diff options
Diffstat (limited to 'modules/private/mail')
| -rw-r--r-- | modules/private/mail/default.nix | 4 | ||||
| -rw-r--r-- | modules/private/mail/dovecot.nix | 22 | ||||
| -rw-r--r-- | modules/private/mail/milters.nix | 10 | ||||
| -rw-r--r-- | modules/private/mail/postfix.nix | 48 | ||||
| -rw-r--r-- | modules/private/mail/rspamd.nix | 14 |
5 files changed, 49 insertions, 49 deletions
diff --git a/modules/private/mail/default.nix b/modules/private/mail/default.nix index 8be21a1..839939c 100644 --- a/modules/private/mail/default.nix +++ b/modules/private/mail/default.nix | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | { lib, pkgs, config, myconfig, ... }: | 1 | { lib, pkgs, config, ... }: |
| 2 | { | 2 | { |
| 3 | imports = [ | 3 | imports = [ |
| 4 | ./milters.nix | 4 | ./milters.nix |
| @@ -14,7 +14,7 @@ | |||
| 14 | extraDomains = let | 14 | extraDomains = let |
| 15 | zonesWithMx = builtins.filter (zone: | 15 | zonesWithMx = builtins.filter (zone: |
| 16 | lib.attrsets.hasAttr "withEmail" zone && lib.lists.length zone.withEmail > 0 | 16 | lib.attrsets.hasAttr "withEmail" zone && lib.lists.length zone.withEmail > 0 |
| 17 | ) myconfig.env.dns.masterZones; | 17 | ) config.myEnv.dns.masterZones; |
| 18 | mxs = map (zone: "mx-1.${zone.name}") zonesWithMx; | 18 | mxs = map (zone: "mx-1.${zone.name}") zonesWithMx; |
| 19 | in builtins.listToAttrs (map (mx: lib.attrsets.nameValuePair mx null) mxs); | 19 | in builtins.listToAttrs (map (mx: lib.attrsets.nameValuePair mx null) mxs); |
| 20 | }; | 20 | }; |
diff --git a/modules/private/mail/dovecot.nix b/modules/private/mail/dovecot.nix index 470fc1a..16053ea 100644 --- a/modules/private/mail/dovecot.nix +++ b/modules/private/mail/dovecot.nix | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | { lib, pkgs, config, myconfig, ... }: | 1 | { lib, pkgs, config, ... }: |
| 2 | let | 2 | let |
| 3 | sieve_bin = pkgs.runCommand "sieve_bin" { | 3 | sieve_bin = pkgs.runCommand "sieve_bin" { |
| 4 | buildInputs = [ pkgs.makeWrapper ]; | 4 | buildInputs = [ pkgs.makeWrapper ]; |
| @@ -24,26 +24,26 @@ in | |||
| 24 | group = config.services.dovecot2.group; | 24 | group = config.services.dovecot2.group; |
| 25 | permissions = "0400"; | 25 | permissions = "0400"; |
| 26 | text = '' | 26 | text = '' |
| 27 | hosts = ${myconfig.env.mail.dovecot.ldap.host} | 27 | hosts = ${config.myEnv.mail.dovecot.ldap.host} |
| 28 | tls = yes | 28 | tls = yes |
| 29 | 29 | ||
| 30 | dn = ${myconfig.env.mail.dovecot.ldap.dn} | 30 | dn = ${config.myEnv.mail.dovecot.ldap.dn} |
| 31 | dnpass = ${myconfig.env.mail.dovecot.ldap.password} | 31 | dnpass = ${config.myEnv.mail.dovecot.ldap.password} |
| 32 | 32 | ||
| 33 | auth_bind = yes | 33 | auth_bind = yes |
| 34 | 34 | ||
| 35 | ldap_version = 3 | 35 | ldap_version = 3 |
| 36 | 36 | ||
| 37 | base = ${myconfig.env.mail.dovecot.ldap.base} | 37 | base = ${config.myEnv.mail.dovecot.ldap.base} |
| 38 | scope = subtree | 38 | scope = subtree |
| 39 | 39 | ||
| 40 | pass_filter = ${myconfig.env.mail.dovecot.ldap.filter} | 40 | pass_filter = ${config.myEnv.mail.dovecot.ldap.filter} |
| 41 | pass_attrs = ${myconfig.env.mail.dovecot.ldap.pass_attrs} | 41 | pass_attrs = ${config.myEnv.mail.dovecot.ldap.pass_attrs} |
| 42 | 42 | ||
| 43 | user_attrs = ${myconfig.env.mail.dovecot.ldap.user_attrs} | 43 | user_attrs = ${config.myEnv.mail.dovecot.ldap.user_attrs} |
