diff --git a/machines/liza/configuration.nix b/machines/liza/configuration.nix index 43abc4b..7e025e0 100644 --- a/machines/liza/configuration.nix +++ b/machines/liza/configuration.nix @@ -144,6 +144,39 @@ }; }; + mailserver = { + enable = true; + fqdn = "mail.neet.dev"; + dkimKeyBits = 2048; + indexDir = "/var/lib/mailindex"; + enableManageSieve = true; + fullTextSearch.enable = true; + fullTextSearch.indexAttachments = true; + fullTextSearch.memoryLimit = 500; + domains = [ + "neet.space" "neet.dev" "neet.cloud" + "runyan.org" "runyan.rocks" + "thunderhex.com" "tar.ninja" + "bsd.ninja" "bsd.rocks" + ]; + loginAccounts = { + "jeremy@runyan.org" = { + hashedPasswordFile = "/run/secrets/email-pw"; + aliases = [ + "@neet.space" "@neet.cloud" "@neet.dev" + "@runyan.org" "@runyan.rocks" + "@thunderhex.com" "@tar.ninja" + "@bsd.ninja" "@bsd.rocks" + ]; + }; + }; + rejectRecipients = [ + "george@runyan.org" + ]; + certificateScheme = 3; # use let's encrypt for certs + }; + age.secrets.email-pw.file = ../../secrets/email-pw.age; + security.acme.acceptTerms = true; security.acme.email = "zuckerberg@neet.dev"; } diff --git a/machines/neet.dev/configuration.nix b/machines/neet.dev/configuration.nix index a55b0ea..b4f38c3 100644 --- a/machines/neet.dev/configuration.nix +++ b/machines/neet.dev/configuration.nix @@ -43,22 +43,4 @@ port = 23563; domain = "voice.neet.space"; }; - - mailserver = { - enable = true; - fqdn = "mail.neet.dev"; - domains = [ "neet.space" "neet.dev" "neet.cloud" ]; - loginAccounts = { - "jeremy@neet.dev" = { - # nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2 > /hashed/password/file/location - hashedPasswordFile = "/secret/email.password"; - aliases = [ - "zuckerberg@neet.space" - "zuckerberg@neet.cloud" - "zuckerberg@neet.dev" - ]; - }; - }; - certificateScheme = 3; # use let's encrypt for certs - }; } diff --git a/secrets/email-pw.age b/secrets/email-pw.age new file mode 100644 index 0000000..f4e7080 --- /dev/null +++ b/secrets/email-pw.age @@ -0,0 +1,21 @@ +age-encryption.org/v1 +-> ssh-ed25519 ebHUtA QI4sHX+et17jj/INlThUZYpAxDac28vmL8Fj3z1jtDk +U01ZK4kOwsCVKDVn36KFwZRJWgzMBZirKkuI1tnSH1E +-> ssh-ed25519 WVH30Q RFr04gYJbe5dJnAvYMOOGxes2sP7/S/HC7yc2/MdbFI +/1VaQrN4gWIbuX+tN/IXrsg3CwO/P27f4uPw2W1UrR4 +-> ssh-ed25519 G2eSCQ 27vUvO7/MzUndccz52XZiBaeRcrnLYG1jp3/sVTj1Ck +TsDPPqhtYyP4wMyN+9gNGINQR9KdbS3CHEx1FkshExg +-> ssh-ed25519 Xqs6ZQ LR7QopOSLC69L2Cxg7YPq38eq5GvNJcyRXxDlbQlIxw +ig2IK2DkXKBfeh9mduCWslxWMHO77J+oWRXfFog50ls +-> ssh-ed25519 2a2Yhw r4RZtwDEBSmEIBmJ2fQ/vNHroWU1qmW6uwFBvigj9zk +B8t91e+CfuZHwYPMTHuHzvJ8HeMGwaOodR7vSXvIjLA +-> ssh-ed25519 N240Tg cCPE7iAR46UYY0T3LY9dWQS66AzJiCIjtvQuY24nong +YjguDQVC3pllE8SxhrovydzZ3rb0Px7xTA+AxoTJmvM +-> ssh-ed25519 mbw8xA beu7dqoJJXLlSjIR3GPpv8N85bSgGayerV9hiA76e0U +V2pwfggBlJjWXSt1ChOXqpw5mGlGMJNZdAsz8aysfqk +-> ssh-ed25519 xoAm7w AxD7ehas3VJVnOtMNPlly9Aqoejnj/knlsmaAIfxj3U +Tk/pt8G4DxLiJWzER8iHuquCaFBu7SOcaTBwu95zNGA +-> $/-grease +huxdlEj+cx2NcIZefKD6ZWIW4vm4Xv1T6tjxL4Ks +--- W/WTAYMs2qhvPfSRxRAFqiQe+mS9RBMSet7nIGfgHTI +SBSOf5`L .naYtSH@:mҍ53HF=2 |-5t'ڌTU ;ZF;P5 \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index de2ab78..e8f7fa0 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -11,4 +11,5 @@ in "peertube-db-pw.age".publicKeys = all; "peertube-redis-pw.age".publicKeys = all; "peertube-smtp.age".publicKeys = all; + "email-pw.age".publicKeys = all; } \ No newline at end of file