diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-05-07 10:40:43 +0200 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-05-07 10:47:10 +0200 |
| commit | 22b4bd78a10b49272cfd345d379703cae4ab5d3d (patch) | |
| tree | e9b1526adc5e263a3dbf9070f2d7f299d3979cd8 /modules | |
| parent | 5ce7edb5363dcba33bc542fcf9cc82ff252dd212 (diff) | |
| download | Nix-22b4bd78a10b49272cfd345d379703cae4ab5d3d.tar.gz Nix-22b4bd78a10b49272cfd345d379703cae4ab5d3d.tar.zst Nix-22b4bd78a10b49272cfd345d379703cae4ab5d3d.zip | |
Use ldap instead of mysql to fetch mailboxes
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/private/environment.nix | 1 | ||||
| -rw-r--r-- | modules/private/mail/postfix.nix | 36 | ||||
| -rw-r--r-- | modules/private/mail/relay.nix | 53 | ||||
| -rw-r--r-- | modules/private/mail/sympa.nix | 1 |
4 files changed, 38 insertions, 53 deletions
diff --git a/modules/private/environment.nix b/modules/private/environment.nix index 7555fe6..5d74ab5 100644 --- a/modules/private/environment.nix +++ b/modules/private/environment.nix | |||
| @@ -650,6 +650,7 @@ in | |||
| 650 | user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; }; | 650 | user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; }; |
| 651 | iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; }; | 651 | iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; }; |
| 652 | iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; }; | 652 | iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; }; |
| 653 | postfix_mailbox_filter = mkOption { type = str; description = "Postfix filter to get mailboxes"; }; | ||
| 653 | }; | 654 | }; |
| 654 | }; | 655 | }; |
| 655 | }; | 656 | }; |
diff --git a/modules/private/mail/postfix.nix b/modules/private/mail/postfix.nix index 46d45c1..0c95df5 100644 --- a/modules/private/mail/postfix.nix +++ b/modules/private/mail/postfix.nix | |||
| @@ -34,30 +34,19 @@ | |||
| 34 | ''; | 34 | ''; |
| 35 | } | 35 | } |
| 36 | { | 36 | { |
| 37 | dest = "postfix/mysql_mailbox_maps"; | 37 | dest = "postfix/ldap_mailboxes"; |
| 38 | user = config.services.postfix.user; | 38 | user = config.services.postfix.user; |
| 39 | group = config.services.postfix.group; | 39 | group = config.services.postfix.group; |
| 40 | permissions = "0440"; | 40 | permissions = "0440"; |
| 41 | text = '' | 41 | text = '' |
| 42 | # We need to specify that option to trigger ssl connection | 42 | server_host = ldaps://${config.myEnv.mail.dovecot.ldap.host}:636 |
| 43 | tls_ciphers = TLSv1.2 | 43 | search_base = ${config.myEnv.mail.dovecot.ldap.base} |
| 44 | user = ${config.myEnv.mail.postfix.mysql.user} | 44 | query_filter = ${config.myEnv.mail.dovecot.ldap.postfix_mailbox_filter} |
| 45 | password = ${config.myEnv.mail.postfix.mysql.password} | 45 | bind_dn = ${config.myEnv.mail.dovecot.ldap.dn} |
| 46 | hosts = unix:${config.myEnv.mail.postfix.mysql.socket} | 46 | bind_pw = ${config.myEnv.mail.dovecot.ldap.password} |
| 47 | dbname = ${config.myEnv.mail.postfix.mysql.database} | 47 | result_attribute = immaePostfixAddress |
| 48 | result_format = /%d/%u | 48 | result_format = dummy |
| 49 | query = SELECT DISTINCT '%s' | 49 | version = 3 |
| 50 | FROM mailboxes | ||
| 51 | WHERE active = 1 | ||
| 52 | AND ( | ||
| 53 | (domain = '%d' AND user = '%u' AND regex = 0) | ||
| 54 | OR ( | ||
| 55 | regex = 1 | ||
| 56 | AND '%d' REGEXP CONCAT('^',domain,'$') | ||
| 57 | AND '%u' REGEXP CONCAT('^',user,'$') | ||
| 58 | ) | ||
| 59 | ) | ||
| 60 | LIMIT 1 | ||
| 61 | ''; | 50 | ''; |
| 62 | } | 51 | } |
| 63 | { | 52 | { |
| @@ -180,7 +169,7 @@ | |||
| 180 | restart = true; | 169 | restart = true; |
| 181 | paths = [ | 170 | paths = [ |
| 182 | config.secrets.fullPaths."postfix/mysql_alias_maps" | 171 | config.secrets.fullPaths."postfix/mysql_alias_maps" |
