diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-05-07 10:40:43 +0200 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-05-07 10:47:10 +0200 |
| commit | 22b4bd78a10b49272cfd345d379703cae4ab5d3d (patch) | |
| tree | e9b1526adc5e263a3dbf9070f2d7f299d3979cd8 /modules/private/mail/relay.nix | |
| parent | 5ce7edb5363dcba33bc542fcf9cc82ff252dd212 (diff) | |
| download | Nix-22b4bd78a10b49272cfd345d379703cae4ab5d3d.tar.gz Nix-22b4bd78a10b49272cfd345d379703cae4ab5d3d.tar.zst Nix-22b4bd78a10b49272cfd345d379703cae4ab5d3d.zip | |
Use ldap instead of mysql to fetch mailboxes
Diffstat (limited to 'modules/private/mail/relay.nix')
| -rw-r--r-- | modules/private/mail/relay.nix | 53 |
1 files changed, 25 insertions, 28 deletions
diff --git a/modules/private/mail/relay.nix b/modules/private/mail/relay.nix index 52288fc..651452c 100644 --- a/modules/private/mail/relay.nix +++ b/modules/private/mail/relay.nix | |||
| @@ -43,29 +43,19 @@ | |||
| 43 | ''; | 43 | ''; |
| 44 | } | 44 | } |
| 45 | { | 45 | { |
| 46 | dest = "postfix/mysql_mailbox_maps"; | 46 | dest = "postfix/ldap_mailboxes"; |
| 47 | user = config.services.postfix.user; | 47 | user = config.services.postfix.user; |
| 48 | group = config.services.postfix.group; | 48 | group = config.services.postfix.group; |
| 49 | permissions = "0440"; | 49 | permissions = "0440"; |
| 50 | text = '' | 50 | text = '' |
| 51 | # We need to specify that option to trigger ssl connection | 51 | server_host = ldaps://${config.myEnv.mail.dovecot.ldap.host}:636 |
| 52 | tls_ciphers = TLSv1.2 | 52 | search_base = ${config.myEnv.mail.dovecot.ldap.base} |
| 53 | user = ${config.myEnv.mail.postfix.mysql.user} | 53 | query_filter = ${config.myEnv.mail.dovecot.ldap.postfix_mailbox_filter} |
| 54 | password = ${config.myEnv.mail.postfix.mysql.password} | 54 | bind_dn = ${config.myEnv.mail.dovecot.ldap.dn} |
| 55 | hosts = ${config.myEnv.mail.postfix.mysql.remoteHost} | 55 | bind_pw = ${config.myEnv.mail.dovecot.ldap.password} |
| 56 | dbname = ${config.myEnv.mail.postfix.mysql.database} | 56 | result_attribute = immaePostfixAddress |
| 57 | query = SELECT DISTINCT 1 | 57 | result_format = dummy |
| 58 | FROM mailboxes | 58 | version = 3 |
| 59 | WHERE active = 1 | ||
| 60 | AND ( | ||
| 61 | (domain = '%d' AND user = '%u' AND regex = 0) | ||
| 62 | OR ( | ||
| 63 | regex = 1 | ||
| 64 | AND '%d' REGEXP CONCAT('^',domain,'$') | ||
| 65 | AND '%u' REGEXP CONCAT('^',user,'$') | ||
| 66 | ) | ||
| 67 | ) | ||
| 68 | LIMIT 1 | ||
| 69 | ''; | 59 | ''; |
| 70 | } | 60 | } |
| 71 | { | 61 | { |
| @@ -78,7 +68,19 @@ | |||
| 78 | user = ${config.myEnv.mail.sympa.postgresql.user} | 68 | user = ${config.myEnv.mail.sympa.postgresql.user} |
| 79 | password = ${config.myEnv.mail.sympa.postgresql.password} | 69 | password = ${config.myEnv.mail.sympa.postgresql.password} |
| 80 | dbname = ${config.myEnv.mail.sympa.postgresql.database} | 70 | dbname = ${config.myEnv.mail.sympa.postgresql.database} |
