Add smtp and imap email server

README.md

@@ -5,6 +5,7 @@ subdomains.
 
 ## Current features:
 - Automatic SSL certificates via ACME DNS challenges
+- Automatic backups with restic
 - NGINX webserver
 - ATProto PDS at https://pds.tty.garden
 - Gitea instance at https://seed.tty.garden

configuration.nix

@@ -14,6 +14,7 @@
         ./modules/nginx.nix
         ./modules/gitea.nix
         ./modules/pds.nix
+        ./modules/mail.nix
         ./modules/restic.nix
     ];
 

modules/gitea.nix

@@ -1,4 +1,4 @@
-{config, ...}:
+{pkgs, config, ...}:
 {
     services.gitea = {
         enable = true;
@@ -14,6 +14,34 @@
             actions = {
                 ENABLED = false;
             };
+
+            ui = {
+                DEFAULT_THEME = "catppuccin-maroon-auto";
+                THEMES = "catppuccin-maroon-auto,catppuccin-latte-maroon,catppuccin-mocha-maroon";
             };
         };
+    };
+
+    systemd.tmpfiles.rules =
+    let catpuccinThemeSrc =
+    pkgs.fetchzip {
+        url = "https://github.com/catppuccin/gitea/releases/download/v1.0.2/catppuccin-gitea.tar.gz";
+        sha256 = "sha256-rZHLORwLUfIFcB6K9yhrzr+UwdPNQVSadsw6rg8Q7gs=";
+        stripRoot = false;
+    };
+    themeFiles = [
+        "theme-catppuccin-mocha-maroon.css"
+        "theme-catppuccin-latte-maroon.css"
+        "theme-catppuccin-maroon-auto.css"
+    ];
+    customDir = config.services.gitea.customDir;
+    in
+    [
+        "d ${customDir}/public - gitea gitea -"
+        "d ${customDir}/public/assets - gitea gitea -"
+        "d ${customDir}/public/assets/css - gitea gitea -"
+    ]
+    ++ map (f:
+        "L+ ${customDir}/public/assets/css/${f} - - - - ${catpuccinThemeSrc}/${f}"
+    ) themeFiles;
 }

modules/mail.nix

@@ -0,0 +1,39 @@
+{pkgs, config, ...}:
+{
+    imports = [
+        (builtins.fetchTarball {
+            url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-25.11/nixos-mailserver-nixos-25.11.tar.gz";
+            sha256 = "0pqc7bay9v360x2b7irqaz4ly63gp4z859cgg5c04imknv0pwjqw";
+        })
+    ];
+
+    mailserver = {
+        enable = true;
+        stateVersion = 3;
+        fqdn = "mail.tty.garden";
+        domains = [ "tty.garden" ];
+
+        loginAccounts = {
+            "nmcdaniel@tty.garden" = {
+                hashedPasswordFile = "/root/email_hashed/admin";
+                aliases = [ "postmaster@tty.garden" "admin@tty.garden" ];
+            };
+        };
+
+        certificateScheme = "acme";
+        acmeCertificateName = "tty.garden";
+    };
+
+    # SMTP Relay Configuration
+    # This can be omitted once SMTP outbound connections are unblocked
+    services.postfix = {
+        settings.main = {
+            relayhost = [ "[smtp.resend.com]:587" ];
+            # Must have associated .db made with postmap in the same directory
+            smtp_sasl_password_maps = "hash:/root/sasl_passwd";
+            smtp_sasl_auth_enable = true;
+            smtp_sasl_security_options = "";
+            smtp_use_tls = true;
+        };
+    };
+}

modules/nginx.nix

@@ -40,6 +40,8 @@
         ''
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
         '';
     }; in {
         enable = true;
@@ -53,6 +55,13 @@
             "seed.tty.garden" = vhostDefault // {
                 locations."/" = {
                     proxyPass = "http://127.0.0.1:3000";
+                    extraConfig =
+                    ''
+                    proxy_set_header Host $host;
+                    proxy_set_header X-Real-IP $remote_addr;
+                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                    proxy_set_header X-Forwarded-Proto $scheme;
+                    '';
                 };
             };
             "mirror.tty.garden" = vhostDefault // {

modules/restic.nix

@@ -10,6 +10,7 @@
             paths = [
                 "/var/www" # Webserver data
                 "/var/lib/pds" # ATProto PDS
+                "/var/vmail" # Email Mailbox
                 "/home" # User data
                 "${config.services.gitea.stateDir}/dump" # Gitea repository
             ];