aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2020-05-07 10:40:43 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2020-05-07 10:47:10 +0200
commit22b4bd78a10b49272cfd345d379703cae4ab5d3d (patch)
treee9b1526adc5e263a3dbf9070f2d7f299d3979cd8
parent5ce7edb5363dcba33bc542fcf9cc82ff252dd212 (diff)
downloadNix-22b4bd78a10b49272cfd345d379703cae4ab5d3d.tar.gz
Nix-22b4bd78a10b49272cfd345d379703cae4ab5d3d.tar.zst
Nix-22b4bd78a10b49272cfd345d379703cae4ab5d3d.zip
Use ldap instead of mysql to fetch mailboxes
-rw-r--r--modules/private/environment.nix1
-rw-r--r--modules/private/mail/postfix.nix36
-rw-r--r--modules/private/mail/relay.nix53
-rw-r--r--modules/private/mail/sympa.nix1
4 files changed, 38 insertions, 53 deletions
diff --git a/modules/private/environment.nix b/modules/private/environment.nix
index 7555fe6..5d74ab5 100644
--- a/modules/private/environment.nix
+++ b/modules/private/environment.nix
@@ -650,6 +650,7 @@ in
650 user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; }; 650 user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; };
651 iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; }; 651 iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; };
652 iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; }; 652 iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; };
653 postfix_mailbox_filter = mkOption { type = str; description = "Postfix filter to get mailboxes"; };
653 }; 654 };
654 }; 655 };
655 }; 656 };
diff --git a/modules/private/mail/postfix.nix b/modules/private/mail/postfix.nix
index 46d45c1..0c95df5 100644
--- a/modules/private/mail/postfix.nix
+++ b/modules/private/mail/postfix.nix
@@ -34,30 +34,19 @@
34 ''; 34 '';
35 } 35 }
36 { 36 {
37 dest = "postfix/mysql_mailbox_maps"; 37 dest = "postfix/ldap_mailboxes";
38 user = config.services.postfix.user; 38 user = config.services.postfix.user;
39 group = config.services.postfix.group; 39 group = config.services.postfix.group;
40 permissions = "0440"; 40 permissions = "0440";
41 text = '' 41 text = ''
42 # We need to specify that option to trigger ssl connection 42 server_host = ldaps://${config.myEnv.mail.dovecot.ldap.host}:636
43 tls_ciphers = TLSv1.2 43 search_base = ${config.myEnv.mail.dovecot.ldap.base}
44 user = ${config.myEnv.mail.postfix.mysql.user} 44 query_filter = ${config.myEnv.mail.dovecot.ldap.postfix_mailbox_filter}
45 password = ${config.myEnv.mail.postfix.mysql.password} 45 bind_dn = ${config.myEnv.mail.dovecot.ldap.dn}
46 hosts = unix:${config.myEnv.mail.postfix.mysql.socket} 46 bind_pw = ${config.myEnv.mail.dovecot.ldap.password}
47 dbname = ${config.myEnv.mail.postfix.mysql.database} 47 result_attribute = immaePostfixAddress
48 result_format = /%d/%u 48 result_format = dummy
49 query = SELECT DISTINCT '%s' 49 version = 3
50 FROM mailboxes
51 WHERE active = 1
52 AND (
53 (domain = '%d' AND user = '%u' AND regex = 0)
54 OR (
55 regex = 1
56 AND '%d' REGEXP CONCAT('^',domain,'$')
57 AND '%u' REGEXP CONCAT('^',user,'$')
58 )
59 )
60 LIMIT 1
61 ''; 50 '';
62 } 51 }
63 { 52 {
@@ -180,7 +169,7 @@
180 restart = true; 169 restart = true;
181 paths = [ 170 paths = [
182 config.secrets.fullPaths."postfix/mysql_alias_maps" 171 config.secrets.fullPaths."postfix/mysql_alias_maps"
183 config.secrets.fullPaths."postfix/mysql_mailbox_maps" 172 config.secrets.fullPaths."postfix/ldap_mailboxes"
