From 6d9a883361df67a864bba107bfdefca19f71e2da Mon Sep 17 00:00:00 2001
From: coolneng <akasroua@gmail.com>
Date: Fri, 25 Jun 2021 15:09:27 +0200
Subject: [PATCH] Deploy a mail server

---
 configuration.nix                  |  1 +
 modules/email.nix                  | 30 ++++++++++++
 modules/hardware-configuration.nix | 75 ++++++++++++++++--------------
 modules/networking.nix             | 10 ++++
 4 files changed, 81 insertions(+), 35 deletions(-)
 create mode 100644 modules/email.nix

diff --git a/configuration.nix b/configuration.nix
index a503fac..1d72d52 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -108,6 +108,7 @@
     ./modules/monitoring.nix
     ./modules/periodic.nix
     ./modules/webstack.nix
+    ./modules/email.nix
   ];
 
 }
diff --git a/modules/email.nix b/modules/email.nix
new file mode 100644
index 0000000..92f9a98
--- /dev/null
+++ b/modules/email.nix
@@ -0,0 +1,30 @@
+{ config, pkgs, ... }:
+
+let release = "nixos-21.05";
+
+in {
+  imports = [
+    (builtins.fetchTarball {
+      url =
+        "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${release}/nixos-mailserver-${release}.tar.gz";
+      sha256 = "1fwhb7a5v9c98nzhf3dyqf3a5ianqh7k50zizj8v5nmj3blxw4pi";
+    })
+  ];
+
+  # Mail server configuration
+  mailserver = {
+    enable = true;
+    fqdn = "mail.coace.duckdns.org";
+    domains = [ "coace.duckdns.org" ];
+    loginAccounts = {
+      "admin@coace.duckdns.org" = {
+        hashedPasswordFile = "/vault/mail/accounts/admin";
+        aliases = [ "postmaster@coace.duckdns.org" ];
+      };
+    };
+    localDnsResolver = false;
+    certificateScheme = 3;
+    mailDirectory = "/vault/mail/content";
+    dkimKeyDirectory = "/vault/mail/dkim";
+  };
+}
diff --git a/modules/hardware-configuration.nix b/modules/hardware-configuration.nix
index a07953f..59f8345 100644
--- a/modules/hardware-configuration.nix
+++ b/modules/hardware-configuration.nix
@@ -8,7 +8,7 @@
     [ (modulesPath + "/installer/scan/not-detected.nix")
     ];
 
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
   boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ "kvm-amd" ];
   boot.extraModulePackages = [ ];
@@ -43,48 +43,23 @@
       fsType = "zfs";
     };
 
+  fileSystems."/vault/frontend" =
+    { device = "vault/frontend";
+      fsType = "zfs";
+    };
+
   fileSystems."/vault/VMs" =
     { device = "vault/VMs";
       fsType = "zfs";
     };
 
-  fileSystems."/vault/backups" =
-    { device = "vault/backups";
-      fsType = "zfs";
-    };
-
-  fileSystems."/vault/nextcloud" =
-    { device = "vault/nextcloud";
-      fsType = "zfs";
-    };
-
   fileSystems."/vault/code" =
     { device = "vault/code";
       fsType = "zfs";
     };
 
-  fileSystems."/vault/backups/databases" =
-    { device = "vault/backups/databases";
-      fsType = "zfs";
-    };
-
-  fileSystems."/vault/samba" =
-    { device = "vault/samba";
-      fsType = "zfs";
-    };
-
-  fileSystems."/vault/backups/wordpress" =
-    { device = "vault/backups/wordpress";
-      fsType = "zfs";
-    };
-
-  fileSystems."/vault/backups/frontend" =
-    { device = "vault/backups/frontend";
-      fsType = "zfs";
-    };
-
-  fileSystems."/vault/backups/documents" =
-    { device = "vault/backups/documents";
+  fileSystems."/vault/backups" =
+    { device = "vault/backups";
       fsType = "zfs";
     };
 
@@ -93,13 +68,43 @@
       fsType = "zfs";
     };
 
+  fileSystems."/vault/nextcloud" =
+    { device = "vault/nextcloud";
+      fsType = "zfs";
+    };
+
+  fileSystems."/vault/samba" =
+    { device = "vault/samba";
+      fsType = "zfs";
+    };
+
   fileSystems."/vault/VMs/legacy" =
     { device = "vault/VMs/legacy";
       fsType = "zfs";
     };
 
-  fileSystems."/vault/frontend" =
-    { device = "vault/frontend";
+  fileSystems."/vault/backups/databases" =
+    { device = "vault/backups/databases";
+      fsType = "zfs";
+    };
+
+  fileSystems."/vault/backups/documents" =
+    { device = "vault/backups/documents";
+      fsType = "zfs";
+    };
+
+  fileSystems."/vault/backups/frontend" =
+    { device = "vault/backups/frontend";
+      fsType = "zfs";
+    };
+
+  fileSystems."/vault/backups/wordpress" =
+    { device = "vault/backups/wordpress";
+      fsType = "zfs";
+    };
+
+  fileSystems."/vault/mail" =
+    { device = "vault/mail";
       fsType = "zfs";
     };
 
diff --git a/modules/networking.nix b/modules/networking.nix
index 8b7a425..8f890cd 100644
--- a/modules/networking.nix
+++ b/modules/networking.nix
@@ -150,6 +150,16 @@ in {
       conf-file=/var/lib/dnsmasq/dnsmasq.blacklist.txt
 
       address=/coace.duckdns.org/10.0.1.3
+      # Mail server records
+      address=/mail.coace.duckdns.org/10.0.1.3
+      host-record=mail.coace.duckdns.org,10.0.1.3
+      mx-host=coace.duckdns.org,mail.coace.duckdns.org,10
+      server=/47.61.216.88.in-addr.arpa/10.0.1.3
+      ptr-record=47.61.216.88.in-addr.arpa,mail.coace.ducknds.org
+      ptr-record=47.61.216.88.in-addr.arpa,coace.ducknds.org
+      txt-record=coace.duckdns.org,"v=spf1 a:mail.coace.duckdns.org -all"
+      txt-record=mail._domainkey.coace.duckdns.org,"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGGeUul/gHC0VMajW6ReX4LH1oo9s52ath/UsvwMdb5vuA0FSjlTellSeP944MkEUt+EY8d64NRrV06+RipeGKweZNNGRybdefvGW2LlmJX0I6MIA6SD3hRPA1CYoX0boHKMAyjrBAzqZmhAXRZNro2nO1H0hCaHriOSH1ru4CYQIDAQAB"
+      txt-record=_dmarc.coace.duckdns.org,"v=DMARC1; p=none"
     '';
   };