Initial commit

mailserver/system/alps-package.nix

@@ -0,0 +1,30 @@
+{ lib, fetchgit, buildGoModule, ... }:
+buildGoModule rec {
+  pname = "alps";
+  version = "v1.0.0"; # latest available tag at the moment
+
+  src = fetchGit {
+    url = "https://git.selfprivacy.org/ilchub/selfprivacy-alps";
+    rev = "dc2109ca2fdabfbda5d924faa4947f5694d5d758";
+  };
+
+  vendorSha256 = "0bqg0qjam4mvh07wfil6l5spz32mk5a7kfxxnwfyva805pzmn6dk";
+
+  deleteVendor = false;
+  runVend = true;
+
+  buildPhase = ''
+    go build ./cmd/alps
+  '';
+
+  installPhase = ''
+    mkdir -p $out/bin
+    cp -r * $out/bin
+  '';
+
+  meta = with lib; {
+    description = "Webmail application for the dovecot/postfix mailserver";
+    homepage = "https://git.selfprivacy.org/ilchub/selfprivacy-alps";
+    license = licenses.mit;
+  };
+}

mailserver/system/alps.nix

@@ -0,0 +1,18 @@
+{ pkgs, config, lib, fetchgit, buildGoModule, ... }:
+let domain = config.services.userdata.domain;
+in
+{
+  nixpkgs.overlays =
+    [ (self: super: { alps = self.callPackage ./alps-package.nix { }; }) ];
+
+  systemd.services = {
+    alps = {
+      path = [ pkgs.alps pkgs.coreutils ];
+      serviceConfig = {
+        ExecStart =
+          "${pkgs.alps}/bin/alps -theme sourcehut imaps://${domain}:993 smtps://${domain}:465";
+        WorkingDirectory = "${pkgs.alps}/bin";
+      };
+    };
+  };
+}

mailserver/system/mailserver.nix

@@ -0,0 +1,85 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.services.userdata;
+in
+{
+  imports = [
+    (builtins.fetchTarball {
+      # Pick a commit from the branch you are interested in
+      url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/5675b122/nixos-mailserver-5675b122.tar.gz";
+
+      # And set its hash
+      sha256 = "1fwhb7a5v9c98nzhf3dyqf3a5ianqh7k50zizj8v5nmj3blxw4pi";
+    })
+  ];
+
+  services.dovecot2 = {
+    enablePAM = lib.mkForce true;
+    showPAMFailure = lib.mkForce true;
+  };
+
+  users.users = {
+    virtualMail = {
+      isNormalUser = false;
+    };
+  };
+
+  mailserver = {
+    enable = true;
+    fqdn = cfg.domain;
+    domains = [ cfg.domain ];
+
+    # A list of all login accounts. To create the password hashes, use
+    # mkpasswd -m sha-512 "super secret password"
+    loginAccounts = {
+      "${cfg.username}@${cfg.domain}" = {
+        hashedPassword = cfg.hashedMasterPassword;
+        catchAll = [ cfg.domain ];
+        sieveScript = ''
+          require ["fileinto", "mailbox"];
+          if header :contains "Chat-Version" "1.0"
+          {  
+            fileinto :create "DeltaChat";
+            stop;
+          }
+        '';
+      } // builtins.listToAttrs (builtins.map
+        (user: {
+          name = "${user.username}@${cfg.domain}";
+          value = {
+            hashedPassword = user.hashedPassword;
+            catchAll = [ cfg.domain ];
+            sieveScript = ''
+              require ["fileinto", "mailbox"];
+              if header :contains "Chat-Version" "1.0"
+              {  
+                fileinto :create "DeltaChat";
+                stop;
+              }
+            '';
+          };
+        })
+        cfg.users);
+    };
+
+    extraVirtualAliases = {
+      "admin@${cfg.domain}" = "${cfg.username}@${cfg.domain}";
+    };
+
+    certificateScheme = 1;
+    certificateFile = "/var/lib/acme/${cfg.domain}/fullchain.pem";
+    keyFile = "/var/lib/acme/${cfg.domain}/key.pem";
+
+    # Enable IMAP and POP3
+    enableImap = true;
+    enableImapSsl = true;
+    enablePop3 = false;
+    enablePop3Ssl = false;
+    dkimSelector = "selector";
+
+    # Enable the ManageSieve protocol
+    enableManageSieve = true;
+
+    virusScanning = false;
+  };
+}