| 44 | user_filter = ${myconfig.env.mail.dovecot.ldap.filter} | 44 | user_filter = ${config.myEnv.mail.dovecot.ldap.filter} |
| 45 | iterate_attrs = ${myconfig.env.mail.dovecot.ldap.iterate_attrs} | 45 | iterate_attrs = ${config.myEnv.mail.dovecot.ldap.iterate_attrs} |
| 46 | iterate_filter = ${myconfig.env.mail.dovecot.ldap.iterate_filter} | 46 | iterate_filter = ${config.myEnv.mail.dovecot.ldap.iterate_filter} |
| 47 | ''; | 47 | ''; |
| 48 | } | 48 | } |
| 49 | ]; | 49 | ]; |
diff --git a/modules/private/mail/milters.nix b/modules/private/mail/milters.nix index 123af4a..6b033e8 100644 --- a/modules/private/mail/milters.nix +++ b/modules/private/mail/milters.nix | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | { lib, pkgs, config, myconfig, ... }: | 1 | { lib, pkgs, config, ... }: |
| 2 | { | 2 | { |
| 3 | options.myServices.mail.milters.sockets = lib.mkOption { | 3 | options.myServices.mail.milters.sockets = lib.mkOption { |
| 4 | type = lib.types.attrsOf lib.types.path; | 4 | type = lib.types.attrsOf lib.types.path; |
| @@ -19,7 +19,7 @@ | |||
| 19 | user = config.services.opendkim.user; | 19 | user = config.services.opendkim.user; |
| 20 | group = config.services.opendkim.group; | 20 | group = config.services.opendkim.group; |
| 21 | permissions = "0400"; | 21 | permissions = "0400"; |
| 22 | text = myconfig.env.mail.dkim.eldiron.private; | 22 | text = config.myEnv.mail.dkim.eldiron.private; |
| 23 | } | 23 | } |
| 24 | { | 24 | { |
| 25 | dest = "opendkim/eldiron.txt"; | 25 | dest = "opendkim/eldiron.txt"; |
| @@ -27,14 +27,14 @@ | |||
| 27 | group = config.services.opendkim.group; | 27 | group = config.services.opendkim.group; |
| 28 | permissions = "0444"; | 28 | permissions = "0444"; |
| 29 | text = '' | 29 | text = '' |
| 30 | eldiron._domainkey IN TXT ${myconfig.env.mail.dkim.eldiron.public}''; | 30 | eldiron._domainkey IN TXT ${config.myEnv.mail.dkim.eldiron.public}''; |
| 31 | } | 31 | } |
| 32 | { | 32 | { |
| 33 | dest = "opendmarc/ignore.hosts"; | 33 | dest = "opendmarc/ignore.hosts"; |
| 34 | user = config.services.opendmarc.user; | 34 | user = config.services.opendmarc.user; |
| 35 | group = config.services.opendmarc.group; | 35 | group = config.services.opendmarc.group; |
| 36 | permissions = "0400"; | 36 | permissions = "0400"; |
| 37 | text = myconfig.env.mail.dmarc.ignore_hosts; | 37 | text = config.myEnv.mail.dmarc.ignore_hosts; |
| 38 | } | 38 | } |
| 39 | ]; | 39 | ]; |
| 40 | users.users."${config.services.opendkim.user}".extraGroups = [ "keys" ]; | 40 | users.users."${config.services.opendkim.user}".extraGroups = [ "keys" ]; |
| @@ -46,7 +46,7 @@ | |||
| 46 | (e: "${e.domain}${lib.optionalString (e.domain != "") "."}${zone.name}") | 46 | (e: "${e.domain}${lib.optionalString (e.domain != "") "."}${zone.name}") |
| 47 | (zone.withEmail or []) | 47 | (zone.withEmail or []) |
| 48 | ) | 48 | ) |
| 49 | myconfig.env.dns.masterZones | 49 | config.myEnv.dns.masterZones |
| 50 | )); | 50 | )); |
| 51 | keyPath = "${config.secrets.location}/opendkim"; | 51 | keyPath = "${config.secrets.location}/opendkim"; |
| 52 | selector = "eldiron"; | 52 | selector = "eldiron"; |
diff --git a/modules/private/mail/postfix.nix b/modules/private/mail/postfix.nix index a679027..f8f86f6 100644 --- a/modules/private/mail/postfix.nix +++ b/modules/private/mail/postfix.nix | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | { lib, pkgs, config, myconfig, ... }: | 1 | { lib, pkgs, config, ... }: |