184 config.secrets.fullPaths."postfix/mysql_sender_login_maps" 173 config.secrets.fullPaths."postfix/mysql_sender_login_maps"
185 config.secrets.fullPaths."postfix/ldap_ejabberd_users_immae_fr" 174 config.secrets.fullPaths."postfix/ldap_ejabberd_users_immae_fr"
186 ]; 175 ];
@@ -274,8 +263,6 @@
274 joined = builtins.concatStringsSep ","; 263 joined = builtins.concatStringsSep ",";
275 in pkgs.writeText "host-sender-login" 264 in pkgs.writeText "host-sender-login"
276 (builtins.concatStringsSep "\n" (mapAttrsToList (n: v: "${n} ${joined v}") addresses)); 265 (builtins.concatStringsSep "\n" (mapAttrsToList (n: v: "${n} ${joined v}") addresses));
277 host_dummy_mailboxes = pkgs.writeText "host-virtual-mailbox"
278 (builtins.concatStringsSep "\n" (["immae-eu@immae.eu dummy"] ++ lib.attrsets.mapAttrsToList (n: v: "${n}@immae.eu dummy") nodes));
279 }; 266 };
280 in 267 in
281 recipient_maps // relay_restrictions // virtual_map // sasl_access; 268 recipient_maps // relay_restrictions // virtual_map // sasl_access;
@@ -308,8 +295,7 @@
308 config.myEnv.dns.masterZones 295 config.myEnv.dns.masterZones
309 )); 296 ));
310 virtual_mailbox_maps = [ 297 virtual_mailbox_maps = [
311 "hash:/etc/postfix/host_dummy_mailboxes" 298 "ldap:${config.secrets.fullPaths."postfix/ldap_mailboxes"}"
312 "mysql:${config.secrets.fullPaths."postfix/mysql_mailbox_maps"}"
313 ]; 299 ];
314 dovecot_destination_recipient_limit = "1"; 300 dovecot_destination_recipient_limit = "1";
315 virtual_transport = "dovecot"; 301 virtual_transport = "dovecot";
diff --git a/modules/private/mail/relay.nix b/modules/private/mail/relay.nix
index 52288fc..651452c 100644
--- a/modules/private/mail/relay.nix
+++ b/modules/private/mail/relay.nix
@@ -43,29 +43,19 @@
43 ''; 43 '';
44 } 44 }
45 { 45 {
46 dest = "postfix/mysql_mailbox_maps"; 46 dest = "postfix/ldap_mailboxes";
47 user = config.services.postfix.user; 47 user = config.services.postfix.user;
48 group = config.services.postfix.group; 48 group = config.services.postfix.group;
49 permissions = "0440"; 49 permissions = "0440";
50 text = '' 50 text = ''
51 # We need to specify that option to trigger ssl connection 51 server_host = ldaps://${config.myEnv.mail.dovecot.ldap.host}:636
52 tls_ciphers = TLSv1.2 52 search_base = ${config.myEnv.mail.dovecot.ldap.base}
53 user = ${config.myEnv.mail.postfix.mysql.user} 53 query_filter = ${config.myEnv.mail.dovecot.ldap.postfix_mailbox_filter}
54 password = ${config.myEnv.mail.postfix.mysql.password} 54 bind_dn = ${config.myEnv.mail.dovecot.ldap.dn}
55 hosts = ${config.myEnv.mail.postfix.mysql.remoteHost} 55 bind_pw = ${config.myEnv.mail.dovecot.ldap.password}
56 dbname = ${config.myEnv.mail.postfix.mysql.database} 56 result_attribute = immaePostfixAddress
57 query = SELECT DISTINCT 1 57 result_format = dummy
58 FROM mailboxes 58 version = 3
59 WHERE active = 1
60 AND (
61 (domain = '%d' AND user = '%u' AND regex = 0)
62 OR (
63 regex = 1
64 AND '%d' REGEXP CONCAT('^',domain,'$')
65 AND '%u' REGEXP CONCAT('^',user,'$')
66 )
67 )
68 LIMIT 1
69 ''; 59 '';
70 } 60 }
71 { 61 {
@@ -78,7 +68,19 @@
78 user = ${config.myEnv.mail.sympa.postgresql.user} 68 user = ${config.myEnv.mail.sympa.postgresql.user}
