maxwell/email.nix

{ config, ... }:

{
  imports = [
    (builtins.fetchTarball {
      url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-20.09/nixos-mailserver-nixos-20.09.tar.gz";
      sha256 = "0vsvgxxg5cgmzwj98171j7h5l028f1yq784alb3lxgbk8znfk51y";
    })
  ];

  security.acme = {
    email = "rnhmjoj@inventati.org";
    acceptTerms = true;
  };

  mailserver = {
    enable = true;
    fqdn = "mail.eurofusion.eu";
    domains = [ "eurofusion.eu" ];

    loginAccounts = config.secrets.emailAccounts;

    extraVirtualAliases = {
      "abuse@eurofusion.eu" = "rnhmjoj@eurofusion.eu";
    };

    # Use Let's Encrypt certificate
    certificateScheme = 3;

    # There is one already (pdns-recursor)
    localDnsResolver = false;

    # Enable IMAP, SMTP
    enableImapSsl = true;
    enableSubmissionSsl = true;
  };

  services.dovecot2.extraConfig = ''
    # Improve hashing speed
    auth_cache_verify_password_with_worker = yes
  '';

  services.postfix.extraConfig = ''
    # Prefer IPv6
    smtp_address_preference = ipv6
    # Prevent binding on temporary addresses
    smtp_bind_address6 = 2001:470:c8e8:0:230:48ff:fefa:91e1
  '';

}