40 lines
1.0 KiB
Nix
40 lines
1.0 KiB
Nix
{ config
|
|
, pkgs
|
|
, inputs
|
|
, ...
|
|
}:
|
|
let
|
|
mailPassword =
|
|
{ service }:
|
|
{
|
|
secret."${service}-password" = { };
|
|
secret."${service}-password-hash" = { };
|
|
generator.path = with pkgs; [
|
|
coreutils
|
|
xkcdpass
|
|
mkpasswd
|
|
];
|
|
generator.script = ''
|
|
xkcdpass -n 4 -d - > $secrets/${service}-password
|
|
cat $secrets/${service}-password | mkpasswd -s -m bcrypt > $secrets/${service}-password-hash
|
|
'';
|
|
};
|
|
in
|
|
{
|
|
mailserver = rec {
|
|
enable = true;
|
|
fqdn = "mail.clan.lol";
|
|
domains = [ "clan.lol" ];
|
|
|
|
loginAccounts."golem@clan.lol".hashedPasswordFile =
|
|
config.clanCore.facts.services.golem-mail.secret.golem-password-hash.path;
|
|
loginAccounts."gitea@clan.lol".hashedPasswordFile =
|
|
config.clanCore.facts.services.gitea-mail.secret.gitea-password-hash.path;
|
|
};
|
|
|
|
security.acme.acceptTerms = true;
|
|
|
|
clanCore.facts.services.golem-mail = mailPassword { service = "golem"; };
|
|
clanCore.facts.services.gitea-mail = mailPassword { service = "gitea"; };
|
|
}
|