Move mailserver to disk host and refactor config

Also fix a few mistakes like using the plain
password instead of a hashed one.

hosts/disk/mail/default.nix

@@ -0,0 +1,65 @@
+{ config, lib, ... }: with lib;
+
+let
+  inherit (config.networking) domain;
+
+  fqdn = "mail.${domain}";
+
+  prometheusPort = 9040;
+in systemConfiguration {
+  secrets.mailPassword.file = ./password.hash.age;
+
+  services.prometheus = {
+    exporters.postfix = enabled {
+      listenAddress = "[::1]";
+      port          = prometheusPort;
+    };
+
+    scrapeConfigs = [{
+      job_name = "postfix";
+
+      static_configs = [{
+        labels.job = "postfix";
+        targets    = [
+          "[::1]:${toString prometheusPort}"
+        ];
+      }];
+    }];
+  };
+
+  mailserver = enabled {
+    inherit fqdn;
+
+    domains           = [ domain ];
+    certificateScheme = "acme";
+
+    # We use systemd-resolved instead of Knot Resolver.
+    localDnsResolver = false;
+
+    hierarchySeparator = "/";
+    useFsLayout        = true;
+
+    dkimKeyDirectory = "/var/lib/dkim";
+    mailDirectory    = "/var/lib/mail";
+    sieveDirectory   = "/var/lib/sieve";
+
+    vmailUserName  = "mail";
+    vmailGroupName = "mail";
+
+    dmarcReporting = enabled {
+      inherit domain;
+
+      organizationName = "Doofemshmirtz Evil Inc.";
+    };
+
+    fullTextSearch = enabled {
+      indexAttachments = true;
+    };
+
+    loginAccounts."contact@${domain}" = {
+      aliases = [ "@${domain}" ];
+
+      hashedPasswordFile = config.secrets.mailPassword.path;
+    };
+  };
+}

hosts/disk/password.floppy.age

@@ -1,15 +1,15 @@
 age-encryption.org/v1
--> ssh-ed25519 spFFQA H+q9QwbbRhlHhb6kUW/TH7G3dPsmbkHa0BUDHDKuXQY
-JEoXwrxEVBhVU1euXi2eUtJWVdbx29WVhyVSjCKCYJw
+-> ssh-ed25519 spFFQA IzcagogBUz24J5ooZtYMHq+F0dpL8zAmjFNwaFzVtDE
+JtifcKwLlC9FQF/KmFcGEfymowmgWtMbt2JudfJcvZg
 -> ssh-rsa jPaU3Q
-JN5Q6jUOU4CScuJ3TdDk+RCaD8P21UDk4Se6/88eFB8RCuxl5tGpkdhScuwkIfX2
-C3x6VIc+tRBSxWA67jm0r+VTpDC6RasYK9fvKk79UEZqax5owvHzzxBlC6gcvbco
-RngT1Rs/5Xx7SP5jSYgPc+kkgK3FSp9M1z9YJBHHB1+D+oxaXK50eS28Vt3JlZFn
-rbmWHYlk9p2hwgmpLcTxzop+tjGYehjE0H4Bod5bZIosE8aIilYKB3ns4aacBEcf
-O1QfbLzYMCpnD6OYhfNYZsuTcKaf8RbDWIxmnXH+P9M6pS58qrea41A9bfFHQXtR
-yFztfMheybQXXlSB6LGwcbIdZIMWf/SmNjdTiteehQEXDJNnxCQ8fSSjAKvN1btL
-DYZWpgxHDXl/2q07MtSJ8aRoZC66Gw3h49oBHg0Gdk+HRNcE1JB0Du0uUnTj+gkD
-G1l4Sb60u6wQ73vCzdovwKnPkU80DpndZoJZtZ3EXyuARoPBN2HyeMv1fz/h06Dc
+czboYSAr86q0XBgdh5QlPZgsA0HP8Dgh7MUldHabEl5FAPTLv0qW/EqQZO4hPRSU
+tS4cfduzlD/B/EcIlAhjzRldX7Lev01WXdId3i3nu56C0obGWIcfMibVUtBgXF/G
+hMzBdDC/2c+W5coITWQBLw0+neXiek65GDP6VMrNBH01OqzmSmwmmXm0v+dpzxzY
+94ZlQ7SGPp261ATI/+ACTGip9rYTf7FwQLWDXUQe58/ZB8bKYyVW6qf0C57x9YKN
+d3STjEiFijOMNFT7+N2PGyaidnP2ssPVZaUIbp3/6n3rA6nkeWBXnmdQi7Rsy0HZ
+xryypN9Bm4dtCVdZ6BVxOBSWLHT2BOZzBM9rbuV9Pmd7F+Jc2RatYVMxOjDHNOD6
+q6jMclAXDVkkVJo+R+Vvpe2r1GbL36KRyWuvF63kkM09H6zvjhQfYBSstQLnVaLg
+Fgwv4zA5ZaD797zz2o/r09NWre+o8gEFwsI4hhAuepmyhg1hXUX+IezlU741skaV
 
---- y6FU1rTLKAKWOaZrB9jb5j3AoJbDU1SPfcYJkS7abSk
-ˆä_ÀÙ™  Xa±n’“·Ç3÷«„~s<>Ù³!.ÙXQmØØFŠÀa1ýÏP‹àÅV‰SŸg}O¯È9Ùã:?<3F>öë°þ\ (T"ÜƬöÇ(`îOÑ*•<>OȒĹfîþ#!J óž
+--- MIMZQBdkxeA1JLidxa8AW/FvT9qaXukAykTLSTcbdY4
+3Ę‚•Č÷+’<>–¦ĎĺžÁŕČ<>.˛˘§5ŠM)¬
šr_dŞ.ŕ"î z@ĘפwM?¤fSĺwËĄ%PÖ"¨ŁĎ53
Ĺp—ůĆç¤}m]g0RtĘä¤ô»!şe^¤OŮáüEĚŞQe	“Ů