Add roundcube to mail.zweili.org
This commit is contained in:
parent
93294b7b5c
commit
c0ab9dde66
|
@ -44,6 +44,7 @@
|
|||
./services/restic-client-server-mysql
|
||||
./services/restic-client-server-postgres
|
||||
./services/restic-server
|
||||
./services/roundcube
|
||||
./services/rss-bridge
|
||||
./services/syslog
|
||||
./services/telegram-notifications
|
||||
|
|
|
@ -0,0 +1,86 @@
|
|||
{ config, inputs, lib, pkgs, ... }:
|
||||
let
|
||||
cfg = config.services.az-roundcube;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-roundcube.enable = lib.mkEnableOption "My configuration to enable roundcube.";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
80
|
||||
443
|
||||
];
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = "admin+acme@zweili.ch";
|
||||
};
|
||||
services = {
|
||||
az-postgresql.enable = true;
|
||||
nginx = {
|
||||
enable = true;
|
||||
commonHttpConfig = ''
|
||||
# Add HSTS header with preloading to HTTPS requests.
|
||||
# Adding this header to HTTP requests is discouraged
|
||||
map $scheme $hsts_header {
|
||||
https "max-age=63072000; includeSubdomains; preload";
|
||||
}
|
||||
add_header Strict-Transport-Security $hsts_header;
|
||||
|
||||
# Enable CSP for your services.
|
||||
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
|
||||
|
||||
# Minimize information leaked to other domains
|
||||
add_header 'Referrer-Policy' 'origin-when-cross-origin';
|
||||
|
||||
# Prevent injection of code in other mime types (XSS Attacks)
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
|
||||
# Enable XSS protection of the browser.
|
||||
# May be unnecessary when CSP is configured properly (see above)
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
|
||||
# This might create errors
|
||||
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
|
||||
'';
|
||||
recommendedOptimisation = true;
|
||||
recommendedTlsSettings = true;
|
||||
};
|
||||
postgresql = {
|
||||
ensureDatabases = [ "roundcube" ];
|
||||
ensureUsers = [{
|
||||
name = "roundcube";
|
||||
ensurePermissions = {
|
||||
"DATABASE roundcube" = "ALL PRIVILEGES";
|
||||
};
|
||||
}];
|
||||
};
|
||||
roundcube = {
|
||||
database = {
|
||||
username = "roundcube";
|
||||
};
|
||||
# dicts = with pkgs.aspellDicts; [ en de ];
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
$config['imap_host'] = array(
|
||||
'ssl://mail.zweili.org:993' => "Zweili",
|
||||
);
|
||||
$config['username_domain'] = array(
|
||||
'mail.zweili.org' => 'zweili.ch',
|
||||
);
|
||||
$config['x_frame_options'] = false;
|
||||
$config['smtp_host'] = "ssl://mail.zweili.org:465";
|
||||
$config['smtp_user'] = "%u";
|
||||
$config['smtp_pass'] = "%p";
|
||||
'';
|
||||
hostName = "mail.zweili.org";
|
||||
maxAttachmentSize = 25;
|
||||
plugins = [ "carddav" "persistent_login" "managesieve" ];
|
||||
package = pkgs.roundcube.withPlugins (plugins:
|
||||
with plugins; [ carddav persistent_login ]
|
||||
);
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -10,15 +10,12 @@
|
|||
|
||||
services = {
|
||||
az-mailserver.enable = true;
|
||||
az-nginx-proxy = {
|
||||
enable = true;
|
||||
domain = "mail.zweili.org";
|
||||
};
|
||||
az-restic-client-server = {
|
||||
enable = true;
|
||||
path = "/home/andreas";
|
||||
time = "01:00";
|
||||
};
|
||||
az-roundcube.enable = true;
|
||||
};
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue