X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fmail%2Fpostfix.nix;h=ae98a8a8c82e0d5d0ba2f20b4eae4cc442a0ee93;hb=5315b439af1f72c3282549508ae58d86d66e38ec;hp=70c3f466f7376b204e62f32319bd008c3d4a255c;hpb=31d99b750fca57c660f98e23e12053eaf42d4929;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/modules/private/mail/postfix.nix b/modules/private/mail/postfix.nix index 70c3f46..ae98a8a 100644 --- a/modules/private/mail/postfix.nix +++ b/modules/private/mail/postfix.nix @@ -1,12 +1,8 @@ { lib, pkgs, config, nodes, ... }: { config = lib.mkIf config.myServices.mail.enable { - services.duplyBackup.profiles.mail.excludeFile = '' - + /var/lib/postfix - ''; - secrets.keys = [ - { - dest = "postfix/mysql_alias_maps"; + secrets.keys = { + "postfix/mysql_alias_maps" = { user = config.services.postfix.user; group = config.services.postfix.group; permissions = "0440"; @@ -32,9 +28,8 @@ FROM forwardings_blacklisted WHERE source = '%s' ''; - } - { - dest = "postfix/ldap_mailboxes"; + }; + "postfix/ldap_mailboxes" = { user = config.services.postfix.user; group = config.services.postfix.group; permissions = "0440"; @@ -48,9 +43,8 @@ result_format = dummy version = 3 ''; - } - { - dest = "postfix/mysql_sender_login_maps"; + }; + "postfix/mysql_sender_login_maps" = { user = config.services.postfix.user; group = config.services.postfix.group; permissions = "0440"; @@ -72,9 +66,8 @@ AND active = 1 UNION SELECT CONCAT(SUBSTRING_INDEX('%u', '+', 1), '@%d') AS destination ''; - } - { - dest = "postfix/mysql_sender_relays_maps"; + }; + "postfix/mysql_sender_relays_maps" = { user = config.services.postfix.user; group = config.services.postfix.group; permissions = "0440"; @@ -102,9 +95,8 @@ ((regex = 1 AND '%s' REGEXP CONCAT('^',`from`,'$') ) OR (regex = 0 AND `from` = '%s')) AND active = 1 ''; - } - { - dest = "postfix/mysql_sender_relays_hosts"; + }; + "postfix/mysql_sender_relays_hosts" = { user = config.services.postfix.user; group = config.services.postfix.group; permissions = "0440"; @@ -122,9 +114,8 @@ ((regex = 1 AND '%s' REGEXP CONCAT('^',`from`,'$') ) OR (regex = 0 AND `from` = '%s')) AND active = 1 ''; - } - { - dest = "postfix/mysql_sender_relays_creds"; + }; + "postfix/mysql_sender_relays_creds" = { user = config.services.postfix.user; group = config.services.postfix.group; permissions = "0440"; @@ -142,9 +133,8 @@ ((regex = 1 AND '%s' REGEXP CONCAT('^',`from`,'$') ) OR (regex = 0 AND `from` = '%s')) AND active = 1 ''; - } - { - dest = "postfix/ldap_ejabberd_users_immae_fr"; + }; + "postfix/ldap_ejabberd_users_immae_fr" = { user = config.services.postfix.user; group = config.services.postfix.group; permissions = "0440"; @@ -159,14 +149,13 @@ result_format = ejabberd@localhost version = 3 ''; - } - ] ++ (lib.mapAttrsToList (name: v: { - dest = "postfix/scripts/${name}-env"; + }; + } // lib.mapAttrs' (name: v: lib.nameValuePair "postfix/scripts/${name}-env" { user = "postfixscripts"; group = "root"; permissions = "0400"; text = builtins.toJSON v.env; - }) config.myEnv.mail.scripts); + }) config.myEnv.mail.scripts; networking.firewall.allowedTCPPorts = [ 25 465 587 ]; @@ -220,7 +209,7 @@ fi ''; scripts = lib.attrsets.mapAttrs (n: v: - toScript n (pkgs.callPackage (builtins.fetchGit { url = v.src.url; ref = "master"; rev = v.src.rev; }) { scriptEnv = "/var/secrets/postfix/scripts/${n}-env"; }) + toScript n (pkgs.callPackage (builtins.fetchGit { url = v.src.url; ref = "master"; rev = v.src.rev; }) { scriptEnv = config.secrets.fullPaths."postfix/scripts/${n}-env"; }) ) config.myEnv.mail.scripts // { testmail = pkgs.writeScript "testmail" '' #! ${pkgs.stdenv.shell}