41 lines
1.2 KiB
Nix
41 lines
1.2 KiB
Nix
{ pkgs, ... }: {
|
|
services.postfixadmin = {
|
|
enable = true;
|
|
adminEmail = "lotte@chir.rs";
|
|
database = {
|
|
dbname = "postfix";
|
|
host = "localhost";
|
|
passwordFile = "/run/secrets/services/postfixadmin/dbpassword";
|
|
username = "postfixadmin";
|
|
};
|
|
hostName = "mail.chir.rs";
|
|
setupPasswordFile = "/run/secrets/services/postfixadmin/setupPassword";
|
|
extraConfig = ''
|
|
$CONF['encrypt'] = 'dovecot:ARGON2ID';
|
|
$CONF['dovecotpw'] = '${pkgs.dovecot}/bin/doveadm pw';
|
|
'';
|
|
};
|
|
sops.secrets."services/postfixadmin/dbpassword" = {
|
|
owner = "postfixadmin";
|
|
};
|
|
sops.secrets."services/postfixadmin/setupPassword" = {
|
|
owner = "postfixadmin";
|
|
};
|
|
services.postgresql.ensureDatabases = [ "postfix" ];
|
|
services.postgresql.ensureUsers = [
|
|
{
|
|
name = "postfixadmin";
|
|
ensurePermissions = {
|
|
"DATABASE \"postfix\"" = "ALL PRIVILEGES";
|
|
};
|
|
}
|
|
];
|
|
services.nginx.virtualHosts."mail.chir.rs" = {
|
|
forceSSL = true;
|
|
http2 = true;
|
|
listenAddresses = [ "0.0.0.0" "[::]" ];
|
|
sslCertificate = "/var/lib/acme/chir.rs/cert.pem";
|
|
sslCertificateKey = "/var/lib/acme/chir.rs/key.pem";
|
|
};
|
|
services.phpfpm.pools.postfixadmin.settings."listen.group" = "acme"; # there is no nginx group
|
|
}
|