initial commit

2025-11-09 23:51:40 -05:00 · 2025-11-09 23:51:40 -05:00 · 4014d5e658
commit 4014d5e658
30 changed files with 911 additions and 0 deletions
--- a/hosts/crayon/mailserver.nix
+++ b/hosts/crayon/mailserver.nix
@ -0,0 +1,41 @@
+{ config, ... }:
+{
+  # this should really be imported through a flake but I couldn't get that
+  # working :(
+  imports = [
+    (builtins.fetchTarball {
+      url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-25.05/nixos-mailserver-nixos-25.05.tar.gz";
+      sha256 = "1qn5fg0h62r82q7xw54ib9wcpflakix2db2mahbicx540562la1y";
+    })
+  ];
+
+  mailserver = {
+    enable = true;
+    fqdn = "mail.zacharyscheiman.com";
+    domains = [ "zacharyscheiman.com" "squi.bid" ];
+    messageSizeLimit = 2500000000; # 2.5GB
+
+    loginAccounts = {
+      "me@zacharyscheiman.com" = {
+        hashedPasswordFile = config.sops.secrets."mail/me".path;
+        aliases = [
+          "zach@zacharyscheiman.com"
+          "zack@zacharyscheiman.com"
+          "zachary@zacharyscheiman.com"
+
+          # required aliases
+          "postmaster@zacharyscheiman.com"
+          "abuse@zacharyscheiman.com"
+          "security@zacharyscheiman.com"
+        ];
+      };
+    };
+
+    # Use Let's Encrypt certificates. Note that this needs to set up a stripped
+    # down nginx and opens port 80.
+    certificateScheme = "acme-nginx";
+  };
+
+  security.acme.acceptTerms = true;
+  security.acme.defaults.email = "security@zacharyscheiman.com";
+}