nix-infra/config/hosts/mail-1/simple-nixos-mailserver.nix

{ simple-nixos-mailserver, ... }:
{
  imports = [
    simple-nixos-mailserver.nixosModule {
      mailserver = {
        enable = true;
        openFirewall = true;
        fqdn = "mail-1.grzb.de";
        enableImap = false;
        enableImapSsl = true;
        enableSubmission = false;
        enableSubmissionSsl = true;
        lmtpSaveToDetailMailbox = "no";
        domains = [ "grzb.de" "vs.grzb.de" "wg.grzb.de" "nekover.se" ];
        loginAccounts = {
          "fiona@grzb.de" = {
            hashedPasswordFile = "/secrets/mail-fiona-grzb-de.secret";
            aliases = [ "@grzb.de" ];
            catchAll = [ "grzb.de" ];
          };
          "yuri@nekover.se" = {
            hashedPasswordFile = "/secrets/mail-yuri-nekover-se.secret";
            aliases = [ "@nekover.se" ];
            catchAll = [ "nekover.se" ];
          };
          "mio@vs.grzb.de" = {
            hashedPasswordFile = "/secrets/mail-mio-vs-grzb-de.secret";
            sendOnly = true;
            aliases = [ "root@vs.grzb.de" ];
          };
          "fubuki@wg.grzb.de" = {
            hashedPasswordFile = "/secrets/mail-fubuki-wg-grzb-de.secret";
            sendOnly = true;
            aliases = [ "root@wg.grzb.de" ];
          };
          "cloud@nekover.se" = {
            hashedPasswordFile = "/secrets/mail-cloud-nekover-se.secret";
            sendOnly = true;
          };
          "status@nekover.se" = {
            hashedPasswordFile = "/secrets/mail-status-nekover-se.secret";
            sendOnly = true;
          };
          "matrix@nekover.se" = {
            hashedPasswordFile = "/secrets/mail-matrix-nekover-se.secret";
            sendOnly = true;
            aliases = [ "nyareply@nekover.se" ];
          };
          "nekomesh@nekover.se" = {
            hashedPasswordFile = "/secrets/mail-nekomesh-nekover-se.secret";
            sendOnly = true;
            aliases = [ "nyareply@nekover.se" ];
          };
          "social@nekover.se" = {
            hashedPasswordFile = "/secrets/mail-social-nekover-se.secret";
            sendOnly = true;
            aliases = [ "nyareply@nekover.se" ];
          };
          "id@nekover.se" = {
            hashedPasswordFile = "/secrets/mail-id-nekover-se.secret";
            sendOnly = true;
            aliases = [ "nyareply@nekover.se" ];
          };
          "forgejo@nekover.se" = {
            hashedPasswordFile = "/secrets/mail-forgejo-nekover-se.secret";
            sendOnly = true;
            aliases = [ "nyareply@nekover.se" ];
          };
        };
        certificateScheme = "acme-nginx";
      };
    }
  ];

  services.postfix = {
    transport = "relay:[mail-2.grzb.de]";
    extraConfig = ''
      proxy_interfaces = 212.53.203.19
    '';
  };
}