X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=flakes%2Fprivate%2Fmail-relay%2Fflake.nix;fp=flakes%2Fprivate%2Fmail-relay%2Fflake.nix;h=639bd06b4650d43571e43e2a65224b1dee96939a;hb=1a64deeb894dc95e2645a75771732c6cc53a79ad;hp=0000000000000000000000000000000000000000;hpb=fa25ffd4583cc362075cd5e1b4130f33306103f0;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/flakes/private/mail-relay/flake.nix b/flakes/private/mail-relay/flake.nix
new file mode 100644
index 0000000..639bd06
--- /dev/null
+++ b/flakes/private/mail-relay/flake.nix
@@ -0,0 +1,58 @@
+{
+  inputs.environment.url = "path:../environment";
+  inputs.secrets.url = "path:../../secrets";
+
+  outputs = { self, environment, secrets }: {
+    nixosModule = self.nixosModules.mail-relay;
+    nixosModules.mail-relay = { lib, pkgs, config, name, ... }:
+      {
+        imports = [
+          environment.nixosModule
+          secrets.nixosModule
+        ];
+        options.myServices.mailRelay.enable = lib.mkEnableOption "enable Mail relay services";
+        config = lib.mkIf config.myServices.mailRelay.enable {
+          secrets.keys."opensmtpd/creds" = {
+            user = "smtpd";
+            group = "smtpd";
+            permissions = "0400";
+            text = ''
+              eldiron    ${name}:${config.hostEnv.ldap.password}
+              '';
+          };
+          users.users.smtpd.extraGroups = [ "keys" ];
+          services.opensmtpd = {
+            enable = true;
+            serverConfiguration = let
+              filter-rewrite-from = pkgs.runCommand "filter-rewrite-from.py" {
+                buildInputs = [ pkgs.python38 ];
+              } ''
+                cp ${./filter-rewrite-from.py} $out
+                patchShebangs $out
+              '';
+            in ''
+              table creds \
+                "${config.secrets.fullPaths."opensmtpd/creds"}"
+              # FIXME: filtering requires 6.6, uncomment following lines when
+              # upgrading
+              # filter "fixfrom" \
+              #   proc-exec "${filter-rewrite-from} ${name}@immae.eu"
+              # listen on socket filter "fixfrom"
+              action "relay-rewrite-from" relay \
+                helo ${config.hostEnv.fqdn} \
+                host smtp+tls://eldiron@eldiron.immae.eu:587 \
+                auth <creds> \
+                mail-from ${name}@immae.eu
+              action "relay" relay \
+                helo ${config.hostEnv.fqdn} \
+                host smtp+tls://eldiron@eldiron.immae.eu:587 \
+                auth <creds>
+              match for any !mail-from "@immae.eu" action "relay-rewrite-from"
+              match for any mail-from "@immae.eu" action "relay"
+              '';
+          };
+          environment.systemPackages = [ config.services.opensmtpd.package ];
+        };
+      };
+  };
+}