From b4298d5f3e64a5d1f8d542edf9ece9a811539c3e Mon Sep 17 00:00:00 2001
From: Henri Dohmen <henridohmen@posteo.com>
Date: Thu, 29 Jan 2026 23:40:11 +0100
Subject: [PATCH] simple nixos mail server

---
 flake.lock               | 118 +++++++++++++++++++++++++++++++++++++++
 flake.nix                |   2 +
 host/roam/default.nix    |   1 +
 host/roam/mail.nix       |  18 ++++++
 host/roam/networking.nix |  11 ++++
 host/roam/services.nix   |  10 ----
 mod/desktop/accounts.nix |  19 +++++++
 7 files changed, 169 insertions(+), 10 deletions(-)
 create mode 100644 host/roam/mail.nix

diff --git a/flake.lock b/flake.lock
index 7543924..822021f 100644
--- a/flake.lock
+++ b/flake.lock
@@ -23,6 +23,22 @@
         "type": "github"
       }
     },
+    "blobs": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1604995301,
+        "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
+        "owner": "simple-nixos-mailserver",
+        "repo": "blobs",
+        "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
+        "type": "gitlab"
+      },
+      "original": {
+        "owner": "simple-nixos-mailserver",
+        "repo": "blobs",
+        "type": "gitlab"
+      }
+    },
     "colmena": {
       "inputs": {
         "flake-compat": "flake-compat",
@@ -117,6 +133,22 @@
         "type": "github"
       }
     },
+    "flake-compat_3": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1761588595,
+        "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
     "flake-parts": {
       "inputs": {
         "nixpkgs-lib": [
@@ -156,6 +188,32 @@
         "type": "github"
       }
     },
+    "git-hooks": {
+      "inputs": {
+        "flake-compat": [
+          "simple-nixos-mailserver",
+          "flake-compat"
+        ],
+        "gitignore": "gitignore_2",
+        "nixpkgs": [
+          "simple-nixos-mailserver",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1763988335,
+        "narHash": "sha256-QlcnByMc8KBjpU37rbq5iP7Cp97HvjRP0ucfdh+M4Qc=",
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
+        "rev": "50b9238891e388c9fdc6a5c49e49c42533a1b5ce",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
+        "type": "github"
+      }
+    },
     "gitignore": {
       "inputs": {
         "nixpkgs": [
@@ -178,6 +236,28 @@
         "type": "github"
       }
     },
+    "gitignore_2": {
+      "inputs": {
+        "nixpkgs": [
+          "simple-nixos-mailserver",
+          "git-hooks",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1709087332,
+        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "type": "github"
+      }
+    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -298,6 +378,22 @@
         "type": "github"
       }
     },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1764374374,
+        "narHash": "sha256-naS7hg/D1yLKSZoENx9gvsPLFiNEOTcqamJSu0OEvCA=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "6a49303095abc094ee77dc243a9e351b642e8e75",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable-small",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "nixpkgs_25-05": {
       "locked": {
         "lastModified": 1767313136,
@@ -351,6 +447,7 @@
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
         "nixpkgs_25-05": "nixpkgs_25-05",
+        "simple-nixos-mailserver": "simple-nixos-mailserver",
         "vscode-extensions": "vscode-extensions"
       }
     },
@@ -375,6 +472,27 @@
         "type": "github"
       }
     },
+    "simple-nixos-mailserver": {
+      "inputs": {
+        "blobs": "blobs",
+        "flake-compat": "flake-compat_3",
+        "git-hooks": "git-hooks",
+        "nixpkgs": "nixpkgs_2"
+      },
+      "locked": {
+        "lastModified": 1766321686,
+        "narHash": "sha256-icOWbnD977HXhveirqA10zoqvErczVs3NKx8Bj+ikHY=",
+        "owner": "simple-nixos-mailserver",
+        "repo": "nixos-mailserver",
+        "rev": "7d433bf89882f61621f95082e90a4ab91eb0bdd3",
+        "type": "gitlab"
+      },
+      "original": {
+        "owner": "simple-nixos-mailserver",
+        "repo": "nixos-mailserver",
+        "type": "gitlab"
+      }
+    },
     "stable": {
       "locked": {
         "lastModified": 1750133334,
diff --git a/flake.nix b/flake.nix
index a9a2e27..e2ab55a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -30,6 +30,7 @@
       url = "github:nix-community/lanzaboote/v0.4.3";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
   };
 