| 2 | { | 2 | { |
| 3 | config = lib.mkIf config.myServices.mail.enable { | 3 | config = lib.mkIf config.myServices.mail.enable { |
| 4 | services.duplyBackup.profiles.mail.excludeFile = '' | 4 | services.duplyBackup.profiles.mail.excludeFile = '' |
| @@ -13,10 +13,10 @@ | |||
| 13 | text = '' | 13 | text = '' |
| 14 | # We need to specify that option to trigger ssl connection | 14 | # We need to specify that option to trigger ssl connection |
| 15 | tls_ciphers = TLSv1.2 | 15 | tls_ciphers = TLSv1.2 |
| 16 | user = ${myconfig.env.mail.postfix.mysql.user} | 16 | user = ${config.myEnv.mail.postfix.mysql.user} |
| 17 | password = ${myconfig.env.mail.postfix.mysql.password} | 17 | password = ${config.myEnv.mail.postfix.mysql.password} |
| 18 | hosts = unix:${myconfig.env.mail.postfix.mysql.socket} | 18 | hosts = unix:${config.myEnv.mail.postfix.mysql.socket} |
| 19 | dbname = ${myconfig.env.mail.postfix.mysql.database} | 19 | dbname = ${config.myEnv.mail.postfix.mysql.database} |
| 20 | query = SELECT DISTINCT destination | 20 | query = SELECT DISTINCT destination |
| 21 | FROM forwardings_merge | 21 | FROM forwardings_merge |
| 22 | WHERE | 22 | WHERE |
| @@ -41,10 +41,10 @@ | |||
| 41 | text = '' | 41 | text = '' |
| 42 | # We need to specify that option to trigger ssl connection | 42 | # We need to specify that option to trigger ssl connection |
| 43 | tls_ciphers = TLSv1.2 | 43 | tls_ciphers = TLSv1.2 |
| 44 | user = ${myconfig.env.mail.postfix.mysql.user} | 44 | user = ${config.myEnv.mail.postfix.mysql.user} |
| 45 | password = ${myconfig.env.mail.postfix.mysql.password} | 45 | password = ${config.myEnv.mail.postfix.mysql.password} |
| 46 | hosts = unix:${myconfig.env.mail.postfix.mysql.socket} | 46 | hosts = unix:${config.myEnv.mail.postfix.mysql.socket} |
| 47 | dbname = ${myconfig.env.mail.postfix.mysql.database} | 47 | dbname = ${config.myEnv.mail.postfix.mysql.database} |
| 48 | result_format = /%d/%u | 48 | result_format = /%d/%u |
| 49 | query = SELECT DISTINCT '%s' | 49 | query = SELECT DISTINCT '%s' |
| 50 | FROM mailboxes | 50 | FROM mailboxes |
| @@ -68,10 +68,10 @@ | |||
| 68 | text = '' | 68 | text = '' |
| 69 | # We need to specify that option to trigger ssl connection | 69 | # We need to specify that option to trigger ssl connection |
| 70 | tls_ciphers = TLSv1.2 | 70 | tls_ciphers = TLSv1.2 |
| 71 | user = ${myconfig.env.mail.postfix.mysql.user} | 71 | user = ${config.myEnv.mail.postfix.mysql.user} |
| 72 | password = ${myconfig.env.mail.postfix.mysql.password} | 72 | password = ${config.myEnv.mail.postfix.mysql.password} |
| 73 | hosts = unix:${myconfig.env.mail.postfix.mysql.socket} | 73 | hosts = unix:${config.myEnv.mail.postfix.mysql.socket} |
| 74 | dbname = ${myconfig.env.mail.postfix.mysql.database} | 74 | dbname = ${config.myEnv.mail.postfix.mysql.database} |
| 75 | query = SELECT DISTINCT destination | 75 | query = SELECT DISTINCT destination |
| 76 | FROM forwardings_merge | 76 | FROM forwardings_merge |
| 77 | WHERE | 77 | WHERE |
| @@ -132,7 +132,7 @@ | |||
| 132 | ''; | 132 | ''; |
| 133 | scripts = lib.attrsets.mapAttrs (n: v: | 133 | scripts = lib.attrsets.mapAttrs (n: v: |
| 134 | toScript n (pkgs.callPackage (builtins.fetchGit { url = v.src.url; ref = "master"; rev = v.src.rev; }) { scriptEnv = v.env; }) | 134 | toScript n (pkgs.callPackage (builtins.fetchGit { url = v.src.url; ref = "master"; rev = v.src.rev; }) { scriptEnv = v.env; }) |
