diff options
| author | sinanmohd <sinan@sinanmohd.com> | 2025-06-10 15:55:54 +0530 |
|---|---|---|
| committer | sinanmohd <sinan@sinanmohd.com> | 2025-06-10 22:55:04 +0530 |
| commit | a41037ef644dbacb3d577933fb3d93c210439b38 (patch) | |
| tree | a262750bcb1357785ad8cb68b232a5ca242ee671 /os/kay/modules/mail.nix | |
| parent | cfccbd1e4026d568e23a47c060ae3ae042cceb4c (diff) | |
chore(repo): reformat with nixfmt-rfc-style
Diffstat (limited to 'os/kay/modules/mail.nix')
| -rw-r--r-- | os/kay/modules/mail.nix | 46 |
1 files changed, 33 insertions, 13 deletions
diff --git a/os/kay/modules/mail.nix b/os/kay/modules/mail.nix index a418a86..57912ac 100644 --- a/os/kay/modules/mail.nix +++ b/os/kay/modules/mail.nix @@ -1,4 +1,5 @@ -{ config, pkgs, ... }: let +{ config, pkgs, ... }: +let ipv6 = "2001:470:ee65::1337"; domain = config.global.userdata.domain; username = config.global.userdata.name; @@ -15,12 +16,13 @@ ]; credentials_directory = "/run/credentials/stalwart-mail.service"; -in { +in +{ security.acme.certs.${domain}.postRun = "systemctl restart stalwart-mail.service"; sops.secrets = { - "mail.${domain}/dkim_rsa" = {}; - "mail.${domain}/dkim_ed25519" = {}; - "mail.${domain}/password" = {}; + "mail.${domain}/dkim_rsa" = { }; + "mail.${domain}/dkim_ed25519" = { }; + "mail.${domain}/password" = { }; }; systemd.services.stalwart-mail.serviceConfig.LoadCredential = [ @@ -35,10 +37,12 @@ in { services.postgresql = { ensureDatabases = [ "stalwart" ]; - ensureUsers = [{ - name = "stalwart"; - ensureDBOwnership = true; - }]; + ensureUsers = [ + { + name = "stalwart"; + ensureDBOwnership = true; + } + ]; }; services.stalwart-mail = { @@ -70,7 +74,10 @@ in { server.listener = { smtp = { - bind = [ "[${ipv6}]:25" "0.0.0.0:25" ]; + bind = [ + "[${ipv6}]:25" + "0.0.0.0:25" + ]; protocol = "smtp"; }; submission = { @@ -98,7 +105,13 @@ in { private-key = "%{file:${credentials_directory}/dkim_rsa}%"; inherit domain; selector = "rsa"; - headers = ["From" "To" "Date" "Subject" "Message-ID"]; + headers = [ + "From" + "To" + "Date" + "Subject" + "Message-ID" + ]; algorithm = "rsa-sha-256"; canonicalization = "simple/simple"; @@ -110,7 +123,13 @@ in { private-key = "%{file:${credentials_directory}/dkim_ed25519}%"; inherit domain; selector = "ed25519"; - headers = ["From" "To" "Date" "Subject" "Message-ID"]; + headers = [ + "From" + "To" + "Date" + "Subject" + "Message-ID" + ]; algorithm = "ed25519-sha256"; canonicalization = "simple/simple"; @@ -152,7 +171,8 @@ in { secret = "%{file:${credentials_directory}/password}%"; inherit email; } - { # for mta-sts & dmarc reports + { + # for mta-sts & dmarc reports class = "individual"; name = "reports"; secret = "%{file:${credentials_directory}/password}%"; |