2023-04-23 09:47:36 +03:00
|
|
|
{ config, pkgs, ... }:
|
2022-10-18 00:42:23 +03:00
|
|
|
|
2023-04-23 09:47:36 +03:00
|
|
|
let
|
|
|
|
cfg = config.mailserver;
|
|
|
|
|
|
|
|
certsDir = "/var/certs";
|
|
|
|
|
|
|
|
dumpTraefikMailCerts = pkgs.writeScript "dump-mail-certs" ''
|
|
|
|
#!/bin/sh
|
|
|
|
${pkgs.jq}/bin/jq -r '.le.Certificates[] | select(.domain.main=="${cfg.fqdn}") | .certificate' /var/lib/traefik/acme.json | base64 -d > ${cfg.certificateFile}
|
|
|
|
${pkgs.jq}/bin/jq -r '.le.Certificates[] | select(.domain.main=="${cfg.fqdn}") | .key' /var/lib/traefik/acme.json | base64 -d > ${cfg.keyFile}
|
|
|
|
'';
|
|
|
|
|
|
|
|
in
|
2022-10-18 00:42:23 +03:00
|
|
|
{
|
2022-10-19 19:17:37 +03:00
|
|
|
imports = [ ./mailserver-accounts.secret.nix ];
|
2022-10-18 00:42:23 +03:00
|
|
|
|
|
|
|
# See: https://nixos-mailserver.readthedocs.io/en/latest/options.html
|
|
|
|
mailserver = {
|
|
|
|
enable = true;
|
|
|
|
fqdn = "mail.pleshevski.ru";
|
|
|
|
domains = [ "pleshevski.ru" ];
|
|
|
|
|
2023-04-23 09:47:36 +03:00
|
|
|
# We use traefik to generate certificates
|
|
|
|
certificateScheme = 1;
|
|
|
|
certificateFile = "${certsDir}/cert-${cfg.fqdn}.pem";
|
|
|
|
keyFile = "${certsDir}/key-${cfg.fqdn}.pem";
|
2022-10-18 00:42:23 +03:00
|
|
|
|
|
|
|
hierarchySeparator = "/";
|
|
|
|
};
|
2023-03-04 23:22:03 +03:00
|
|
|
|
2023-04-23 09:47:36 +03:00
|
|
|
services.traefik.dynamicConfigOptions.http = {
|
|
|
|
routers.mailserver_acme = {
|
|
|
|
rule = "Host(`${cfg.fqdn}`)";
|
|
|
|
entryPoints = [ "http" ];
|
|
|
|
tls = {
|
|
|
|
certResolver = "le";
|
|
|
|
domains = [
|
|
|
|
{
|
|
|
|
main = cfg.fqdn;
|
|
|
|
sans = cfg.domains;
|
|
|
|
}
|
|
|
|
];
|
|
|
|
};
|
|
|
|
service = "noop@internal";
|
|
|
|
};
|
2023-03-04 23:22:03 +03:00
|
|
|
};
|
2023-04-23 09:47:36 +03:00
|
|
|
|
|
|
|
systemd = {
|
|
|
|
services.dump-traefik-mail-cert = {
|
|
|
|
unitConfig = {
|
|
|
|
Description = "Restart mail cert service";
|
|
|
|
After = [ "network.target" ];
|
|
|
|
};
|
|
|
|
|
|
|
|
serviceConfig = {
|
|
|
|
Type = "oneshot";
|
|
|
|
ExecStart = "${dumpTraefikMailCerts}";
|
|
|
|
};
|
|
|
|
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
paths.dump-traefik-mail-cert = {
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
pathConfig.PathChanged = "/var/lib/traefik/acme.json";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
|
2022-10-18 00:42:23 +03:00
|
|
|
}
|