| 183 | config.secrets.fullPaths."postfix/mysql_mailbox_maps" | 172 | config.secrets.fullPaths."postfix/ldap_mailboxes" |
| 184 | config.secrets.fullPaths."postfix/mysql_sender_login_maps" | 173 | config.secrets.fullPaths."postfix/mysql_sender_login_maps" |
| 185 | config.secrets.fullPaths."postfix/ldap_ejabberd_users_immae_fr" | 174 | config.secrets.fullPaths."postfix/ldap_ejabberd_users_immae_fr" |
| 186 | ]; | 175 | ]; |
| @@ -274,8 +263,6 @@ | |||
| 274 | joined = builtins.concatStringsSep ","; | 263 | joined = builtins.concatStringsSep ","; |
| 275 | in pkgs.writeText "host-sender-login" | 264 | in pkgs.writeText "host-sender-login" |
| 276 | (builtins.concatStringsSep "\n" (mapAttrsToList (n: v: "${n} ${joined v}") addresses)); | 265 | (builtins.concatStringsSep "\n" (mapAttrsToList (n: v: "${n} ${joined v}") addresses)); |
| 277 | host_dummy_mailboxes = pkgs.writeText "host-virtual-mailbox" | ||
| 278 | (builtins.concatStringsSep "\n" (["immae-eu@immae.eu dummy"] ++ lib.attrsets.mapAttrsToList (n: v: "${n}@immae.eu dummy") nodes)); | ||
| 279 | }; | 266 | }; |
| 280 | in | 267 | in |
| 281 | recipient_maps // relay_restrictions // virtual_map // sasl_access; | 268 | recipient_maps // relay_restrictions // virtual_map // sasl_access; |
| @@ -308,8 +295,7 @@ | |||
| 308 | config.myEnv.dns.masterZones | 295 | config.myEnv.dns.masterZones |
| 309 | )); | 296 | )); |
| 310 | virtual_mailbox_maps = [ | 297 | virtual_mailbox_maps = [ |
| 311 | "hash:/etc/postfix/host_dummy_mailboxes" | 298 | "ldap:${config.secrets.fullPaths."postfix/ldap_mailboxes"}" |
| 312 | "mysql:${config.secrets.fullPaths."postfix/mysql_mailbox_maps"}" | ||
| 313 | ]; | 299 | ]; |
| 314 | dovecot_destination_recipient_limit = "1"; | 300 | dovecot_destination_recipient_limit = "1"; |
| 315 | virtual_transport = "dovecot"; | 301 | virtual_transport = "dovecot"; |
diff --git a/modules/private/mail/relay.nix b/modules/private/mail/relay.nix index 52288fc..651452c 100644 --- a/modules/private/mail/relay.nix +++ b/modules/private/mail/relay.nix | |||
| @@ -43,29 +43,19 @@ | |||
| 43 | ''; | 43 | ''; |
| 44 | } | 44 | } |
| 45 | { | 45 | { |
| 46 | dest = "postfix/mysql_mailbox_maps"; | 46 | dest = "postfix/ldap_mailboxes"; |
| 47 | user = config.services.postfix.user; | 47 | user = config.services.postfix.user; |
| 48 | group = config.services.postfix.group; | 48 | group = config.services.postfix.group; |
| 49 | permissions = "0440"; | 49 | permissions = "0440"; |
| 50 | text = '' | 50 | text = '' |
| 51 | # We need to specify that option to trigger ssl connection | 51 | server_host = ldaps://${config.myEnv.mail.dovecot.ldap.host}:636 |
| 52 | tls_ciphers = TLSv1.2 | 52 | search_base = ${config.myEnv.mail.dovecot.ldap.base} |
| 53 | user = ${config.myEnv.mail.postfix.mysql.user} | 53 | query_filter = ${config.myEnv.mail.dovecot.ldap.postfix_mailbox_filter} |
| 54 | password = ${config.myEnv.mail.postfix.mysql.password} | 54 | bind_dn = ${config.myEnv.mail.dovecot.ldap.dn} |
| 55 | hosts = ${config.myEnv.mail.postfix.mysql.remoteHost} | 55 | bind_pw = ${config.myEnv.mail.dovecot.ldap.password} |
| 56 | dbname = ${config.myEnv.mail.postfix.mysql.database} | 56 | result_attribute = immaePostfixAddress |
| 57 | query = SELECT DISTINCT 1 | 57 | result_format = dummy |
| 58 | FROM mailboxes | 58 | version = 3 |
| 59 | WHERE active = 1 | ||
| 60 | AND ( | ||
| 61 | (domain = '%d' AND user = '%u' AND regex = 0) | ||
| 62 | OR ( | ||
| 63 | regex = 1 | ||
| 64 | AND '%d' REGEXP CONCAT('^',domain,'$') | ||
| 65 | AND '%u' REGEXP CONCAT('^',user,'$') | ||
| 66 | ) | ||
| 67 | ) | ||
| 68 | LIMIT 1 | ||
| 69 | ''; | 59 | ''; |
| 70 | } | 60 | } |
| 71 | { | 61 | { |
| @@ -78,7 +68,19 @@ | |||
| 78 | user = ${config.myEnv.mail.sympa.postgresql.user} | 68 | user = ${config.myEnv.mail.sympa.postgresql.user} |
| 79 | password = ${config.myEnv.mail.sympa.postgresql.password} | 69 | password = ${config.myEnv.mail.sympa.postgresql.password} |
