X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fmail%2Fpostfix.nix;h=9c4b87c521641b77cd8fdfc1e944e4cc6cd47b6e;hb=5b53d86f38bd8e42695a62be9a833beb66bbbba3;hp=a679027b59a04cf67b76e31ea33186105616e852;hpb=2a61e9daed5d5a378cee46a60597692804e4b70c;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/modules/private/mail/postfix.nix b/modules/private/mail/postfix.nix index a679027..9c4b87c 100644 --- a/modules/private/mail/postfix.nix +++ b/modules/private/mail/postfix.nix @@ -1,4 +1,4 @@ -{ lib, pkgs, config, myconfig, ... }: +{ lib, pkgs, config, ... }: { config = lib.mkIf config.myServices.mail.enable { services.duplyBackup.profiles.mail.excludeFile = '' @@ -13,10 +13,10 @@ text = '' # We need to specify that option to trigger ssl connection tls_ciphers = TLSv1.2 - user = ${myconfig.env.mail.postfix.mysql.user} - password = ${myconfig.env.mail.postfix.mysql.password} - hosts = unix:${myconfig.env.mail.postfix.mysql.socket} - dbname = ${myconfig.env.mail.postfix.mysql.database} + user = ${config.myEnv.mail.postfix.mysql.user} + password = ${config.myEnv.mail.postfix.mysql.password} + hosts = unix:${config.myEnv.mail.postfix.mysql.socket} + dbname = ${config.myEnv.mail.postfix.mysql.database} query = SELECT DISTINCT destination FROM forwardings_merge WHERE @@ -41,10 +41,10 @@ text = '' # We need to specify that option to trigger ssl connection tls_ciphers = TLSv1.2 - user = ${myconfig.env.mail.postfix.mysql.user} - password = ${myconfig.env.mail.postfix.mysql.password} - hosts = unix:${myconfig.env.mail.postfix.mysql.socket} - dbname = ${myconfig.env.mail.postfix.mysql.database} + user = ${config.myEnv.mail.postfix.mysql.user} + password = ${config.myEnv.mail.postfix.mysql.password} + hosts = unix:${config.myEnv.mail.postfix.mysql.socket} + dbname = ${config.myEnv.mail.postfix.mysql.database} result_format = /%d/%u query = SELECT DISTINCT '%s' FROM mailboxes @@ -68,10 +68,10 @@ text = '' # We need to specify that option to trigger ssl connection tls_ciphers = TLSv1.2 - user = ${myconfig.env.mail.postfix.mysql.user} - password = ${myconfig.env.mail.postfix.mysql.password} - hosts = unix:${myconfig.env.mail.postfix.mysql.socket} - dbname = ${myconfig.env.mail.postfix.mysql.database} + user = ${config.myEnv.mail.postfix.mysql.user} + password = ${config.myEnv.mail.postfix.mysql.password} + hosts = unix:${config.myEnv.mail.postfix.mysql.socket} + dbname = ${config.myEnv.mail.postfix.mysql.database} query = SELECT DISTINCT destination FROM forwardings_merge WHERE @@ -80,6 +80,23 @@ UNION SELECT '%s' AS destination ''; } + { + dest = "postfix/ldap_ejabberd_users_immae_fr"; + user = config.services.postfix.user; + group = config.services.postfix.group; + permissions = "0440"; + text = '' + server_host = ldaps://${config.myEnv.jabber.ldap.host}:636 + search_base = ${config.myEnv.jabber.ldap.base} + query_filter = ${config.myEnv.jabber.postfix_user_filter} + domain = immae.fr + bind_dn = ${config.myEnv.jabber.ldap.dn} + bind_pw = ${config.myEnv.jabber.ldap.password} + result_attribute = immaeXmppUid + result_format = ejabberd@localhost + version = 3 + ''; + } ]; networking.firewall.allowedTCPPorts = [ 25 465 587 ]; @@ -94,6 +111,7 @@ config.secrets.fullPaths."postfix/mysql_alias_maps" config.secrets.fullPaths."postfix/mysql_mailbox_maps" config.secrets.fullPaths."postfix/mysql_sender_login_maps" + config.secrets.fullPaths."postfix/ldap_ejabberd_users_immae_fr" ]; }; services.postfix = { @@ -132,7 +150,7 @@ ''; scripts = lib.attrsets.mapAttrs (n: v: