nixos-configuration/hosts/iron/services/mail.nix

{ config, pkgs, ... }:
{
  sops.secrets.hetzner-api-key = {
    sopsFile = ../secrets.yaml;
    owner = "acme";
  };
  #sops.secrets."domain_key_jalr.de" = {
  #  sopsFile = ../secrets.yaml;
  #  owner = "rspamd";
  #};
  jalr = {
    mailserver = {
      enable = true;
      fqdn = "hha.jalr.de";
      domains = [
        {
          domain = "jalr.de";
          enableDKIM = true;
        }
        {
          domain = "fablab-nea.de";
          enableDKIM = false;
        }
      ];
      users = import ../secrets/mail-users.nix;
      messageSizeLimit = 50 * 1024 * 1024;
    };
  };
  services.postfix.config = {
    smtp_bind_address = "159.69.103.126";
    smtp_bind_address_enforce = true;
  };

  security.acme.certs."hha.jalr.de" = {
    dnsProvider = "hetzner";
    credentialsFile = pkgs.writeText "certbotCredentialsFile" "HETZNER_API_KEY_FILE=${config.sops.secrets.hetzner-api-key.path}";
  };
}