diff --git a/mail-config.nix b/mail-config.nix
index f25ca5c..e812519 100644
--- a/mail-config.nix
+++ b/mail-config.nix
@@ -89,6 +89,9 @@ let
cert_file = "/root/mail-server.crt";
key_file = "/root/mail-server.key";
+ # Sceme 2)
+ cert_folder = "/root/certs";
+
#
# Whether to enable imap / pop3. Both variants are only supported in the
# (sane) startTLS configuration. (TODO: Allow SSL ports). The ports are
@@ -119,7 +122,8 @@ in
{
services = import ./mail-server/services.nix {
inherit mail_dir vmail_user_name vmail_group_name valiases domain
- enable_imap enable_pop3;
+ enable_imap enable_pop3 virus_scanning dkim_signing
+ certificate_scheme cert_file key_file;
};
environment = import ./mail-server/environment.nix {
diff --git a/mail-server/dovecot.nix b/mail-server/dovecot.nix
index 8f9c6b2..4b83d55 100644
--- a/mail-server/dovecot.nix
+++ b/mail-server/dovecot.nix
@@ -15,10 +15,22 @@
# along with this program. If not, see
{ vmail_group_name, vmail_user_name, mail_dir, enable_imap, enable_pop3,
-... }:
+certificate_scheme, cert_file, key_file }:
let
# maildir in format "/${domain}/${user}/"
dovecot_maildir = "maildir:${mail_dir}/%d/%n/";
+
+ # cert :: PATH
+ cert = if certificate_scheme == 1
+ then cert_file
+ else "";
+
+ # key :: PATH
+ key = if certificate_scheme == 1
+ then key_file
+ else "";
+
+
in
{
enable = true;
@@ -27,8 +39,8 @@ in
mailGroup = vmail_group_name;
mailUser = vmail_user_name;
mailLocation = dovecot_maildir;
- #sslServerCert = "/etc/nixos/cert/${cert_file}"; // TODO: Define
- #sslServerKey = "/etc/nixos/cert/${key_file}"; // TODO: Define
+ sslServerCert = cert;
+ sslServerKey = key;
enableLmtp = true;
extraConfig = ''
#Extra Config
diff --git a/mail-server/postfix.nix b/mail-server/postfix.nix
index 54ef710..d132b24 100644
--- a/mail-server/postfix.nix
+++ b/mail-server/postfix.nix
@@ -14,7 +14,7 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see
-{ mail_dir, domain, valiases }:
+{ mail_dir, domain, valiases, certificate_scheme, cert_file, key_file }:
let
# valiasToString :: { from = "..."; to = "..." } -> String
@@ -33,14 +33,25 @@ let
# vhosts_file :: Path
vhosts_file = builtins.toFile "vhosts" domain;
+
+ # cert :: PATH
+ cert = if certificate_scheme == 1
+ then cert_file
+ else "";
+
+ # key :: PATH
+ key = if certificate_scheme == 1
+ then key_file
+ else "";
+
in
{
enable = true;
networksStyle = "host";
mapFiles."valias" = valiases_file;
# mapFiles."vaccounts" = vaccounts_file;
- # sslCert = "/etc/nixos/cert/${cert_file}";
- # sslKey = "/etc/nixos/cert/${key_file}";
+ sslCert = cert;
+ sslKey = key;
extraConfig =
''
diff --git a/mail-server/rmilter.nix b/mail-server/rmilter.nix
new file mode 100644
index 0000000..ab35248
--- /dev/null
+++ b/mail-server/rmilter.nix
@@ -0,0 +1,55 @@
+# nixos-mailserver: a simple mail server
+# Copyright (C) 2016-2017 Robin Raymond
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see
+
+{ domain, virus_scanning, dkim_signing }:
+
+let
+ clamav = if virus_scanning
+ then
+ ''
+ clamav {
+ servers = /var/run/clamav/clam.ctl;
+ };
+ ''
+ else "";
+ dkim = if dkim_signing
+ then
+ ''
+ dkim {
+ domain {
+ key = /etc/nixos/dkim/${domain}.pem;
+ domain = "${domain}";
+ selector = "dkim";
+ };
+ sign_alg = sha256;
+ auth_only = yes;
+ }
+ ''
+ else "";
+in
+{
+ enable = true;
+ # debug = true;
+ postfix.enable = true;
+ rspamd.enable = true;
+ extraConfig =
+ ''
+ ${clamav}
+
+ ${dkim}
+ '';
+}
+
diff --git a/mail-server/services.nix b/mail-server/services.nix
index 07d6d18..b872586 100644
--- a/mail-server/services.nix
+++ b/mail-server/services.nix
@@ -15,7 +15,8 @@
# along with this program. If not, see
{ mail_dir, vmail_user_name, vmail_group_name, valiases, domain, enable_imap,
-enable_pop3 }:
+enable_pop3, virus_scanning, dkim_signing, certificate_scheme, cert_file,
+key_file }:
{
# rspamd
@@ -23,12 +24,16 @@ enable_pop3 }:
enable = true;
};
+ rmilter = import ./rmilter.nix {
+ inherit domain virus_scanning dkim_signing;
+ };
+
postfix = import ./postfix.nix {
- inherit mail_dir domain valiases;
+ inherit mail_dir domain valiases certificate_scheme cert_file key_file;
};
dovecot2 = import ./dovecot.nix {
inherit vmail_group_name vmail_user_name mail_dir enable_imap
- enable_pop3;
+ enable_pop3 certificate_scheme cert_file key_file;
};
}