Lucy Hochkamp
83de52d5db
git-subtree-dir: old-conf git-subtree-mainline:4667974392git-subtree-split:62a64a79a8
37 lines
1.2 KiB
Nix
37 lines
1.2 KiB
Nix
{
|
|
pkgs,
|
|
config,
|
|
lib,
|
|
...
|
|
}:
|
|
{
|
|
virtualisation.oci-containers.containers."mail" = {
|
|
image = "ghcr.io/docker-mailserver/docker-mailserver:latest";
|
|
hostname = "mail.hailsatan.eu";
|
|
ports = [
|
|
"25:25" # SMTP (explicit TLS => STARTTLS, Authentication is DISABLED => use port 465/587 instead)
|
|
"143:143" # IMAP4 (explicit TLS => STARTTLS)
|
|
"465:465" # ESMTP (implicit TLS)
|
|
"587:587" # ESMTP (explicit TLS => STARTTLS)
|
|
"993:993" # IMAP4 (implicit TLS)
|
|
];
|
|
volumes = [
|
|
"mail-data:/var/mail/"
|
|
"mail-state:/var/mail-state/"
|
|
"mail-logs:/var/log/mail/"
|
|
"mail-config:/tmp/docker-mailserver/"
|
|
"/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.hailsatan.eu:/srv/tls/meow:ro" # it hates this
|
|
];
|
|
environment = {
|
|
TZ = "Europe/Berlin";
|
|
SPOOF_PROTECTION = "1";
|
|
LOG_LEVEL = "info";
|
|
ENABLE_CLAMAV = "0";
|
|
ENABLE_FAIL2BAN = "0";
|
|
TLS_LEVEL = "intermediate"; # printers ahhh
|
|
SSL_TYPE = "manual";
|
|
SSL_CERT_PATH = "/srv/tls/meow/wildcard_.hailsatan.eu.crt";
|
|
SSL_KEY_PATH = "/srv/tls/meow/wildcard_.hailsatan.eu.key";
|
|
};
|
|
};
|
|
}
|