{ config, lib, ... }: let floatingIPv4 = "78.47.245.200"; in { systemd.network.networks."30-wan".addresses = [ { Address = "${floatingIPv4}/32"; } { Address = "2a01:4f8:c012:976d::/64"; } ]; mailserver = { enable = true; fqdn = "mail.escapeangle.com"; domains = [ "escapeangle.com" "kinkystar.com" ]; loginAccounts = { "lander@escapeangle.com" = { hashedPasswordFile = config.sops.secrets.mail-password-lander.path; aliases = [ "postmaster@escapeangle.com" ]; catchAll = [ "escapeangle.com" ]; }; "authelia@escapeangle.com" = { hashedPasswordFile = config.sops.secrets.mail-password-authelia.path; }; "forgejo@escapeangle.com" = { hashedPasswordFile = config.sops.secrets.mail-password-forgejo.path; }; "bitwarden@kinkystar.com" = { hashedPasswordFile = config.sops.secrets.mail-password-kinkystar-bitwarden.path; sendOnly = true; }; }; extraVirtualAliases = { "abuse@escapeangle.com" = "lander@escapeangle.com"; }; certificateScheme = "acme-nginx"; enableImap = true; enableImapSsl = true; enableManageSieve = true; virusScanning = true; }; services.postfix = { config = { smtp_bind_address = floatingIPv4; mydestination = lib.mkForce [ "localhost" "escapeangle.com" ]; virtual_mailbox_domains = lib.mkForce (builtins.toFile "vhosts" "escapeangle.com"); }; localRecipients = [ "@escapeangle.com" ]; }; sops = { defaultSopsFile = ./mail-01.yaml; validateSopsFiles = false; secrets = { mail-password-lander = { owner = "root"; group = "root"; }; mail-password-authelia = { owner = "root"; group = "root"; }; mail-password-forgejo = { owner = "root"; group = "root"; }; mail-password-kinkystar-bitwarden = { owner = "root"; group = "root"; }; }; }; system.stateVersion = "24.11"; }