From 42712f996ec024387ca1c52a1df377565560dc0d Mon Sep 17 00:00:00 2001
From: RGBCube <RGBCube@users.noreply.github.com>
Date: Thu, 11 Jan 2024 14:56:30 +0300
Subject: [PATCH] Add mail server

---
 flake.nix                           |   7 +++++++
 hosts/cube/acme.nix                 |   2 +-
 hosts/cube/akkoma.nix               |   6 +++---
 hosts/cube/mail.nix                 |  20 ++++++++++++++++++++
 secrets/cube.mail.password.hash.age | Bin 0 -> 273 bytes
 secrets/secrets.nix                 |  11 ++++++-----
 6 files changed, 37 insertions(+), 9 deletions(-)
 create mode 100644 hosts/cube/mail.nix
 create mode 100644 secrets/cube.mail.password.hash.age

diff --git a/flake.nix b/flake.nix
index a69d787..43b064a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -36,6 +36,11 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
+    mail = {
+      url                    = "gitlab:simple-nixos-mailserver/nixos-mailserver";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     hyprland = {
       url = "github:hyprwm/Hyprland";
     };
@@ -85,6 +90,7 @@
   outputs = {
     nixpkgs,
     agenix,
+    mail,
     homeManager,
     site,
     themes,
@@ -169,6 +175,7 @@
         agenix.nixosModules.default
         ./secrets
 
+        mail.nixosModules.default
         site.nixosModules.default
 
         defaultConfiguration
diff --git a/hosts/cube/acme.nix b/hosts/cube/acme.nix
index 5b590f2..ef74d02 100644
--- a/hosts/cube/acme.nix
+++ b/hosts/cube/acme.nix
@@ -12,7 +12,7 @@ serverSystemConfiguration {
       credentialsFile = config.age.secrets.acme.path;
       dnsProvider     = "cloudflare";
       dnsResolver     = "1.1.1.1";
-      email           = "rgbsphere@gmail.com";
+      email           = "security@rgbcu.be";
       group           = "nginx";
     };
 
diff --git a/hosts/cube/akkoma.nix b/hosts/cube/akkoma.nix
index ccfff53..bc5ad08 100644
--- a/hosts/cube/akkoma.nix
+++ b/hosts/cube/akkoma.nix
@@ -1,6 +1,6 @@
 { config, ulib, ... }: with ulib;
 
-systemConfiguration {
+serverSystemConfiguration {
   services.akkoma = let
     inherit ((pkgs.formats.elixirConf { }).lib) mkRaw mkTuple;
 
@@ -28,8 +28,8 @@ systemConfiguration {
       name        = "RGBCube's Akkoma Server";
       description = "RGBCube's Akkoma server, facism edition.";
 
-      email        = "rgbsphere@gmail.com";
-      notify_email = "rgbsphere@gmail.com";
+      email        = "social@rgbcu.be";
+      notify_email = "social@rgbcu.be";
 
       limit        = 100000;
       remote_limit = 100000;
diff --git a/hosts/cube/mail.nix b/hosts/cube/mail.nix
new file mode 100644
index 0000000..9736ac3
--- /dev/null
+++ b/hosts/cube/mail.nix
@@ -0,0 +1,20 @@
+{ config, ulib, ... }: with ulib;
+
+serverSystemConfiguration {
+  mailserver = enabled {
+    domains = [ config.networking.domain ];
+    fqdn    = "mail.${config.networking.domain}";
+
+    certificateScheme = "acme";
+
+    hierarchySeparator = "/";
+    useFsLayout        = true;
+
+    loginAccounts.contact = {
+      name    = "contact@${config.networking.domain}";
+      aliases = [ "@${config.networking.domain}" ];
+
+      hashedPasswordFile = config.age.secrets."cube.mail.password.hash".path;
+    };
+  };
+}
diff --git a/secrets/cube.mail.password.hash.age b/secrets/cube.mail.password.hash.age
new file mode 100644
index 0000000000000000000000000000000000000000..8cd11fdffb52f1680727f88c193fec6e0cce0825
GIT binary patch
literal 273
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUFE{ZY;DOU*2%F8#)
z$t(}ZElexYPA)4=^{@1G_fO06(l^o12@I?9b@R{<GB0-tbL4Ug%S(?eH_>;mEGp3U
zwRBH+_bAg3G&eIg^e@V;aP>(p^s~q;&hoDC3+2+))l~?r)DH_Za8C+OOifHp&WlV6
zH1^IeHZS%y2~SBg&CZX^&35uPE%tFU$mUug>f~ec<g@8?&*qgy-h2N(vH$n)b=PH+
zY2R$$SC}l<;}TlkQNMUaQ<c0*x<upTiltu5ZhYp`Kc2CkZRv5}Hv;Oamid>rnQaqn
Y=+U+6IO;V!<S|RC8{b532F=-R0Gx_tvH$=8

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 511f299..1e9ca60 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,9 +1,10 @@
 with import ./keys.nix;
 
 {
-  "acme.age".publicKeys                = [ cube ];
-  "cube.password.age".publicKeys       = [ cube ];
-  "cube.id.age".publicKeys             = [ rgbcube ];
-  "enka.said.password.age".publicKeys  = [ rgbcube ];
-  "enka.orhan.password.age".publicKeys = [ rgbcube ];
+  "acme.age".publicKeys                    = [ cube ];
+  "cube.password.age".publicKeys           = [ cube ];
+  "cube.mail.password.hash.age".publicKeys = [ cube ];
+  "cube.id.age".publicKeys                 = [ rgbcube ];
+  "enka.said.password.age".publicKeys      = [ rgbcube ];
+  "enka.orhan.password.age".publicKeys     = [ rgbcube ];
 }