X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fmail%2Fopensmtpd.nix;fp=modules%2Fprivate%2Fmail%2Fopensmtpd.nix;h=7831ac0d587bcf352426d72962b2e33ce74c16c6;hb=deca5e9bf0cfd02c52c39e051753aeb9640a66f3;hp=0000000000000000000000000000000000000000;hpb=6e9f30f4c63fddc5ce886b26b7e4e9ca23a93111;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/mail/opensmtpd.nix b/modules/private/mail/opensmtpd.nix
new file mode 100644
index 0000000..7831ac0
--- /dev/null
+++ b/modules/private/mail/opensmtpd.nix
@@ -0,0 +1,51 @@
+{ lib, pkgs, config, name, ... }:
+{
+  config = lib.mkIf config.myServices.mailRelay.enable {
+    secrets.keys = [
+      {
+        dest = "opensmtpd/creds";
+        user = "smtpd";
+        group = "smtpd";
+        permissions = "0400";
+        text = ''
+          eldiron    ${name}:${config.myEnv.servers."${name}".ldap.password}
+          '';
+      }
+    ];
+    users.users.smtpd.extraGroups = [ "keys" ];
+    services.opensmtpd = {
+      enable = true;
+      serverConfiguration = ''
+        table creds \
+          "${config.secrets.fullPaths."opensmtpd/creds"}"
+        # FIXME: filtering requires 6.6
+        # filter "fixfrom" \
+        #   proc-exec "${pkgs.procmail}/bin/formail -i 'From: ${name}@immae.eu'"
+        action "relay-rewrite-from" relay \
+          helo ${config.hostEnv.FQDN} \
+          host smtp+tls://eldiron@eldiron.immae.eu:587 \
+          auth <creds> \
+          mail-from ${name}@immae.eu
+        action "relay" relay \
+          helo ${config.hostEnv.FQDN} \
+          host smtp+tls://eldiron@eldiron.immae.eu:587 \
+          auth <creds>
+        match for any !mail-from "@immae.eu" action "relay-rewrite-from"
+        match for any mail-from "@immae.eu" action "relay"
+        '';
+    };
+    environment.systemPackages = [ config.services.opensmtpd.package ];
+    services.mail.sendmailSetuidWrapper = {
+      program = "sendmail";
+      source = "${config.services.opensmtpd.package}/bin/smtpctl";
+      setuid = false;
+      setgid = false;
+    };
+    security.wrappers.mailq = {
+      program = "mailq";
+      source = "${config.services.opensmtpd.package}/bin/smtpctl";
+      setuid = false;
+      setgid = false;
+    };
+  };
+}