From 71e5a43c1a438bbc6094eb9cdb93e2a9160132a2 Mon Sep 17 00:00:00 2001
From: Nicholas McDaniel <nickmcdaniel00@gmail.com>
Date: Tue, 10 Feb 2026 13:08:43 -0500
Subject: [PATCH] Add smtp and imap email server

---
 README.md          |  1 +
 configuration.nix  |  1 +
 modules/mail.nix   | 39 +++++++++++++++++++++++++++++++++++++++
 modules/restic.nix |  1 +
 4 files changed, 42 insertions(+)
 create mode 100644 modules/mail.nix

diff --git a/README.md b/README.md
index ce2a826..008df90 100644
--- a/README.md
+++ b/README.md
@@ -5,6 +5,7 @@ subdomains.
 
 ## Current features:
 - Automatic SSL certificates via ACME DNS challenges
+- Automatic backups with restic
 - NGINX webserver
 - ATProto PDS at https://pds.tty.garden
 - Gitea instance at https://seed.tty.garden
diff --git a/configuration.nix b/configuration.nix
index 7a8f69f..b14e01a 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -14,6 +14,7 @@
         ./modules/nginx.nix
         ./modules/gitea.nix
         ./modules/pds.nix
+        ./modules/mail.nix
         ./modules/restic.nix
     ];
 
diff --git a/modules/mail.nix b/modules/mail.nix
new file mode 100644
index 0000000..6f0bf40
--- /dev/null
+++ b/modules/mail.nix
@@ -0,0 +1,39 @@
+{pkgs, config, ...}:
+{
+    imports = [
+        (builtins.fetchTarball {
+            url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-25.11/nixos-mailserver-nixos-25.11.tar.gz";
+            sha256 = "0pqc7bay9v360x2b7irqaz4ly63gp4z859cgg5c04imknv0pwjqw";
+        })
+    ];
+
+    mailserver = {
+        enable = true;
+        stateVersion = 3;
+        fqdn = "mail.tty.garden";
+        domains = [ "tty.garden" ];
+
+        loginAccounts = {
+            "nmcdaniel@tty.garden" = {
+                hashedPasswordFile = "/root/email_hashed/admin";
+                aliases = [ "postmaster@tty.garden" "admin@tty.garden" ];
+            };
+        };
+
+        certificateScheme = "acme";
+        acmeCertificateName = "tty.garden";
+    };
+
+    # SMTP Relay Configuration
+    # This can be omitted once SMTP outbound connections are unblocked
+    services.postfix = {
+        settings.main = {
+            relayhost = [ "[smtp.resend.com]:587" ];
+            # Must have associated .db made with postmap in the same directory
+            smtp_sasl_password_maps = "hash:/root/sasl_passwd";
+            smtp_sasl_auth_enable = true;
+            smtp_sasl_security_options = "";
+            smtp_use_tls = true;
+        };
+    };
+}
diff --git a/modules/restic.nix b/modules/restic.nix
index 70fb8ec..214c90f 100644
--- a/modules/restic.nix
+++ b/modules/restic.nix
@@ -10,6 +10,7 @@
             paths = [
                 "/var/www" # Webserver data
                 "/var/lib/pds" # ATProto PDS
+                "/var/vmail" # Email Mailbox
                 "/home" # User data
                 "${config.services.gitea.stateDir}/dump" # Gitea repository
             ];