1 { lib, pkgs, config, ... }:
3 domain = "lists.immae.eu";
4 sympaConfig = config.myEnv.mail.sympa;
7 config = lib.mkIf config.myServices.mail.enable {
8 myServices.chatonsProperties.services.sympa = {
9 file.datetime = "2022-08-22T00:50:00";
12 description = "Mailing lists service";
13 website = "https://mail.immae.eu/sympa";
14 logo = "https://mail.immae.eu/static-sympa/icons/favicon_sympa.png";
16 status.description = "OK";
17 registration."" = ["MEMBER" "CLIENT"];
18 registration.load = "OPEN";
19 install.type = "PACKAGE";
23 website = "https://www.sympa.org/";
24 license.url = "https://github.com/sympa-community/sympa/blob/sympa-6.2/COPYING";
25 license.name = "GNU General Public License v2.0";
26 version = pkgs.sympa.version;
27 source.url = "https://github.com/sympa-community/sympa/";
30 myServices.databases.postgresql.authorizedHosts = {
35 ip4 = config.myEnv.servers.backup-2.ips.main.ip4;
36 ip6 = map (v: "${v}/128") config.myEnv.servers.backup-2.ips.main.ip6;
40 services.websites.env.tools.vhostConfs.mail = {
41 extraConfig = lib.mkAfter [
43 Alias /static-sympa/ /var/lib/sympa/static_content/
44 <Directory /var/lib/sympa/static_content/>
49 SetHandler "proxy:unix:/run/sympa/wwsympa.socket|fcgi://"
57 "sympa/db_password" = {
61 text = sympaConfig.postgresql.password;
64 // lib.mapAttrs' (n: v: lib.nameValuePair "sympa/data_sources/${n}.incl" {
65 permissions = "0400"; group = "sympa"; user = "sympa"; text = v;
66 }) sympaConfig.data_sources
67 // lib.mapAttrs' (n: v: lib.nameValuePair "sympa/scenari/${n}" {
68 permissions = "0400"; group = "sympa"; user = "sympa"; text = v;
69 }) sympaConfig.scenari;
70 users.users.sympa.extraGroups = [ "keys" ];
71 systemd.slices.mail-sympa = {
72 description = "Sympa slice";
75 systemd.services.sympa.serviceConfig.SupplementaryGroups = [ "keys" ];
76 systemd.services.sympa-archive.serviceConfig.SupplementaryGroups = [ "keys" ];
77 systemd.services.sympa-bounce.serviceConfig.SupplementaryGroups = [ "keys" ];
78 systemd.services.sympa-bulk.serviceConfig.SupplementaryGroups = [ "keys" ];
79 systemd.services.sympa-task.serviceConfig.SupplementaryGroups = [ "keys" ];
81 systemd.services.sympa.serviceConfig.Slice = "mail-sympa.slice";
82 systemd.services.sympa-archive.serviceConfig.Slice = "mail-sympa.slice";
83 systemd.services.sympa-bounce.serviceConfig.Slice = "mail-sympa.slice";
84 systemd.services.sympa-bulk.serviceConfig.Slice = "mail-sympa.slice";
85 systemd.services.sympa-task.serviceConfig.Slice = "mail-sympa.slice";
87 # https://github.com/NixOS/nixpkgs/pull/84202
88 systemd.services.sympa.serviceConfig.ProtectKernelModules = lib.mkForce false;
89 systemd.services.sympa-archive.serviceConfig.ProtectKernelModules = lib.mkForce false;
90 systemd.services.sympa-bounce.serviceConfig.ProtectKernelModules = lib.mkForce false;
91 systemd.services.sympa-bulk.serviceConfig.ProtectKernelModules = lib.mkForce false;
92 systemd.services.sympa-task.serviceConfig.ProtectKernelModules = lib.mkForce false;
93 systemd.services.sympa.serviceConfig.ProtectKernelTunables = lib.mkForce false;