toScript n (pkgs.callPackage (builtins.fetchGit { url = v.src.url; ref = "master"; rev = v.src.rev; }) { scriptEnv = v.env; }) - ) myconfig.env.mail.scripts; + ) config.myEnv.mail.scripts; in builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (n: v: ''${n}: "|${v}"'') scripts); mapFiles = let recipient_maps = let @@ -145,7 +163,7 @@ pairs = n: v: lib.imap1 (i: m: pair n i m) v.recipient_maps; in lib.attrsets.filterAttrs (k: v: v != null) ( lib.attrsets.listToAttrs (lib.flatten ( - lib.attrsets.mapAttrsToList pairs myconfig.env.mail.postfix.backup_domains + lib.attrsets.mapAttrsToList pairs config.myEnv.mail.postfix.backup_domains )) ); relay_restrictions = lib.attrsets.filterAttrs (k: v: v != null) ( @@ -155,16 +173,16 @@ then pkgs.writeText "recipient_access_${n}" v.relay_restrictions else null ) - ) myconfig.env.mail.postfix.backup_domains + ) config.myEnv.mail.postfix.backup_domains ); virtual_map = { virtual = pkgs.writeText "postfix-virtual" ( builtins.concatStringsSep "\n" ( lib.attrsets.mapAttrsToList ( - n: v: '' + n: v: lib.optionalString v.external '' script_${n}@mail.immae.eu ${n}@localhost, scripts@mail.immae.eu '' - ) myconfig.env.mail.scripts + ) config.myEnv.mail.scripts ) ); }; @@ -182,8 +200,8 @@ alias_database = "\$alias_maps"; ### Virtual mailboxes config - virtual_alias_maps = "hash:/etc/postfix/virtual mysql:${config.secrets.fullPaths."postfix/mysql_alias_maps"}"; - virtual_mailbox_domains = myconfig.env.mail.postfix.additional_mailbox_domains + virtual_alias_maps = "hash:/etc/postfix/virtual mysql:${config.secrets.fullPaths."postfix/mysql_alias_maps"} ldap:${config.secrets.fullPaths."postfix/ldap_ejabberd_users_immae_fr"}"; + virtual_mailbox_domains = config.myEnv.mail.postfix.additional_mailbox_domains ++ lib.remove "localhost.immae.eu" (lib.remove null (lib.flatten (map (zone: map (e: if e.receive @@ -192,17 +210,17 @@ ) (zone.withEmail or []) ) - myconfig.env.dns.masterZones + config.myEnv.dns.masterZones ))); virtual_mailbox_maps = "mysql:${config.secrets.fullPaths."postfix/mysql_mailbox_maps"}"; dovecot_destination_recipient_limit = "1"; virtual_transport = "dovecot"; ### Relay domains - relay_domains = lib.flatten (lib.attrsets.mapAttrsToList (n: v: v.domains or []) myconfig.env.mail.postfix.backup_domains); + relay_domains = lib.flatten (lib.attrsets.mapAttrsToList (n: v: v.domains or []) config.myEnv.mail.postfix.backup_domains); relay_recipient_maps = lib.flatten (lib.attrsets.mapAttrsToList (n: v: lib.imap1 (i: m: "${m.type}:/etc/postfix/relay_${n}_${toString i}") v.recipient_maps - ) myconfig.env.mail.postfix.backup_domains); + ) config.myEnv.mail.postfix.backup_domains); smtpd_relay_restrictions = [ "permit_mynetworks" "permit_sasl_authenticated" @@ -211,7 +229,7 @@ if lib.attrsets.hasAttr "relay_restrictions" v then [ "check_recipient_access hash:/etc/postfix/recipient_access_${n}" ] else [] - ) myconfig.env.mail.postfix.backup_domains); + ) config.myEnv.mail.postfix.backup_domains); ### Additional smtpd configuration smtpd_tls_received_header = "yes"; @@ -222,8 +240,8 @@ smtp_tls_loglevel = "1"; ### Force ip bind for smtp - smtp_bind_address = myconfig.env.servers.eldiron.ips.main.ip4; - smtp_bind_address6 = builtins.head myconfig.env.servers.eldiron.ips.main.ip6; + smtp_bind_address = config.myEnv.servers.eldiron.ips.main.ip4; + smtp_bind_address6 = builtins.head config.myEnv.servers.eldiron.ips.main.ip6; # #Unneeded if postfix can only send e-mail from "self" domains # #smtp_sasl_auth_enable = "yes";