2 inputs.environment.url = "path:../environment";
3 inputs.secrets.url = "path:../../secrets";
5 outputs = { self, environment, secrets }: {
6 nixosModule = self.nixosModules.mail-relay;
7 nixosModules.mail-relay = { lib, pkgs, config, name, ... }:
10 environment.nixosModule
13 options.myServices.mailRelay.enable = lib.mkEnableOption "enable Mail relay services";
14 config = lib.mkIf config.myServices.mailRelay.enable {
15 secrets.keys."opensmtpd/creds" = {
20 eldiron ${name}:${config.hostEnv.ldap.password}
23 users.users.smtpd.extraGroups = [ "keys" ];
24 services.opensmtpd = {
26 serverConfiguration = let
27 filter-rewrite-from = pkgs.runCommand "filter-rewrite-from.py" {
28 buildInputs = [ pkgs.python38 ];
30 cp ${./filter-rewrite-from.py} $out
35 "${config.secrets.fullPaths."opensmtpd/creds"}"
36 # FIXME: filtering requires 6.6, uncomment following lines when
39 # proc-exec "${filter-rewrite-from} ${name}@immae.eu"
40 # listen on socket filter "fixfrom"
41 action "relay-rewrite-from" relay \
42 helo ${config.hostEnv.fqdn} \
43 host smtp+tls://eldiron@eldiron.immae.eu:587 \
45 mail-from ${name}@immae.eu
46 action "relay" relay \
47 helo ${config.hostEnv.fqdn} \
48 host smtp+tls://eldiron@eldiron.immae.eu:587 \
50 match for any !mail-from "@immae.eu" action "relay-rewrite-from"
51 match for any mail-from "@immae.eu" action "relay"
54 environment.systemPackages = [ config.services.opensmtpd.package ];