From 2cbec3d841c5ea06896ba9c4104b62b0636bc8e0 Mon Sep 17 00:00:00 2001
From: jopejoe1 <johannes@joens.email>
Date: Sat, 20 Apr 2024 10:11:36 +0200
Subject: [PATCH] simple mail config

---
 flake.nix                   |  5 +++++
 systems/hetzner/default.nix |  5 +++++
 systems/hetzner/mail.nix    | 22 ++++++++++++++++++++++
 3 files changed, 32 insertions(+)
 create mode 100644 systems/hetzner/mail.nix

diff --git a/flake.nix b/flake.nix
index 7d51034..1e1dba2 100644
--- a/flake.nix
+++ b/flake.nix
@@ -38,6 +38,11 @@
       inputs.nixpkgs-stable.follows = "nixpkgs";
     };
     impermanence.url = "github:nix-community/impermanence";
+    snm = {
+      url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
 
     # Packages
     tela-icon-theme = {
diff --git a/systems/hetzner/default.nix b/systems/hetzner/default.nix
index 83cd4d3..264a76d 100644
--- a/systems/hetzner/default.nix
+++ b/systems/hetzner/default.nix
@@ -6,6 +6,8 @@
     self.inputs.srvos.nixosModules.server
     self.inputs.srvos.nixosModules.hardware-hetzner-online-amd
     self.inputs.srvos.nixosModules.mixins-nginx
+    self.inputs.snm.nixosModules.mailserver
+    ./mail.nix
   ];
 
   jopejoe1 = {
@@ -36,6 +38,9 @@
 
   services.openssh.ports = [ 22 ];
 
+  security.acme.acceptTerms = true;
+  security.acme.defaults.email = "security@missing.ninja";
+
   users.users.jopejoe1.hashedPassword = "$2b$05$Uk84TY/RHlH8DIigUlFYjeorjTlCMEY9wN2pAcw5BLaPoc7dKiSsC";
   users.users.root.hashedPassword = "$2b$05$Uk84TY/RHlH8DIigUlFYjeorjTlCMEY9wN2pAcw5BLaPoc7dKiSsC";
 
diff --git a/systems/hetzner/mail.nix b/systems/hetzner/mail.nix
new file mode 100644
index 0000000..54591aa
--- /dev/null
+++ b/systems/hetzner/mail.nix
@@ -0,0 +1,22 @@
+{ config, pkgs, lib, ...}:
+
+{
+  mailserver = {
+    enable = true;
+    fqdn = "mail.missing.ninja";
+    domains = [ "missing.ninja" ];
+
+    # A list of all login accounts. To create the password hashes, use
+    # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
+    loginAccounts = {
+      "admin@missing.ninja" = {
+        hashedPasswordFile = "/a/file/containing/a/hashed/password";
+        aliases = [ "@missing.ninja" ];
+      };
+    };
+
+    # Use Let's Encrypt certificates. Note that this needs to set up a stripped
+    # down nginx and opens port 80.
+    certificateScheme = "acme-nginx";
+  };
+}