X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=systems%2Fbackup-2%2Fmail%2Frelay.nix;fp=modules%2Fprivate%2Fmail%2Frelay.nix;h=1b7e25e8a5d855c032f685bc07c63ad20b2d8db4;hb=1a64deeb894dc95e2645a75771732c6cc53a79ad;hp=668d3659a919db2edd6da4e44da8642e42707154;hpb=fa25ffd4583cc362075cd5e1b4130f33306103f0;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/modules/private/mail/relay.nix b/systems/backup-2/mail/relay.nix similarity index 68% rename from modules/private/mail/relay.nix rename to systems/backup-2/mail/relay.nix index 668d365..1b7e25e 100644 --- a/modules/private/mail/relay.nix +++ b/systems/backup-2/mail/relay.nix @@ -1,17 +1,22 @@ -{ lib, pkgs, config, nodes, name, ... }: +{ lib, pkgs, config, name, nodes, ... }: +let + getDomains = p: lib.mapAttrsToList (n: v: v.fqdn) (lib.filterAttrs (n: v: v.receive) p.emailPolicies); + bydomain = builtins.mapAttrs (n: getDomains) nodes.eldiron.config.myServices.dns.zones; + receiving_domains = lib.flatten (builtins.attrValues bydomain); +in { + options.myServices.mailBackup.enable = lib.mkEnableOption "enable MX backup services"; config = lib.mkIf config.myServices.mailBackup.enable { - security.acme.certs."mail" = config.myServices.certificates.certConfig // { + myServices.mail.milters.enable = true; + security.acme.certs."mail" = { postRun = '' systemctl restart postfix.service ''; domain = config.hostEnv.fqdn; - extraDomains = let - zonesWithMx = builtins.filter (zone: - lib.attrsets.hasAttr "withEmail" zone && lib.lists.length zone.withEmail > 0 - ) config.myEnv.dns.masterZones; - mxs = map (zone: "${config.myEnv.servers."${name}".mx.subdomain}.${zone.name}") zonesWithMx; - in builtins.listToAttrs (map (mx: lib.attrsets.nameValuePair mx null) mxs); + extraDomainNames = let + zonesWithMx = builtins.attrNames (lib.filterAttrs (n: v: v.hasEmail) nodes.eldiron.config.myServices.dns.zones); + mxs = map (n: "${config.myEnv.servers."${name}".mx.subdomain}.${n}") zonesWithMx; + in mxs; }; secrets.keys = { "postfix/mysql_alias_maps" = { @@ -112,45 +117,22 @@ }; services.postfix = { mapFiles = let - recipient_maps = let - name = n: i: "relay_${n}_${toString i}"; - pair = n: i: m: lib.attrsets.nameValuePair (name n i) ( - if m.type == "hash" - then pkgs.writeText (name n i) m.content - else null - ); - pairs = n: v: lib.imap1 (i: m: pair n i m) v.recipient_maps; - in lib.attrsets.filterAttrs (k: v: v != null) ( - lib.attrsets.listToAttrs (lib.flatten ( - lib.attrsets.mapAttrsToList pairs config.myEnv.mail.postfix.backup_domains - )) - ); - relay_restrictions = lib.attrsets.filterAttrs (k: v: v != null) ( - lib.attrsets.mapAttrs' (n: v: - lib.attrsets.nameValuePair "recipient_access_${n}" ( - if lib.attrsets.hasAttr "relay_restrictions" v - then pkgs.writeText "recipient_access_${n}" v.relay_restrictions - else null - ) - ) config.myEnv.mail.postfix.backup_domains - ); virtual_map = { virtual = let cfg = config.myEnv.monitoring.email_check.eldiron; address = "${cfg.mail_address}@${cfg.mail_domain}"; + aliases = config.myEnv.mail.postfix.common_aliases; in pkgs.writeText "postfix-virtual" ( builtins.concatStringsSep "\n" ( - ["${address} 1"] ++ - lib.attrsets.mapAttrsToList ( - n: v: lib.optionalString v.external '' - script_${n}@mail.immae.eu 1 - '' - ) config.myEnv.mail.scripts + [ "${address} 1" + ] ++ + map (a: "${a} 1") config.myEnv.mail.postfix.other_aliases ++ + lib.lists.flatten (map (domain: map (alias: "${alias}@${domain} 1") aliases) receiving_domains) ) ); }; in - recipient_maps // relay_restrictions // virtual_map; + virtual_map; config = { ### postfix module overrides readme_directory = "${pkgs.postfix}/share/postfix/doc"; @@ -163,25 +145,8 @@ alias_database = "\$alias_maps"; ### Relay domains - relay_domains = let - backups = lib.flatten (lib.attrsets.mapAttrsToList (n: v: v.domains or []) config.myEnv.mail.postfix.backup_domains); - virtual_domains = config.myEnv.mail.postfix.additional_mailbox_domains - ++ lib.remove null (lib.flatten (map - (zone: map - (e: if e.receive - then "${e.domain}${lib.optionalString (e.domain != "") "."}${zone.name}" - else null - ) - (zone.withEmail or []) - ) - config.myEnv.dns.masterZones - )); - in - backups ++ virtual_domains; + relay_domains = receiving_domains; relay_recipient_maps = let - backup_recipients = lib.flatten (lib.attrsets.mapAttrsToList (n: v: - lib.imap1 (i: m: "${m.type}:/etc/postfix/relay_${n}_${toString i}") v.recipient_maps - ) config.myEnv.mail.postfix.backup_domains); virtual_alias_maps = [ "hash:/etc/postfix/virtual" "mysql:${config.secrets.fullPaths."postfix/mysql_alias_maps"}" @@ -192,14 +157,10 @@ "pgsql:${config.secrets.fullPaths."postfix/sympa_mailbox_maps"}" ]; in - backup_recipients ++ virtual_alias_maps ++ virtual_mailbox_maps; + virtual_alias_maps ++ virtual_mailbox_maps; smtpd_relay_restrictions = [ "defer_unauth_destination" - ] ++ lib.flatten (lib.attrsets.mapAttrsToList (n: v: - if lib.attrsets.hasAttr "relay_restrictions" v - then [ "check_recipient_access hash:/etc/postfix/recipient_access_${n}" ] - else [] - ) config.myEnv.mail.postfix.backup_domains); + ]; ### Additional smtpd configuration smtpd_tls_received_header = "yes"; @@ -210,7 +171,7 @@ smtp_tls_loglevel = "1"; ### Force ip bind for smtp - smtp_bind_address = config.myEnv.servers."${name}".ips.main.ip4; + smtp_bind_address = builtins.head config.myEnv.servers."${name}".ips.main.ip4; smtp_bind_address6 = builtins.head config.myEnv.servers."${name}".ips.main.ip6; smtpd_milters = [