aither/simple-nixos-mailserver
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
33ba1ff52b3aa4568e5c6c90f8f99cef78f281b3
simple-nixos-mailserver/docs/setup-example.nix
T
Martin Weinelt 33ba1ff52b Switch to NixOS ACME module for certificate management 
Drop most of the existing certificate handling, because we're effectively
duplicating functionality that NixOS offers for free with better
design, testing and maintainance than what we could provide downstream.

The remaining two options are to reference an
existing `security.acme.certs` configuration through
`mailserver.x509.useACMEHost` or to provide existing key material via
`mailserver.x509.certificateFile` and `mailserver.x509.privateKeyFile`.

Support for automatic creation of self-signed certificates has been
removed, because it is undesirable in public mail setups.

The updated setup guide now displays the recommended configuration that
relies on the NixOS ACME module, but requires further customization to
select a suitable challenge.

Co-Authored-By: Emily <git@emilylange.de>
2025-12-19 02:36:28 +01:00

47 lines
1.4 KiB
Nix
Raw Blame History

{
config,
...
}:
{
imports = [
(builtins.fetchTarball {
# Pick a release version you are interested in and set its hash, e.g.
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-25.11/nixos-mailserver-nixos-25.11.tar.gz";
# To get the sha256 of the nixos-mailserver tarball, we can use the nix-prefetch-url command:
# release="nixos-25.11"; nix-prefetch-url "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${release}/nixos-mailserver-${release}.tar.gz" --unpack
sha256 = "0000000000000000000000000000000000000000000000000000";
})
];
security.acme = {
acceptTerms = true;
defaults.email = "security@example.com";
certs.${config.mailserver.fqdn} = {
# Further setup required, check the manual:
# https://nixos.org/manual/nixos/stable/#module-security-acme
};
};
mailserver = {
enable = true;
stateVersion = 3;
fqdn = "mail.example.com";
domains = [ "example.com" ];
# reference an existing ACME configuration
x509.useACMEHost = config.mailserver.fqdn;
# A list of all login accounts. To create the password hashes, use
# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
loginAccounts = {
"user1@example.com" = {
hashedPasswordFile = "/a/file/containing/a/hashed/password";
aliases = [ "postmaster@example.com" ];
};
"user2@example.com" = {
# ...
};
};
};
}
Reference in New Issue View Git Blame Copy Permalink