nixos-infra/services/mail/service.nix

{ config, lib, ... }:
let
  sec = config.sops.secrets;
  inherit (config.machine.mail)
    enable
    domain
    fqdn
    ;
in
{
  imports = [
    (builtins.fetchTarball {
      url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/master/nixos-mailserver-master.tar.gz";
      sha256 = "0mfc8xkpy6hrfwyhjjnfna8b54s2h01lzsw4mw3yym6ccacc75r8";
    })
  ];

  mailserver = {
    inherit enable;
    inherit fqdn;
    stateVersion = 5;
    domains = [ domain ];
    messageSizeLimit = 52428800; # 50MB
    enableManageSieve = true;

    localDnsResolver = false;

    accounts = {
      "admin@${domain}" = {
        hashedPasswordFile = sec."mail/serviceHashedPassword".path;
        aliases = [
          "postmaster@${domain}"
          "system@${domain}"
          "contact@${domain}"
          "sales@${domain}"
        ];
      };
      "rus07tam@${domain}" = {
        hashedPasswordFile = sec."rus07tam/hashedPassword".path;
        aliases = [ ];
      };
      "nikitahapanulstaff228@${domain}" = {
        hashedPasswordFile = sec."mail/NikitaHapanulStaff228HashedPassword".path;
        aliases = [
          "mamutraxal@${domain}"
          "sava.uwu@${domain}"
        ];
      };
      "nikitapocox6prohype@${domain}" = {
        hashedPasswordFile = sec."mail/nikitapocox6prohype".path;
        aliases = [
          "pomoemuhype@${domain}"
          "nikita.uwu@${domain}"
        ];
      };
      "openclaw@${domain}" = {
        hashedPasswordFile = sec."mail/openclawHashedPassword".path;
        aliases = [ "nexor@${domain}" ];
      };
    };

    x509.useACMEHost = config.mailserver.fqdn;

    dkim = {
      enable = true;
      keyDirectory = "/var/dkim";
      defaults.selector = "default";
    };
  };
}