From 230af2eca4954d884edc01b2387dcab2d866d68c Mon Sep 17 00:00:00 2001
From: Emile Clark-Boman <eclarkboman@gmail.com>
Date: Tue, 29 Jul 2025 14:12:26 +1000
Subject: [PATCH] add template simple-nixos-mailserver config

---
 hosts/hyrule/mailserver.nix | 39 +++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 hosts/hyrule/mailserver.nix

diff --git a/hosts/hyrule/mailserver.nix b/hosts/hyrule/mailserver.nix
new file mode 100644
index 0000000..c5556f2
--- /dev/null
+++ b/hosts/hyrule/mailserver.nix
@@ -0,0 +1,39 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  imports = [
+    (builtins.fetchTarball {
+      url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-25.05/nixos-mailserver-nixos-25.05.tar.gz";
+      # release="nixos-25.05"; nix-prefetch-url "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${release}/nixos-mailserver-${release}.tar.gz" --unpack
+      sha256 = "0000000000000000000000000000000000000000000000000000";
+    })
+  ];
+
+  # simple-nixos-mailserver
+  # DOCS: https://nixos-mailserver.readthedocs.io/en/latest
+  mailserver = {
+    enable = true;
+    stateVersion = 3;
+    # Manually open the firewall instead
+    openFirewall = false;
+    virusScanning = false; # expensive memory usage
+
+    fqdn = "mail.imbored.dev";
+    domains = ["imbored.dev"];
+
+    # A list of all login accounts. To create the password hashes, use
+    # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
+    loginAccounts = {
+      "me@imbored.dev" = {
+        hashedPasswordFile = "/a/file/containing/a/hashed/password";
+        aliases = ["emile@imbored.dev"];
+      };
+    };
+
+    # Use Let's Encrypt certificates. Note that this needs to set up a stripped
+    # down nginx and opens port 80.
+    certificateScheme = "acme-nginx";
+  };
+}