bingen
/
ogc-nixos
Volgen 1
Ster 0
Vork 0
Code Kwesties 0 Pull-aanvragen 0 Publicaties 0 Wiki Activiteit
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
Branch: main
Branches Labels
${ item.name }
Maak branch ${ searchTerm }
van 'main'
${ noResults }
ogc-nixos/services/mail/flake.nix

85 lines
2.7KB
Ruw Permalink Blame Geschiedenis 

  1. {

  2.   description = "NixOS Mail server";

  3. 

  4.   inputs = {

  5.     nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";

  6.     # https://nixos-mailserver.readthedocs.io/en/latest/flakes.html

  7.     simple-nixos-mailserver = {

  8.       url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.11";

  9.       inputs.nixpkgs.follows = "nixpkgs";

  10.     };

  11.   };

  12. 

  13.   outputs = { self, nixpkgs, simple-nixos-mailserver, ... }: {

  14. 

  15.     nixosModules.mail = { config, lib, pkgs, ... }:

  16.       let

  17.         cfg = config.mail;

  18.         ldapOptions = let

  19.           inherit (config.services) openldap;

  20.         in {

  21.           name = "ldap";

  22.           security-protocol = "LDAPS";

  23.           host = "localhost";

  24.           port = "389";

  25.           bind-dn = "uid=${openldap.services.mail.uid},ou=services,dc=${openldap.organization},dc=${openldap.extension}";

  26.           bind-password = openldap.services.mail.passwordFile;

  27.           user-search-base = "ou=people,dc=${openldap.organization},dc=${openldap.extension}";

  28.           user-filter = "(&(objectclass=*)(|(uniqueIdentifier=%[1]s)(mail=%[1]s)))";

  29.           #admin-filter = "(isMemberOf=cn=mail-admins,ou=groups,${ldap.suffix})";

  30.           username-attribute = "uniqueIdentifier";

  31.           firstname-attribute = "givenName";

  32.           surname-attribute = "sn";

  33.           email-attribute = "mail";

  34.         };

  35. 

  36.       in

  37.       {

  38.         options.mail = {

  39.           enable = lib.mkOption {type = lib.types.bool;};

  40.           domain = lib.mkOption {type = lib.types.str;};

  41.           fqdn = lib.mkOption {type = lib.types.str;};

  42.         };

  43. 

  44.         config = lib.mkIf cfg.enable {

  45.           mailserver = {

  46.             enable = true;

  47.             stateVersion = 4;

  48.             fqdn = cfg.fqdn;

  49.             domains = [ cfg.domain ];

  50. 

  51.             # Reference the existing ACME configuration created by nginx

  52.             x509.useACMEHost = cfg.fqdn;

  53. 

  54.             # LDAP

  55.             # https://nixos-mailserver.readthedocs.io/en/latest/ldap.html

  56.             ldap = {

  57.               enable = true;

  58.               uris = [

  59.                 "ldaps://localhost:389"

  60.               ];

  61.               bind = {

  62.                 dn = ldapOptions.bind-dn;

  63.                 passwordFile = ldapOptions.bind-password;

  64.               };

  65.               base = ldapOptions.user-search-base;

  66.               scope = "one";

  67.             };

  68.           };

  69. 

  70.           # nginx virtual host

  71.           services.nginx.virtualHosts.${cfg.hostName} = {

  72.             enableACME = true;

  73.             acmeRoot = null;

  74.             addSSL = true;

  75.             # directs traffic to the appropriate port

  76.             locations."/" = {

  77.               proxyPass = "http://localhost:${cfg.port}";

  78.               proxyWebsockets = true;

  79.             };

  80.           };

  81.         };

  82.       };

  83.   };

  84. }