| 80 | dbname = ${config.myEnv.mail.sympa.postgresql.database} | 70 | dbname = ${config.myEnv.mail.sympa.postgresql.database} |
| 81 | query = SELECT DISTINCT CONCAT(name_list, '@', robot_list) FROM list_table | 71 | query = SELECT DISTINCT 1 FROM list_table WHERE '%s' IN ( |
| 72 | CONCAT(name_list, '@', robot_list), | ||
| 73 | CONCAT(name_list, '-request@', robot_list), | ||
| 74 | CONCAT(name_list, '-editor@', robot_list), | ||
| 75 | CONCAT(name_list, '-unsubscribe@', robot_list), | ||
| 76 | CONCAT(name_list, '-owner@', robot_list), | ||
| 77 | CONCAT('sympa-request@', robot_list), | ||
| 78 | CONCAT('sympa-owner@', robot_list), | ||
| 79 | CONCAT('sympa@', robot_list), | ||
| 80 | CONCAT('listmaster@', robot_list), | ||
| 81 | CONCAT('bounce@', robot_list), | ||
| 82 | CONCAT('abuse-feedback-report@', robot_list) | ||
| 83 | ) | ||
| 82 | ''; | 84 | ''; |
| 83 | } | 85 | } |
| 84 | { | 86 | { |
| @@ -107,9 +109,9 @@ | |||
| 107 | restart = true; | 109 | restart = true; |
| 108 | paths = [ | 110 | paths = [ |
| 109 | config.secrets.fullPaths."postfix/mysql_alias_maps" | 111 | config.secrets.fullPaths."postfix/mysql_alias_maps" |
| 110 | config.secrets.fullPaths."postfix/mysql_mailbox_maps" | ||
| 111 | config.secrets.fullPaths."postfix/sympa_mailbox_maps" | 112 | config.secrets.fullPaths."postfix/sympa_mailbox_maps" |
| 112 | config.secrets.fullPaths."postfix/ldap_ejabberd_users_immae_fr" | 113 | config.secrets.fullPaths."postfix/ldap_ejabberd_users_immae_fr" |
| 114 | config.secrets.fullPaths."postfix/ldap_mailboxes" | ||
| 113 | ]; | 115 | ]; |
| 114 | }; | 116 | }; |
| 115 | services.postfix = { | 117 | services.postfix = { |
| @@ -151,12 +153,8 @@ | |||
| 151 | ) | 153 | ) |
| 152 | ); | 154 | ); |
| 153 | }; | 155 | }; |
| 154 | sasl_access = { | ||
| 155 | host_dummy_mailboxes = pkgs.writeText "host-virtual-mailbox" | ||
| 156 | (builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (n: v: "${n}@immae.eu 1") nodes)); | ||
| 157 | }; | ||
| 158 | in | 156 | in |
| 159 | recipient_maps // relay_restrictions // virtual_map // sasl_access; | 157 | recipient_maps // relay_restrictions // virtual_map; |
| 160 | config = { | 158 | config = { |
| 161 | ### postfix module overrides | 159 | ### postfix module overrides |
| 162 | readme_directory = "${pkgs.postfix}/share/postfix/doc"; | 160 | readme_directory = "${pkgs.postfix}/share/postfix/doc"; |
| @@ -194,8 +192,7 @@ | |||
| 194 | "ldap:${config.secrets.fullPaths."postfix/ldap_ejabberd_users_immae_fr"}" | 192 | "ldap:${config.secrets.fullPaths."postfix/ldap_ejabberd_users_immae_fr"}" |
| 195 | ]; | 193 | ]; |
| 196 | virtual_mailbox_maps = [ | 194 | virtual_mailbox_maps = [ |
| 197 | "hash:/etc/postfix/host_dummy_mailboxes" | 195 | "ldap:${config.secrets.fullPaths."postfix/ldap_mailboxes"}" |
| 198 | "mysql:${config.secrets.fullPaths."postfix/mysql_mailbox_maps"}" | ||
| 199 | "pgsql:${config.secrets.fullPaths."postfix/sympa_mailbox_maps"}" | 196 | "pgsql:${config.secrets.fullPaths."postfix/sympa_mailbox_maps"}" |
| 200 | ]; | 197 | ]; |
| 201 | in | 198 | in |
diff --git a/modules/private/mail/sympa.nix b/modules/private/mail/sympa.nix index 1a696d0..9bd5a57 100644 --- a/modules/private/mail/sympa.nix +++ b/modules/private/mail/sympa.nix | |||
| @@ -94,6 +94,7 @@ in | |||
| 94 | 94 | ||
| 95 | services.postfix = { | 95 | services.postfix = { |
| 96 | mapFiles = { | 96 | mapFiles = { |
| 97 | # Update relay list when changing one of those | ||
| 97 | sympa_virtual = pkgs.writeText "virtual.sympa" '' | 98 | sympa_virtual = pkgs.writeText "virtual.sympa" '' |
| 98 | sympa-request@${domain} postmaster@immae.eu | 99 | sympa-request@${domain} postmaster@immae.eu |
| 99 | sympa-owner@${domain} postmaster@immae.eu | 100 | sympa-owner@${domain} postmaster@immae.eu |