43 lines
1,022 B
Nix
43 lines
1,022 B
Nix
args@{ config, pkgs, custom-utils, ... }:
|
|
|
|
let
|
|
ports = import ../ports.nix args;
|
|
in
|
|
{
|
|
sops.secrets.hetzner-api-key = {
|
|
sopsFile = ../secrets.yaml;
|
|
owner = "acme";
|
|
};
|
|
#sops.secrets."domain_key_jalr.de" = {
|
|
# sopsFile = ../secrets.yaml;
|
|
# owner = "rspamd";
|
|
#};
|
|
jalr = {
|
|
mailserver = {
|
|
enable = true;
|
|
fqdn = "hha.jalr.de";
|
|
relayPort = ports.postfix-relay.tcp;
|
|
domains = [
|
|
{
|
|
domain = "jalr.de";
|
|
enableDKIM = true;
|
|
}
|
|
{
|
|
domain = "fablab-nea.de";
|
|
enableDKIM = false;
|
|
}
|
|
];
|
|
users = import ../secrets/mail-users.nix;
|
|
messageSizeLimit = 50 * 1024 * 1024;
|
|
};
|
|
};
|
|
services.postfix.config = {
|
|
smtp_bind_address = "159.69.103.126";
|
|
smtp_bind_address_enforce = true;
|
|
};
|
|
|
|
security.acme.certs."hha.jalr.de" = {
|
|
dnsProvider = "hetzner";
|
|
credentialsFile = pkgs.writeText "certbotCredentialsFile" "HETZNER_API_KEY_FILE=${config.sops.secrets.hetzner-api-key.path}";
|
|
};
|
|
}
|