forked from Fachschaft/nixConfig
68 lines
1.8 KiB
Nix
68 lines
1.8 KiB
Nix
|
# Adapted and simplified from https://nixos.wiki/wiki/Mailman
|
||
|
{
|
||
|
config,
|
||
|
lib,
|
||
|
...
|
||
|
}: let
|
||
|
inherit
|
||
|
(lib)
|
||
|
mkIf
|
||
|
mkEnableOption
|
||
|
mkOption
|
||
|
;
|
||
|
inherit (lib.types) nonEmptyStr;
|
||
|
cfg = config.services.mathebau-mailman;
|
||
|
in {
|
||
|
options.services.mathebau-mailman = {
|
||
|
enable = mkEnableOption "mathebau mailman service";
|
||
|
hostName = mkOption {
|
||
|
type = nonEmptyStr;
|
||
|
};
|
||
|
siteOwner = mkOption {
|
||
|
type = nonEmptyStr;
|
||
|
};
|
||
|
};
|
||
|
|
||
|
config = mkIf cfg.enable {
|
||
|
services = {
|
||
|
postfix = {
|
||
|
enable = true;
|
||
|
relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"];
|
||
|
sslCert = config.security.acme.certs.${cfg.hostName}.directory + "/full.pem";
|
||
|
sslKey = config.security.acme.certs.${cfg.hostName}.directory + "/key.pem";
|
||
|
config = {
|
||
|
transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
|
||
|
local_recipient_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
|
||
|
proxy_interfaces = "130.83.2.184";
|
||
|
smtputf8_enable = "no"; # HRZ does not know SMTPUTF8
|
||
|
};
|
||
|
relayHost = "mailout.hrz.tu-darmstadt.de"; # Relay to HRZ
|
||
|
};
|
||
|
mailman = {
|
||
|
enable = true;
|
||
|
inherit (cfg) siteOwner;
|
||
|
hyperkitty.enable = true;
|
||
|
webHosts = [cfg.hostName];
|
||
|
serve.enable = true; #
|
||
|
};
|
||
|
nginx.virtualHosts.${cfg.hostName} = {
|
||
|
enableACME = true;
|
||
|
forceSSL = false;
|
||
|
};
|
||
|
};
|
||
|
|
||
|
environment.persistence.${config.impermanence.name} = {
|
||
|
directories = [
|
||
|
"/var/lib/acme" # Persist TLS keys and account
|
||
|
"/var/lib/mailman"
|
||
|
"/var/lib/mailman-web"
|
||
|
];
|
||
|
};
|
||
|
|
||
|
security.acme.defaults.email = cfg.siteOwner;
|
||
|
security.acme.acceptTerms = true;
|
||
|
|
||
|
networking.firewall.allowedTCPPorts = [25 80 443];
|
||
|
};
|
||
|
}
|