mirror of
https://github.com/oddlama/nix-config.git
synced 2025-10-11 07:10:39 +02:00
feat: add other mail domains, autogenerate argon hashes
This commit is contained in:
parent
a128dd5f40
commit
76163bad98
51 changed files with 284 additions and 51 deletions
|
@ -4,26 +4,47 @@
|
|||
lib,
|
||||
...
|
||||
}: let
|
||||
mailDomains = globals.domains.mail;
|
||||
primaryDomain = mailDomains.primary;
|
||||
primaryDomain = globals.mail.primary;
|
||||
idmailDomain = "alias.${primaryDomain}";
|
||||
in {
|
||||
# Not needed, we store stuff in stalwart's directory
|
||||
#environment.persistence."/persist".directories = [
|
||||
# {
|
||||
# directory = "/var/lib/idmail";
|
||||
# user = "idmail";
|
||||
# group = "idmail";
|
||||
# mode = "0700";
|
||||
# }
|
||||
#];
|
||||
|
||||
age.secrets.idmail-admin-hash = {
|
||||
rekeyFile = ./secrets/idmail-admin-hash.age;
|
||||
mkRandomSecret = {
|
||||
generator.script = "alnum";
|
||||
mode = "000";
|
||||
};
|
||||
|
||||
mkArgon2id = secret: {
|
||||
generator.dependencies = [config.age.secrets.${secret}];
|
||||
generator.script = "argon2id";
|
||||
mode = "440";
|
||||
group = "stalwart-mail";
|
||||
};
|
||||
|
||||
shortHash = x: lib.substring 0 16 (builtins.hashString "sha256" "${globals.salt}:${x}");
|
||||
in {
|
||||
environment.persistence."/persist".directories = [
|
||||
{
|
||||
directory = "/var/lib/idmail";
|
||||
user = "idmail";
|
||||
group = "idmail";
|
||||
mode = "0700";
|
||||
}
|
||||
];
|
||||
|
||||
age.secrets = lib.mergeAttrsList (
|
||||
[
|
||||
{
|
||||
idmail-user-pw_admin = mkRandomSecret;
|
||||
idmail-user-hash_admin = mkArgon2id "idmail-user-pw_admin";
|
||||
}
|
||||
]
|
||||
++ lib.forEach (lib.attrNames globals.mail.domains) (
|
||||
domain: {
|
||||
"idmail-mailbox-pw_catch-all@${shortHash domain}" = mkRandomSecret;
|
||||
"idmail-mailbox-hash_catch-all@${shortHash domain}" = mkArgon2id "idmail-mailbox-pw_catch-all@${shortHash domain}";
|
||||
}
|
||||
)
|
||||
);
|
||||
|
||||
globals.services.idmail.domain = idmailDomain;
|
||||
globals.monitoring.http.idmail = {
|
||||
url = "https://${idmailDomain}";
|
||||
|
@ -31,6 +52,11 @@ in {
|
|||
network = "internet";
|
||||
};
|
||||
|
||||
#systemd.tmpfiles.settings."50-idmail"."${dataDir}".d = {
|
||||
# user = "idmail";
|
||||
# mode = "0750";
|
||||
#};
|
||||
|
||||
services.idmail = {
|
||||
enable = true;
|
||||
user = "stalwart-mail";
|
||||
|
@ -39,12 +65,20 @@ in {
|
|||
enable = true;
|
||||
users.admin = {
|
||||
admin = true;
|
||||
password_hash = "%{file:${config.age.secrets.idmail-admin-hash.path}}%";
|
||||
password_hash = "%{file:${config.age.secrets.idmail-user-hash_admin.path}}%";
|
||||
};
|
||||
domains = lib.genAttrs mailDomains.all (_: {
|
||||
domains = lib.flip lib.mapAttrs globals.mail.domains (domain: domainCfg: {
|
||||
owner = "admin";
|
||||
public = true;
|
||||
catch_all = "catch-all@${domain}";
|
||||
inherit (domainCfg) public;
|
||||
});
|
||||
mailboxes = lib.flip lib.mapAttrs' globals.mail.domains (
|
||||
domain: _domainCfg:
|
||||
lib.nameValuePair "catch-all@${domain}" {
|
||||
password_hash = "%{file:${config.age.secrets."idmail-mailbox-hash_catch-all@${shortHash domain}".path}}%";
|
||||
owner = "admin";
|
||||
}
|
||||
);
|
||||
};
|
||||
};
|
||||
systemd.services.idmail.serviceConfig.RestartSec = "60"; # Retry every minute
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue