flakes/private/mail-relay/flake.nix

   1 {
   2   inputs.environment.url = "path:../environment";
   3   inputs.secrets.url = "path:../../secrets";
   4
   5   outputs = { self, environment, secrets }: {
   6     nixosModule = self.nixosModules.mail-relay;
   7     nixosModules.mail-relay = { lib, pkgs, config, name, ... }:
   8       {
   9         imports = [
  10           environment.nixosModule
  11           secrets.nixosModule
  12         ];
  13         options.myServices.mailRelay.enable = lib.mkEnableOption "enable Mail relay services";
  14         config = lib.mkIf config.myServices.mailRelay.enable {
  15           secrets.keys."opensmtpd/creds" = {
  16             user = "smtpd";
  17             group = "smtpd";
  18             permissions = "0400";
  19             text = ''
  20               eldiron    ${name}:${config.hostEnv.ldap.password}
  21               '';
  22           };
  23           users.users.smtpd.extraGroups = [ "keys" ];
  24           services.opensmtpd = {
  25             enable = true;
  26             serverConfiguration = let
  27               filter-rewrite-from = pkgs.runCommand "filter-rewrite-from.py" {
  28                 buildInputs = [ pkgs.python38 ];
  29               } ''
  30                 cp ${./filter-rewrite-from.py} $out
  31                 patchShebangs $out
  32               '';
  33             in ''
  34               table creds \
  35                 "${config.secrets.fullPaths."opensmtpd/creds"}"
  36               # FIXME: filtering requires 6.6, uncomment following lines when
  37               # upgrading
  38               # filter "fixfrom" \
  39               #   proc-exec "${filter-rewrite-from} ${name}@immae.eu"
  40               # listen on socket filter "fixfrom"
  41               action "relay-rewrite-from" relay \
  42                 helo ${config.hostEnv.fqdn} \
  43                 host smtp+tls://eldiron@eldiron.immae.eu:587 \
  44                 auth <creds> \
  45                 mail-from ${name}@immae.eu
  46               action "relay" relay \
  47                 helo ${config.hostEnv.fqdn} \
  48                 host smtp+tls://eldiron@eldiron.immae.eu:587 \
  49                 auth <creds>
  50               match for any !mail-from "@immae.eu" action "relay-rewrite-from"
  51               match for any mail-from "@immae.eu" action "relay"
  52               '';
  53           };
  54           environment.systemPackages = [ config.services.opensmtpd.package ];
  55         };
  56       };
  57   };
  58 }