diff options
| author | schererleander <leander@schererleander.de> | 2026-05-25 01:51:28 +0200 |
|---|---|---|
| committer | schererleander <leander@schererleander.de> | 2026-05-25 01:51:28 +0200 |
| commit | beaeaca2698063f68e3af552b1061bf5d2cd9797 (patch) | |
| tree | 994d19075986e3ec44ff49fd85fe99ab2ca9d041 | |
| parent | 574466d4b063df717cb1054c0dbd856331687911 (diff) | |
feat(mail): setup local postfix and rspamd for system notifications
| -rw-r--r-- | modules/hosts/sachiel/flake-parts.nix | 1 | ||||
| -rw-r--r-- | modules/services/mail.nix | 48 |
2 files changed, 49 insertions, 0 deletions
diff --git a/modules/hosts/sachiel/flake-parts.nix b/modules/hosts/sachiel/flake-parts.nix index d2ce465..b56221b 100644 --- a/modules/hosts/sachiel/flake-parts.nix +++ b/modules/hosts/sachiel/flake-parts.nix @@ -7,6 +7,7 @@ inputs.self.modules.nixos.openssh inputs.self.modules.nixos.nginx inputs.self.modules.nixos.nextcloud + inputs.self.modules.nixos.mail inputs.self.modules.nixos.site inputs.self.modules.nixos.git inputs.self.modules.nixos.cgit diff --git a/modules/services/mail.nix b/modules/services/mail.nix new file mode 100644 index 0000000..0df1909 --- /dev/null +++ b/modules/services/mail.nix @@ -0,0 +1,48 @@ +{ + flake.modules.nixos.mail = + { pkgs, ... }: + { + services.postfix = { + enable = true; + setSendmail = true; + settings.main = { + myhostname = "sachiel.schererleander.de"; + mydomain = "schererleander.de"; + myorigin = "$myhostname"; + mydestination = [ + "localhost" + ]; + mynetworks = [ + "127.0.0.0/8" + "[::1]/128" + ]; + inet_interfaces = "loopback-only"; + smtpd_banner = "$myhostname ESMTP"; + smtp_tls_security_level = "may"; + smtp_tls_loglevel = "1"; + smtp_helo_name = "$myhostname"; + + # Restricted entirely to system and service accounts + authorized_submit_users = "nextcloud, root"; + + smtpd_milters = "unix:/run/rspamd/worker-proxy.sock"; + non_smtpd_milters = "unix:/run/rspamd/worker-proxy.sock"; + milter_protocol = "6"; + milter_default_action = "accept"; + }; + }; + + services.rspamd = { + enable = true; + locals."dkim_signing.conf".text = '' + selector = "mail"; + path = "/var/lib/rspamd/dkim/mail.key"; + allow_username_mismatch = true; + use_domain = "header"; + sign_authenticated = true; + sign_local = true; + use_esld = false; + ''; + }; + }; +} |