mirror of
https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git
synced 2025-12-25 12:20:52 +01:00
ff9b046f0f
By passing no method to mkpasswd we make it select the strongest cipher that libxcrypt recommends. Replaces the example hashes with yescrypt hashes, which is the current default.
46 lines
1.4 KiB
Nix
46 lines
1.4 KiB
Nix
{
|
|
config,
|
|
...
|
|
}:
|
|
{
|
|
imports = [
|
|
(builtins.fetchTarball {
|
|
# Pick a release version you are interested in and set its hash, e.g.
|
|
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-25.11/nixos-mailserver-nixos-25.11.tar.gz";
|
|
# To get the sha256 of the nixos-mailserver tarball, we can use the nix-prefetch-url command:
|
|
# release="nixos-25.11"; nix-prefetch-url "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${release}/nixos-mailserver-${release}.tar.gz" --unpack
|
|
sha256 = "0000000000000000000000000000000000000000000000000000";
|
|
})
|
|
];
|
|
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults.email = "security@example.com";
|
|
certs.${config.mailserver.fqdn} = {
|
|
# Further setup required, check the manual:
|
|
# https://nixos.org/manual/nixos/stable/#module-security-acme
|
|
};
|
|
};
|
|
|
|
mailserver = {
|
|
enable = true;
|
|
stateVersion = 3;
|
|
fqdn = "mail.example.com";
|
|
domains = [ "example.com" ];
|
|
|
|
# reference an existing ACME configuration
|
|
x509.useACMEHost = config.mailserver.fqdn;
|
|
|
|
# A list of all login accounts. To create the password hashes, use
|
|
# nix-shell -p mkpasswd --run 'mkpasswd -s'
|
|
loginAccounts = {
|
|
"user1@example.com" = {
|
|
hashedPasswordFile = "/a/file/containing/a/hashed/password";
|
|
aliases = [ "postmaster@example.com" ];
|
|
};
|
|
"user2@example.com" = {
|
|
# ...
|
|
};
|
|
};
|
|
};
|
|
}
|