]>
Commit | Line | Data |
---|---|---|
1a64deeb IB |
1 | { |
2 | inputs.environment.url = "path:../environment"; | |
3 | inputs.secrets.url = "path:../../secrets"; | |
4 | ||
5 | outputs = { self, environment, secrets }: { | |
6 | nixosModule = self.nixosModules.mail-relay; | |
7 | nixosModules.mail-relay = { lib, pkgs, config, name, ... }: | |
8 | { | |
9 | imports = [ | |
10 | environment.nixosModule | |
11 | secrets.nixosModule | |
12 | ]; | |
13 | options.myServices.mailRelay.enable = lib.mkEnableOption "enable Mail relay services"; | |
14 | config = lib.mkIf config.myServices.mailRelay.enable { | |
15 | secrets.keys."opensmtpd/creds" = { | |
16 | user = "smtpd"; | |
17 | group = "smtpd"; | |
18 | permissions = "0400"; | |
19 | text = '' | |
20 | eldiron ${name}:${config.hostEnv.ldap.password} | |
21 | ''; | |
22 | }; | |
23 | users.users.smtpd.extraGroups = [ "keys" ]; | |
24 | services.opensmtpd = { | |
25 | enable = true; | |
26 | serverConfiguration = let | |
27 | filter-rewrite-from = pkgs.runCommand "filter-rewrite-from.py" { | |
28 | buildInputs = [ pkgs.python38 ]; | |
29 | } '' | |
30 | cp ${./filter-rewrite-from.py} $out | |
31 | patchShebangs $out | |
32 | ''; | |
33 | in '' | |
34 | table creds \ | |
35 | "${config.secrets.fullPaths."opensmtpd/creds"}" | |
36 | # FIXME: filtering requires 6.6, uncomment following lines when | |
37 | # upgrading | |
38 | # filter "fixfrom" \ | |
39 | # proc-exec "${filter-rewrite-from} ${name}@immae.eu" | |
40 | # listen on socket filter "fixfrom" | |
41 | action "relay-rewrite-from" relay \ | |
42 | helo ${config.hostEnv.fqdn} \ | |
43 | host smtp+tls://eldiron@eldiron.immae.eu:587 \ | |
44 | auth <creds> \ | |
45 | mail-from ${name}@immae.eu | |
46 | action "relay" relay \ | |
47 | helo ${config.hostEnv.fqdn} \ | |
48 | host smtp+tls://eldiron@eldiron.immae.eu:587 \ | |
49 | auth <creds> | |
50 | match for any !mail-from "@immae.eu" action "relay-rewrite-from" | |
51 | match for any mail-from "@immae.eu" action "relay" | |
52 | ''; | |
53 | }; | |
54 | environment.systemPackages = [ config.services.opensmtpd.package ]; | |
55 | }; | |
56 | }; | |
57 | }; | |
58 | } |