   outputs =
@@ -44,6 +45,7 @@
       nixos-hardware,
       nixpkgs_25-05,
       nixpkgs,
+      simple-nixos-mailserver,
       vscode-extensions,
     }@inputs:
     let
diff --git a/host/roam/default.nix b/host/roam/default.nix
index 4757e57..112f2f2 100644
--- a/host/roam/default.nix
+++ b/host/roam/default.nix
@@ -11,6 +11,7 @@
     ./firefox-sync.nix
     ./git.nix
     ./hardware-configuration.nix
+    ./mail.nix
     ./networking.nix
     ./nextcloud.nix
     ./services.nix
diff --git a/host/roam/mail.nix b/host/roam/mail.nix
new file mode 100644
index 0000000..29ce064
--- /dev/null
+++ b/host/roam/mail.nix
@@ -0,0 +1,18 @@
+{ inputs, config, ... }:
+{
+  imports = [ inputs.simple-nixos-mailserver.nixosModule ];
+
+  mailserver = {
+    enable = true;
+    stateVersion = 3;
+    fqdn = "roam.hdohmen.de";
+    x509.useACMEHost = config.mailserver.fqdn;
+    domains = [ "hdohmen.de" ];
+    loginAccounts = {
+      "hd@hdohmen.de" = {
+        hashedPassword = "$y$j9T$ThusPQJOPsUxfJrO6T6kN/$4hoobYwjhxSLo.f8uWg7DZu7gHtRlUt.nfiDC5xN2w2";
+        aliases = [ "hd@hdohmen.de" ];
+      };
+    };
+  };
+}
diff --git a/host/roam/networking.nix b/host/roam/networking.nix
index f437bf2..47a5999 100644
--- a/host/roam/networking.nix
+++ b/host/roam/networking.nix
@@ -21,6 +21,17 @@ in
       interface = "ens3";
     };
 
+    firewall = {
+      enable = true;
+      interfaces."wg0" = {
+        allowedTCPPorts = [ 25565 ];
+      };
+      allowedTCPPorts = [
+        80
+        443
+      ];
+    };
+
     nat = {
       enable = true;
       externalInterface = "ens3";
diff --git a/host/roam/services.nix b/host/roam/services.nix
index 2662f26..652a9bf 100644
--- a/host/roam/services.nix
+++ b/host/roam/services.nix
@@ -47,14 +47,4 @@
     };
   };
 
-  networking.firewall = {
-    enable = true;
-    interfaces."wg0" = {
-      allowedTCPPorts = [ 25565 ];
-    };
-    allowedTCPPorts = [
-      80
-      443
-    ];
-  };
 }
diff --git a/mod/desktop/accounts.nix b/mod/desktop/accounts.nix
index bcae68c..e09d129 100644
--- a/mod/desktop/accounts.nix
+++ b/mod/desktop/accounts.nix
@@ -63,6 +63,25 @@ in
           thunderbird.enable = true;
           gpg.key = "AB79213B044674AE";
         };
+
+        "SimpleMailserver" = rec {
+          address = "hd@hdohmen.de";
+          realName = "Henri Dohmen";
+          smtp = {
+            tls.enable = true;
+            host = "roam.hdohmen.de";
+            port = 465;
+          };
+          imap = {
+            tls.enable = true;
+            host = "roam.hdohmen.de";
+            port = 993;
+          };
+          userName = address;
+          thunderbird.enable = true;
+          gpg.key = "AB79213B044674AE";
+        };
+
       };
       accounts.calendar.accounts = {
         "Privat" = {