94 systemd.services.sympa-archive.serviceConfig.ProtectKernelTunables = lib.mkForce false;
95 systemd.services.sympa-bounce.serviceConfig.ProtectKernelTunables = lib.mkForce false;
96 systemd.services.sympa-bulk.serviceConfig.ProtectKernelTunables = lib.mkForce false;
97 systemd.services.sympa-task.serviceConfig.ProtectKernelTunables = lib.mkForce false;
99 systemd.services.wwsympa = {
100 wantedBy = [ "multi-user.target" ];
101 after = [ "sympa.service" ];
103 Slice = "mail-sympa.slice";
105 PIDFile = "/run/sympa/wwsympa.pid";
107 ExecStart = ''${pkgs.spawn_fcgi}/bin/spawn-fcgi \
113 -P /run/sympa/wwsympa.pid \
114 -s /run/sympa/wwsympa.socket \
115 -- ${pkgs.sympa}/lib/sympa/cgi/wwsympa.fcgi
117 StateDirectory = "sympa";
119 ProtectSystem = "full";
120 ProtectControlGroups = true;
126 # Update relay list when changing one of those
127 sympa_virtual = pkgs.writeText "virtual.sympa" ''
128 sympa-request@${domain} postmaster@immae.eu
129 sympa-owner@${domain} postmaster@immae.eu
131 sympa-request@cip-ca.fr postmaster@immae.eu
132 sympa-owner@cip-ca.fr postmaster@immae.eu
134 sympa_transport = pkgs.writeText "transport.sympa" ''
135 ${domain} error:User unknown in recipient table
136 sympa@${domain} sympa:sympa@${domain}
137 listmaster@${domain} sympa:listmaster@${domain}
138 bounce@${domain} sympabounce:sympa@${domain}
139 abuse-feedback-report@${domain} sympabounce:sympa@${domain}
141 sympa@cip-ca.fr sympa:sympa@cip-ca.fr
142 listmaster@cip-ca.fr sympa:listmaster@cip-ca.fr
143 bounce@cip-ca.fr sympabounce:sympa@cip-ca.fr
144 abuse-feedback-report@cip-ca.fr sympabounce:sympa@cip-ca.fr
148 transport_maps = lib.mkAfter [
149 "hash:/etc/postfix/sympa_transport"
150 "hash:/var/lib/sympa/sympa_transport"
152 virtual_alias_maps = lib.mkAfter [
153 "hash:/etc/postfix/sympa_virtual"
155 virtual_mailbox_maps = lib.mkAfter [
156 "hash:/etc/postfix/sympa_transport"
157 "hash:/var/lib/sympa/sympa_transport"
158 "hash:/etc/postfix/sympa_virtual"
170 "argv=${pkgs.sympa}/libexec/queue"
182 "argv=${pkgs.sympa}/libexec/bouncequeue"
190 listMasters = sympaConfig.listmasters;
194 webHost = "mail.immae.eu";
195 webLocation = "/sympa";
198 webHost = "mail.cip-ca.fr";
199 webLocation = "/sympa";
205 user = sympaConfig.postgresql.user;
206 host = sympaConfig.postgresql.socket;
207 name = sympaConfig.postgresql.database;
208 passwordFile = config.secrets.fullPaths."sympa/db_password";
209 createLocally = false;
212 sendmail = "/run/wrappers/bin/sendmail";
214 sendmail_aliases = "/var/lib/sympa/sympa_transport";
215 aliases_program = "${pkgs.postfix}/bin/postmap";
216 create_list = "listmaster";
219 "virtual.sympa".enable = false;
220 "transport.sympa".enable = false;
221 } // lib.mapAttrs' (n: v: lib.nameValuePair
222 "etc/${domain}/data_sources/${n}.incl"
223 { source = config.secrets.fullPaths."sympa/data_sources/${n}.incl"; }) sympaConfig.data_sources
224 // lib.mapAttrs' (n: v: lib.nameValuePair
225 "etc/${domain}/scenari/${n}"
226 { source = config.secrets.fullPaths."sympa/scenari/${n}"; }) sympaConfig.scenari;