[perso/Immae/Config/Nix.git] / modules / private / mail / opensmtpd.nix

{ lib, pkgs, config, name, ... }:
{
  config = lib.mkIf config.myServices.mailRelay.enable {
    secrets.keys."opensmtpd/creds" = {
      user = "smtpd";
      group = "smtpd";
      permissions = "0400";
      text = ''
        eldiron    ${name}:${config.hostEnv.ldap.password}
        '';
    };
    users.users.smtpd.extraGroups = [ "keys" ];
    services.opensmtpd = {
      enable = true;
      serverConfiguration = let
        filter-rewrite-from = pkgs.runCommand "filter-rewrite-from.py" {
          buildInputs = [ pkgs.python3 ];
        } ''
          cp ${./filter-rewrite-from.py} $out
          patchShebangs $out
        '';
      in ''
        table creds \
          "${config.secrets.fullPaths."opensmtpd/creds"}"
        # FIXME: filtering requires 6.6, uncomment following lines when
        # upgrading
        # filter "fixfrom" \
        #   proc-exec "${filter-rewrite-from} ${name}@immae.eu"
        # listen on socket filter "fixfrom"
        action "relay-rewrite-from" relay \
          helo ${config.hostEnv.fqdn} \
          host smtp+tls://eldiron@eldiron.immae.eu:587 \
          auth <creds> \
          mail-from ${name}@immae.eu
        action "relay" relay \
          helo ${config.hostEnv.fqdn} \
          host smtp+tls://eldiron@eldiron.immae.eu:587 \
          auth <creds>
        match for any !mail-from "@immae.eu" action "relay-rewrite-from"
        match for any mail-from "@immae.eu" action "relay"
        '';
    };
    environment.systemPackages = [ config.services.opensmtpd.package ];
    services.mail.sendmailSetuidWrapper = {
      program = "sendmail";
      source = "${config.services.opensmtpd.package}/bin/smtpctl";
      setuid = false;
      setgid = false;
    };
    security.wrappers.mailq = {
      program = "mailq";
      source = "${config.services.opensmtpd.package}/bin/smtpctl";
      setuid = false;
      setgid = false;
    };
  };
}
Commit	Line	Data
deca5e9b IB	1	{ lib, pkgs, config, name, ... }:
	2	{
	3	config = lib.mkIf config.myServices.mailRelay.enable {
4c4652aa IB	4	secrets.keys."opensmtpd/creds" = {
	5	user = "smtpd";
	6	group = "smtpd";
	7	permissions = "0400";
	8	text = ''
	9	eldiron ${name}:${config.hostEnv.ldap.password}
	10	'';
	11	};
deca5e9b IB	12	users.users.smtpd.extraGroups = [ "keys" ];
	13	services.opensmtpd = {
	14	enable = true;
e05c9acc IB	15	serverConfiguration = let
	16	filter-rewrite-from = pkgs.runCommand "filter-rewrite-from.py" {
	17	buildInputs = [ pkgs.python3 ];
	18	} ''
	19	cp ${./filter-rewrite-from.py} $out
	20	patchShebangs $out
	21	'';
	22	in ''
deca5e9b IB	23	table creds \
deca5e9b IB	24	"${config.secrets.fullPaths."opensmtpd/creds"}"
e05c9acc IB	25	# FIXME: filtering requires 6.6, uncomment following lines when
e05c9acc IB	26	# upgrading
deca5e9b	27	# filter "fixfrom" \
e05c9acc IB	28	# proc-exec "${filter-rewrite-from} ${name}@immae.eu"
e05c9acc IB	29	# listen on socket filter "fixfrom"
deca5e9b	30	action "relay-rewrite-from" relay \
619e4f46	31	helo ${config.hostEnv.fqdn} \
deca5e9b IB	32	host smtp+tls://eldiron@eldiron.immae.eu:587 \
	33	auth <creds> \
	34	mail-from ${name}@immae.eu
	35	action "relay" relay \
619e4f46	36	helo ${config.hostEnv.fqdn} \
deca5e9b IB	37	host smtp+tls://eldiron@eldiron.immae.eu:587 \
	38	auth <creds>
	39	match for any !mail-from "@immae.eu" action "relay-rewrite-from"
	40	match for any mail-from "@immae.eu" action "relay"
	41	'';
	42	};
	43	environment.systemPackages = [ config.services.opensmtpd.package ];
	44	services.mail.sendmailSetuidWrapper = {
	45	program = "sendmail";
	46	source = "${config.services.opensmtpd.package}/bin/smtpctl";
	47	setuid = false;
	48	setgid = false;
	49	};
	50	security.wrappers.mailq = {
	51	program = "mailq";
	52	source = "${config.services.opensmtpd.package}/bin/smtpctl";
	53	setuid = false;
	54	setgid = false;
	55	};
	56	};
	57	}