit";
+    };
+    noreplyBanditlairPassword = {
+      key = "email/accounts_passwords/noreply_banditlair";
+    };
+    noreplyFroidmontPassword = {
+      key = "email/accounts_passwords/noreply_froidmont";
+    };
  };

  time.timeZone = "Europe/Amsterdam";
@ -211,6 +232,9 @@
      repoName = "bl";
      additionalPaths = [
        "/var/lib/acme"
+        "/var/vmail"
+        "/var/dkim"
+        "/var/sieve"
        "/var/lib/nextcloud"
      ];
      patterns = [
@ -388,4 +412,79 @@
    gid = 991;
  };

+  mailserver = {
+    enable = true;
+    fqdn = "mail.banditlair.com";
+    domains = [
+      "banditlair.com"
+      "froidmont.org"
+      "falbo.fr"
+    ];
+    localDnsResolver = false;
+    enableManageSieve = true;
+    lmtpSaveToDetailMailbox = "no";
+    policydSPFExtraConfig = ''
+      Domain_Whitelist = skynet.be
+    '';
+    loginAccounts = {
+      "paultrial@banditlair.com" = {
+        # nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2 > /hashed/password/file/location
+        hashedPasswordFile = config.sops.secrets.paultrialPassword.path;
+        aliases = [
+          "contact@froidmont.org"
+          "account@banditlair.com"
+        ];
+      };
+      "marie-alice@froidmont.org" = {
+        hashedPasswordFile = config.sops.secrets.mariePassword.path;
+        aliases = [
+          "osteopathie@froidmont.org"
+          "communication@froidmont.org"
+        ];
+      };
+      "alice@froidmont.org" = {
+        hashedPasswordFile = config.sops.secrets.alicePassword.path;
+      };
+      "elios@banditlair.com" = {
+        hashedPasswordFile = config.sops.secrets.eliosPassword.path;
+        aliases = [
+          "webshit@banditlair.com"
+          "outlook-pascal@banditlair.com"
+        ];
+      };
+      "monit@banditlair.com" = {
+        hashedPasswordFile = config.sops.secrets.monitPassword.path;
+        sendOnly = true;
+      };
+      "noreply@banditlair.com" = {
+        hashedPasswordFile = config.sops.secrets.noreplyBanditlairPassword.path;
+        sendOnly = true;
+      };
+      "noreply@froidmont.org" = {
+        hashedPasswordFile = config.sops.secrets.noreplyFroidmontPassword.path;
+        sendOnly = true;
+      };
+    };
+    extraVirtualAliases = {
+      "info@banditlair.com" = "paultrial@banditlair.com";
+      "postmaster@banditlair.com" = "paultrial@banditlair.com";
+      "abuse@banditlair.com" = "paultrial@banditlair.com";
+
+      "info@froidmont.org" = "paultrial@banditlair.com";
+      "postmaster@froidmont.org" = "paultrial@banditlair.com";
+      "abuse@froidmont.org" = "paultrial@banditlair.com";
+
+      "info@falbo.fr" = "paultrial@banditlair.com";
+      "postmaster@falbo.fr" = "paultrial@banditlair.com";
+      "abuse@falbo.fr" = "paultrial@banditlair.com";
+
+      #Catch all
+      "@banditlair.com" = "paultrial@banditlair.com";
+      "@froidmont.org" = "paultrial@banditlair.com";
+      "@falbo.fr" = "elios@banditlair.com";
+    };
+
+    certificateScheme = "acme-nginx";
+  };
+
 }