nixos-config/config/services/postfixadmin.nix

42 lines
1.2 KiB
Nix
Raw Normal View History

2022-01-22 14:29:32 +00:00
{ pkgs, ... }: {
2022-01-20 08:57:32 +00:00
services.postfixadmin = {
enable = true;
adminEmail = "lotte@chir.rs";
database = {
dbname = "postfix";
host = "localhost";
passwordFile = "/run/secrets/services/postfixadmin/dbpassword";
username = "postfixadmin";
};
hostName = "mail.chir.rs";
setupPasswordFile = "/run/secrets/services/postfixadmin/setupPassword";
2022-01-22 14:29:32 +00:00
extraConfig = ''
$CONF['encrypt'] = 'dovecot:argon2id';
$CONF['dovecotpw'] = '${pkgs.dovecot}/bin/doveadm pw';
'';
2022-01-20 08:57:32 +00:00
};
sops.secrets."services/postfixadmin/dbpassword" = {
2022-01-20 09:24:06 +00:00
owner = "postfixadmin";
2022-01-20 08:57:32 +00:00
};
sops.secrets."services/postfixadmin/setupPassword" = {
2022-01-20 09:24:06 +00:00
owner = "postfixadmin";
2022-01-20 08:57:32 +00:00
};
services.postgresql.ensureDatabases = [ "postfix" ];
services.postgresql.ensureUsers = [
{
name = "postfixadmin";
ensurePermissions = {
"DATABASE \"postfix\"" = "ALL PRIVILEGES";
};
}
];
services.nginx.virtualHosts."mail.chir.rs" = {
forceSSL = true;
http2 = true;
listenAddresses = [ "0.0.0.0" "[::]" ];
sslCertificate = "/var/lib/acme/chir.rs/cert.pem";
sslCertificateKey = "/var/lib/acme/chir.rs/key.pem";
};
2022-01-20 09:18:07 +00:00
services.phpfpm.pools.postfixadmin.settings."listen.group" = "acme"; # there is no nginx group
2022-01-20 08:57:32 +00:00
}