79 password = ${config.myEnv.mail.sympa.postgresql.password} 69 password = ${config.myEnv.mail.sympa.postgresql.password}
80 dbname = ${config.myEnv.mail.sympa.postgresql.database} 70 dbname = ${config.myEnv.mail.sympa.postgresql.database}
81 query = SELECT DISTINCT CONCAT(name_list, '@', robot_list) FROM list_table 71 query = SELECT DISTINCT 1 FROM list_table WHERE '%s' IN (
72 CONCAT(name_list, '@', robot_list),
73 CONCAT(name_list, '-request@', robot_list),
74 CONCAT(name_list, '-editor@', robot_list),
75 CONCAT(name_list, '-unsubscribe@', robot_list),
76 CONCAT(name_list, '-owner@', robot_list),
77 CONCAT('sympa-request@', robot_list),
78 CONCAT('sympa-owner@', robot_list),
79 CONCAT('sympa@', robot_list),
80 CONCAT('listmaster@', robot_list),
81 CONCAT('bounce@', robot_list),
82 CONCAT('abuse-feedback-report@', robot_list)
83 )
82 ''; 84 '';
83 } 85 }
84 { 86 {
@@ -107,9 +109,9 @@
107 restart = true; 109 restart = true;
108 paths = [ 110 paths = [
109 config.secrets.fullPaths."postfix/mysql_alias_maps" 111 config.secrets.fullPaths."postfix/mysql_alias_maps"
110 config.secrets.fullPaths."postfix/mysql_mailbox_maps"
111 config.secrets.fullPaths."postfix/sympa_mailbox_maps" 112 config.secrets.fullPaths."postfix/sympa_mailbox_maps"
112 config.secrets.fullPaths."postfix/ldap_ejabberd_users_immae_fr" 113 config.secrets.fullPaths."postfix/ldap_ejabberd_users_immae_fr"
114 config.secrets.fullPaths."postfix/ldap_mailboxes"
113 ]; 115 ];
114 }; 116 };
115 services.postfix = { 117 services.postfix = {
@@ -151,12 +153,8 @@
151 ) 153 )
152 ); 154 );
153 }; 155 };
154 sasl_access = {
155 host_dummy_mailboxes = pkgs.writeText "host-virtual-mailbox"
156 (builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (n: v: "${n}@immae.eu 1") nodes));
157 };
158 in 156 in
159 recipient_maps // relay_restrictions // virtual_map // sasl_access; 157 recipient_maps // relay_restrictions // virtual_map;
160 config = { 158 config = {
161 ### postfix module overrides 159 ### postfix module overrides
162 readme_directory = "${pkgs.postfix}/share/postfix/doc"; 160 readme_directory = "${pkgs.postfix}/share/postfix/doc";
@@ -194,8 +192,7 @@
194 "ldap:${config.secrets.fullPaths."postfix/ldap_ejabberd_users_immae_fr"}" 192 "ldap:${config.secrets.fullPaths."postfix/ldap_ejabberd_users_immae_fr"}"
195 ]; 193 ];
196 virtual_mailbox_maps = [ 194 virtual_mailbox_maps = [
197 "hash:/etc/postfix/host_dummy_mailboxes" 195 "ldap:${config.secrets.fullPaths."postfix/ldap_mailboxes"}"
198 "mysql:${config.secrets.fullPaths."postfix/mysql_mailbox_maps"}"
199 "pgsql:${config.secrets.fullPaths."postfix/sympa_mailbox_maps"}" 196 "pgsql:${config.secrets.fullPaths."postfix/sympa_mailbox_maps"}"
200 ]; 197 ];
201 in 198 in
diff --git a/modules/private/mail/sympa.nix b/modules/private/mail/sympa.nix
index 1a696d0..9bd5a57 100644
--- a/modules/private/mail/sympa.nix
+++ b/modules/private/mail/sympa.nix
@@ -94,6 +94,7 @@ in
94 94
95 services.postfix = { 95 services.postfix = {
96 mapFiles = { 96 mapFiles = {
97 # Update relay list when changing one of those
97 sympa_virtual = pkgs.writeText "virtual.sympa" '' 98 sympa_virtual = pkgs.writeText "virtual.sympa" ''
98 sympa-request@${domain} postmaster@immae.eu 99 sympa-request@${domain} postmaster@immae.eu
99 sympa-owner@${domain} postmaster@immae.eu 100 sympa-owner@${domain} postmaster@immae.eu