| 81 | query = SELECT DISTINCT CONCAT(name_list, '@', robot_list) FROM list_table | 71 | query = SELECT DISTINCT 1 FROM list_table WHERE '%s' IN ( |
| 72 | CONCAT(name_list, '@', robot_list), | ||
| 73 | CONCAT(name_list, '-request@', robot_list), | ||
| 74 | CONCAT(name_list, '-editor@', robot_list), | ||
| 75 | CONCAT(name_list, '-unsubscribe@', robot_list), | ||
| 76 | CONCAT(name_list, '-owner@', robot_list), | ||
| 77 | CONCAT('sympa-request@', robot_list), | ||
| 78 | CONCAT('sympa-owner@', robot_list), | ||
| 79 | CONCAT('sympa@', robot_list), | ||
| 80 | CONCAT('listmaster@', robot_list), | ||
| 81 | CONCAT('bounce@', robot_list), | ||
| 82 | CONCAT('abuse-feedback-report@', robot_list) | ||
| 83 | ) | ||
| 82 | ''; | 84 | ''; |
| 83 | } | 85 | } |
| 84 | { | 86 | { |
| @@ -107,9 +109,9 @@ | |||
| 107 | restart = true; | 109 | restart = true; |
| 108 | paths = [ | 110 | paths = [ |
| 109 | config.secrets.fullPaths."postfix/mysql_alias_maps" | 111 | config.secrets.fullPaths."postfix/mysql_alias_maps" |
| 110 | config.secrets.fullPaths."postfix/mysql_mailbox_maps" | ||
| 111 | config.secrets.fullPaths."postfix/sympa_mailbox_maps" | 112 | config.secrets.fullPaths."postfix/sympa_mailbox_maps" |
| 112 | config.secrets.fullPaths."postfix/ldap_ejabberd_users_immae_fr" | 113 | config.secrets.fullPaths."postfix/ldap_ejabberd_users_immae_fr" |
| 114 | config.secrets.fullPaths."postfix/ldap_mailboxes" | ||
| 113 | ]; | 115 | ]; |
| 114 | }; | 116 | }; |
| 115 | services.postfix = { | 117 | services.postfix = { |
| @@ -151,12 +153,8 @@ | |||
| 151 | ) | 153 | ) |
| 152 | ); | 154 | ); |
| 153 | }; | 155 | }; |
| 154 | sasl_access = { | ||
| 155 | host_dummy_mailboxes = pkgs.writeText "host-virtual-mailbox" | ||
| 156 | (builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (n: v: "${n}@immae.eu 1") nodes)); | ||
| 157 | }; | ||
| 158 | in | 156 | in |
| 159 | recipient_maps // relay_restrictions // virtual_map // sasl_access; | 157 | recipient_maps // relay_restrictions // virtual_map; |
| 160 | config = { | 158 | config = { |
| 161 | ### postfix module overrides | 159 | ### postfix module overrides |
| 162 | readme_directory = "${pkgs.postfix}/share/postfix/doc"; | 160 | readme_directory = "${pkgs.postfix}/share/postfix/doc"; |
| @@ -194,8 +192,7 @@ | |||
| 194 | "ldap:${config.secrets.fullPaths."postfix/ldap_ejabberd_users_immae_fr"}" | 192 | "ldap:${config.secrets.fullPaths."postfix/ldap_ejabberd_users_immae_fr"}" |
| 195 | ]; | 193 | ]; |
| 196 | virtual_mailbox_maps = [ | 194 | virtual_mailbox_maps = [ |
| 197 | "hash:/etc/postfix/host_dummy_mailboxes" | 195 | "ldap:${config.secrets.fullPaths."postfix/ldap_mailboxes"}" |
| 198 | "mysql:${config.secrets.fullPaths."postfix/mysql_mailbox_maps"}" | ||
| 199 | "pgsql:${config.secrets.fullPaths."postfix/sympa_mailbox_maps"}" | 196 | "pgsql:${config.secrets.fullPaths."postfix/sympa_mailbox_maps"}" |
| 200 | ]; | 197 | ]; |
| 201 | in | 198 | in |