[perso/Immae/Config/Nix.git] / modules / private / mail / opensmtpd.nix

{ lib, pkgs, config, name, ... }:
{
  config = lib.mkIf config.myServices.mailRelay.enable {
    secrets.keys = [
      {
        dest = "opensmtpd/creds";
        user = "smtpd";
        group = "smtpd";
        permissions = "0400";
        text = ''
          eldiron    ${name}:${config.hostEnv.ldap.password}
          '';
      }
    ];
    users.users.smtpd.extraGroups = [ "keys" ];
    services.opensmtpd = {
      enable = true;
      serverConfiguration = let
        filter-rewrite-from = pkgs.runCommand "filter-rewrite-from.py" {
          buildInputs = [ pkgs.python3 ];
        } ''
          cp ${./filter-rewrite-from.py} $out
          patchShebangs $out
        '';
      in ''
        table creds \
          "${config.secrets.fullPaths."opensmtpd/creds"}"
        # FIXME: filtering requires 6.6, uncomment following lines when
        # upgrading
        # filter "fixfrom" \
        #   proc-exec "${filter-rewrite-from} ${name}@immae.eu"
        # listen on socket filter "fixfrom"
        action "relay-rewrite-from" relay \
          helo ${config.hostEnv.fqdn} \
          host smtp+tls://eldiron@eldiron.immae.eu:587 \
          auth <creds> \
          mail-from ${name}@immae.eu
        action "relay" relay \
          helo ${config.hostEnv.fqdn} \
          host smtp+tls://eldiron@eldiron.immae.eu:587 \
          auth <creds>
        match for any !mail-from "@immae.eu" action "relay-rewrite-from"
        match for any mail-from "@immae.eu" action "relay"
        '';
    };
    environment.systemPackages = [ config.services.opensmtpd.package ];
    services.mail.sendmailSetuidWrapper = {
      program = "sendmail";
      source = "${config.services.opensmtpd.package}/bin/smtpctl";
      setuid = false;
      setgid = false;
    };
    security.wrappers.mailq = {
      program = "mailq";
      source = "${config.services.opensmtpd.package}/bin/smtpctl";
      setuid = false;
      setgid = false;
    };
  };
}
Commit	Line	Data
deca5e9b IB	1	{ lib, pkgs, config, name, ... }:
	2	{
	3	config = lib.mkIf config.myServices.mailRelay.enable {
	4	secrets.keys = [
	5	{
	6	dest = "opensmtpd/creds";
	7	user = "smtpd";
	8	group = "smtpd";
	9	permissions = "0400";
	10	text = ''
619e4f46	11	eldiron ${name}:${config.hostEnv.ldap.password}
deca5e9b IB	12	'';
	13	}
	14	];
	15	users.users.smtpd.extraGroups = [ "keys" ];
	16	services.opensmtpd = {
	17	enable = true;
e05c9acc IB	18	serverConfiguration = let
	19	filter-rewrite-from = pkgs.runCommand "filter-rewrite-from.py" {
	20	buildInputs = [ pkgs.python3 ];
	21	} ''
	22	cp ${./filter-rewrite-from.py} $out
	23	patchShebangs $out
	24	'';
	25	in ''
deca5e9b IB	26	table creds \
deca5e9b IB	27	"${config.secrets.fullPaths."opensmtpd/creds"}"
e05c9acc IB	28	# FIXME: filtering requires 6.6, uncomment following lines when
e05c9acc IB	29	# upgrading
deca5e9b	30	# filter "fixfrom" \
e05c9acc IB	31	# proc-exec "${filter-rewrite-from} ${name}@immae.eu"
e05c9acc IB	32	# listen on socket filter "fixfrom"
deca5e9b	33	action "relay-rewrite-from" relay \
619e4f46	34	helo ${config.hostEnv.fqdn} \
deca5e9b IB	35	host smtp+tls://eldiron@eldiron.immae.eu:587 \
	36	auth <creds> \
	37	mail-from ${name}@immae.eu
	38	action "relay" relay \
619e4f46	39	helo ${config.hostEnv.fqdn} \
deca5e9b IB	40	host smtp+tls://eldiron@eldiron.immae.eu:587 \
	41	auth <creds>
	42	match for any !mail-from "@immae.eu" action "relay-rewrite-from"
	43	match for any mail-from "@immae.eu" action "relay"
	44	'';
	45	};
	46	environment.systemPackages = [ config.services.opensmtpd.package ];
	47	services.mail.sendmailSetuidWrapper = {
	48	program = "sendmail";
	49	source = "${config.services.opensmtpd.package}/bin/smtpctl";
	50	setuid = false;
	51	setgid = false;
	52	};
	53	security.wrappers.mailq = {
	54	program = "mailq";
	55	source = "${config.services.opensmtpd.package}/bin/smtpctl";
	56	setuid = false;
	57	setgid = false;
	58	};
	59	};
	60	}