mailserver fixes

hosts/falkenstein-1/default.nix

@@ -5,6 +5,7 @@
     [
       # Include the results of the hardware scan.
       ./hardware-configuration.nix
+      ./modules/mail
       ./modules/networks
       ./modules/nginx
       ./modules/purge
@@ -38,10 +39,6 @@
     htop-vim
     helix
   ];
-  users.users.rouven = {
-    isNormalUser = true;
-    extraGroups = [ "wheel" ];
-  };
   programs.git = {
     enable = true;
     config = {
@@ -52,7 +49,10 @@
   services.qemuGuest.enable = true;
 
   # Enable the OpenSSH daemon.
-  services.openssh.enable = true;
+  services.openssh = {
+    enable = true;
+    passwordAuthentication = false;
+  };
   users.users.root.openssh.authorizedKeys.keyFiles = [
     #../../keys/ssh/rouven-thinkpad
     ../../keys/ssh/rouven-pixel

hosts/falkenstein-1/modules/mail/default.nix

@@ -1,8 +1,17 @@
 { ... }:
 {
-  mailserver = {
+  sops.secrets."mail/rouven".owner = config.users.users.postfix.name;
+  mailserver = rec {
     enable = true;
     fqdn = "mail.rfive.de";
     domains = [ "rfive.de" ];
+    loginAccounts = {
+      "rouven@rfive.de" = {
+        name = "Rouven Seifert";
+        hashedPasswordFile = config.sops.secrets."mail/rouven".path;
+
+      };
+    };
+    certificateScheme = 3;
   };
 }

hosts/falkenstein-1/modules/nginx/default.nix

@@ -7,6 +7,11 @@
     recommendedProxySettings = true;
     recommendedGzipSettings = true;
     recommendedOptimisation = true;
+    
+    virtualHosts."rfive.de" = {
+      enableACME = true;
+      forceSSL = true;
+    };
   };
   security.acme = {
     acceptTerms = true;