From 4ffe27615e95a410e5f5a6e814c2c68267082d46 Mon Sep 17 00:00:00 2001
From: Danilo Reyes <CaptainJawZ@outlook.com>
Date: Sun, 17 Dec 2023 15:17:32 -0600
Subject: [PATCH] wip: setting up a mailserver

---
 dotfiles/secrets/mailserver |  1 +
 server/configuration.org    |  1 +
 server/mail.nix             | 37 +++++++++++++++++++++++++++++++++++++
 3 files changed, 39 insertions(+)
 create mode 100644 dotfiles/secrets/mailserver
 create mode 100644 server/mail.nix

diff --git a/dotfiles/secrets/mailserver b/dotfiles/secrets/mailserver
new file mode 100644
index 0000000..2a2b8ea
--- /dev/null
+++ b/dotfiles/secrets/mailserver
@@ -0,0 +1 @@
+b/run/current-system/sw/bin/bash5/BpvLE.0dXQuzNskhAD94U6zFCFvfhzqWJEiBi
diff --git a/server/configuration.org b/server/configuration.org
index 6f76992..5976a6a 100644
--- a/server/configuration.org
+++ b/server/configuration.org
@@ -62,6 +62,7 @@ passwords and other secrets.
 imports = [
   ./fstab.nix
   ./servers.nix
+  # ./mail.nix
   # ./openldap.nix
   # <agenix/modules/age.nix>
   (import "${home-manager}/nixos")
diff --git a/server/mail.nix b/server/mail.nix
new file mode 100644
index 0000000..e6eee91
--- /dev/null
+++ b/server/mail.nix
@@ -0,0 +1,37 @@
+{ config, pkgs, ... }:
+let
+  version = "23.05";
+  domain = "danilo-reyes.com";
+in {
+  imports = [
+    (builtins.fetchTarball {
+      # Pick a release version you are interested in and set its hash, e.g.
+      url =
+        "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-${version}/nixos-mailserver-nixos-${version}.tar.gz";
+      # To get the sha256 of the nixos-mailserver tarball, we can use the nix-prefetch-url command:
+      # release="nixos-23.05"; nix-prefetch-url "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${release}/nixos-mailserver-${release}.tar.gz" --unpack
+      sha256 = "1ngil2shzkf61qxiqw11awyl81cr7ks2kv3r3k243zz7v2xakm5c";
+    })
+  ];
+
+  mailserver = {
+    enable = true;
+    fqdn = "mail.${domain}";
+    domains = [ domain ];
+
+    # A list of all login accounts. To create the password hashes, use
+    # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
+    loginAccounts = {
+      "contact@${domain}" = {
+        hashedPasswordFile = ../dotfiles/secrets/mailserver;
+        aliases = [ "jawz@${domain}" ];
+      };
+    };
+
+    # Use Let's Encrypt certificates. Note that this needs to set up a stripped
+    # down nginx and opens port 80.
+    certificateScheme = "acme-nginx";
+  };
+  security.acme.acceptTerms = true;
+  security.acme.defaults.email = "contact@${domain}";
+}