-{ lib, pkgs, config, nodes, name, ... }:
+{ lib, pkgs, config, name, nodes, ... }:
+let
+ getDomains = p: lib.mapAttrsToList (n: v: v.fqdn) (lib.filterAttrs (n: v: v.receive) p.emailPolicies);
+ bydomain = builtins.mapAttrs (n: getDomains) nodes.eldiron.config.myServices.dns.zones;
+ receiving_domains = lib.flatten (builtins.attrValues bydomain);
+in
{
+ options.myServices.mailBackup.enable = lib.mkEnableOption "enable MX backup services";
config = lib.mkIf config.myServices.mailBackup.enable {
- security.acme.certs."mail" = config.myServices.certificates.certConfig // {
+ myServices.mail.milters.enable = true;
+ security.acme.certs."mail" = {
postRun = ''
systemctl restart postfix.service
'';
domain = config.hostEnv.fqdn;
- extraDomains = let
- zonesWithMx = builtins.filter (zone:
- lib.attrsets.hasAttr "withEmail" zone && lib.lists.length zone.withEmail > 0
- ) config.myEnv.dns.masterZones;
- mxs = map (zone: "${config.myEnv.servers."${name}".mx.subdomain}.${zone.name}") zonesWithMx;
- in builtins.listToAttrs (map (mx: lib.attrsets.nameValuePair mx null) mxs);
+ extraDomainNames = let
+ zonesWithMx = builtins.attrNames (lib.filterAttrs (n: v: v.hasEmail) nodes.eldiron.config.myServices.dns.zones);
+ mxs = map (n: "${config.myEnv.servers."${name}".mx.subdomain}.${n}") zonesWithMx;
+ in mxs;
};
secrets.keys = {
"postfix/mysql_alias_maps" = {
};
services.postfix = {
mapFiles = let
- recipient_maps = let
- name = n: i: "relay_${n}_${toString i}";
- pair = n: i: m: lib.attrsets.nameValuePair (name n i) (
- if m.type == "hash"
- then pkgs.writeText (name n i) m.content
- else null
- );
- pairs = n: v: lib.imap1 (i: m: pair n i m) v.recipient_maps;
- in lib.attrsets.filterAttrs (k: v: v != null) (
- lib.attrsets.listToAttrs (lib.flatten (
- lib.attrsets.mapAttrsToList pairs config.myEnv.mail.postfix.backup_domains
- ))
- );
- relay_restrictions = lib.attrsets.filterAttrs (k: v: v != null) (
- lib.attrsets.mapAttrs' (n: v:
- lib.attrsets.nameValuePair "recipient_access_${n}" (
- if lib.attrsets.hasAttr "relay_restrictions" v
- then pkgs.writeText "recipient_access_${n}" v.relay_restrictions
- else null
- )
- ) config.myEnv.mail.postfix.backup_domains
- );
virtual_map = {
virtual = let
cfg = config.myEnv.monitoring.email_check.eldiron;
address = "${cfg.mail_address}@${cfg.mail_domain}";
+ aliases = config.myEnv.mail.postfix.common_aliases;
in pkgs.writeText "postfix-virtual" (
builtins.concatStringsSep "\n" (
- ["${address} 1"] ++
- lib.attrsets.mapAttrsToList (
- n: v: lib.optionalString v.external ''
- script_${n}@mail.immae.eu 1
- ''
- ) config.myEnv.mail.scripts
+ [ "${address} 1"
+ ] ++
+ map (a: "${a} 1") config.myEnv.mail.postfix.other_aliases ++
+ lib.lists.flatten (map (domain: map (alias: "${alias}@${domain} 1") aliases) receiving_domains)
)
);
};
in
- recipient_maps // relay_restrictions // virtual_map;
+ virtual_map;
config = {
### postfix module overrides
readme_directory = "${pkgs.postfix}/share/postfix/doc";
alias_database = "\$alias_maps";
### Relay domains
- relay_domains = let
- backups = lib.flatten (lib.attrsets.mapAttrsToList (n: v: v.domains or []) config.myEnv.mail.postfix.backup_domains);
- virtual_domains = config.myEnv.mail.postfix.additional_mailbox_domains
- ++ lib.remove null (lib.flatten (map
- (zone: map
- (e: if e.receive
- then "${e.domain}${lib.optionalString (e.domain != "") "."}${zone.name}"
- else null
- )
- (zone.withEmail or [])
- )
- config.myEnv.dns.masterZones
- ));
- in
- backups ++ virtual_domains;
+ relay_domains = receiving_domains;
relay_recipient_maps = let
- backup_recipients = lib.flatten (lib.attrsets.mapAttrsToList (n: v:
- lib.imap1 (i: m: "${m.type}:/etc/postfix/relay_${n}_${toString i}") v.recipient_maps
- ) config.myEnv.mail.postfix.backup_domains);
virtual_alias_maps = [
"hash:/etc/postfix/virtual"
"mysql:${config.secrets.fullPaths."postfix/mysql_alias_maps"}"
"pgsql:${config.secrets.fullPaths."postfix/sympa_mailbox_maps"}"
];
in
- backup_recipients ++ virtual_alias_maps ++ virtual_mailbox_maps;
+ virtual_alias_maps ++ virtual_mailbox_maps;
smtpd_relay_restrictions = [
"defer_unauth_destination"
- ] ++ lib.flatten (lib.attrsets.mapAttrsToList (n: v:
- if lib.attrsets.hasAttr "relay_restrictions" v
- then [ "check_recipient_access hash:/etc/postfix/recipient_access_${n}" ]
- else []
- ) config.myEnv.mail.postfix.backup_domains);
+ ];
### Additional smtpd configuration
smtpd_tls_received_header = "yes";
smtp_tls_loglevel = "1";
### Force ip bind for smtp
- smtp_bind_address = config.myEnv.servers."${name}".ips.main.ip4;
+ smtp_bind_address = builtins.head config.myEnv.servers."${name}".ips.main.ip4;
smtp_bind_address6 = builtins.head config.myEnv.servers."${name}".ips.main.ip6;
smtpd_milters = [