| 135 | ) myconfig.env.mail.scripts; | 135 | ) config.myEnv.mail.scripts; |
| 136 | in builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (n: v: ''${n}: "|${v}"'') scripts); | 136 | in builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (n: v: ''${n}: "|${v}"'') scripts); |
| 137 | mapFiles = let | 137 | mapFiles = let |
| 138 | recipient_maps = let | 138 | recipient_maps = let |
| @@ -145,7 +145,7 @@ | |||
| 145 | pairs = n: v: lib.imap1 (i: m: pair n i m) v.recipient_maps; | 145 | pairs = n: v: lib.imap1 (i: m: pair n i m) v.recipient_maps; |
| 146 | in lib.attrsets.filterAttrs (k: v: v != null) ( | 146 | in lib.attrsets.filterAttrs (k: v: v != null) ( |
| 147 | lib.attrsets.listToAttrs (lib.flatten ( | 147 | lib.attrsets.listToAttrs (lib.flatten ( |
| 148 | lib.attrsets.mapAttrsToList pairs myconfig.env.mail.postfix.backup_domains | 148 | lib.attrsets.mapAttrsToList pairs config.myEnv.mail.postfix.backup_domains |
| 149 | )) | 149 | )) |
| 150 | ); | 150 | ); |
| 151 | relay_restrictions = lib.attrsets.filterAttrs (k: v: v != null) ( | 151 | relay_restrictions = lib.attrsets.filterAttrs (k: v: v != null) ( |
| @@ -155,7 +155,7 @@ | |||
| 155 | then pkgs.writeText "recipient_access_${n}" v.relay_restrictions | 155 | then pkgs.writeText "recipient_access_${n}" v.relay_restrictions |
| 156 | else null | 156 | else null |
| 157 | ) | 157 | ) |
| 158 | ) myconfig.env.mail.postfix.backup_domains | 158 | ) config.myEnv.mail.postfix.backup_domains |
| 159 | ); | 159 | ); |
| 160 | virtual_map = { | 160 | virtual_map = { |
| 161 | virtual = pkgs.writeText "postfix-virtual" ( | 161 | virtual = pkgs.writeText "postfix-virtual" ( |
| @@ -164,7 +164,7 @@ | |||
| 164 | n: v: '' | 164 | n: v: '' |
| 165 | script_${n}@mail.immae.eu ${n}@localhost, scripts@mail.immae.eu | 165 | script_${n}@mail.immae.eu ${n}@localhost, scripts@mail.immae.eu |
| 166 | '' | 166 | '' |
| 167 | ) myconfig.env.mail.scripts | 167 | ) config.myEnv.mail.scripts |
| 168 | ) | 168 | ) |
| 169 | ); | 169 | ); |
| 170 | }; | 170 | }; |
| @@ -183,7 +183,7 @@ | |||
| 183 | 183 | ||
| 184 | ### Virtual mailboxes config | 184 | ### Virtual mailboxes config |
| 185 | virtual_alias_maps = "hash:/etc/postfix/virtual mysql:${config.secrets.fullPaths."postfix/mysql_alias_maps"}"; | 185 | virtual_alias_maps = "hash:/etc/postfix/virtual mysql:${config.secrets.fullPaths."postfix/mysql_alias_maps"}"; |
| 186 | virtual_mailbox_domains = myconfig.env.mail.postfix.additional_mailbox_domains | 186 | virtual_mailbox_domains = config.myEnv.mail.postfix.additional_mailbox_domains |
| 187 | ++ lib.remove "localhost.immae.eu" (lib.remove null (lib.flatten (map | 187 | ++ lib.remove "localhost.immae.eu" (lib.remove null (lib.flatten (map |
| 188 | (zone: map | 188 | (zone: map |
| 189 | (e: if e.receive | 189 | (e: if e.receive |
| @@ -192,17 +192,17 @@ | |||
| 192 | ) | 192 | ) |
| 193 | (zone.withEmail or []) | 193 | (zone.withEmail or []) |
| 194 | ) | 194 | ) |
| 195 | myconfig.env.dns.masterZones | 195 | config.myEnv.dns.masterZones |
| 196 | ))); | 196 | ))); |
| 197 | virtual_mailbox_maps = "mysql:${config.secrets.fullPaths."postfix/mysql_mailbox_maps"}"; | 197 | virtual_mailbox_maps = "mysql:${config.secrets.fullPaths."postfix/mysql_mailbox_maps"}"; |
| 198 | dovecot_destination_recipient_limit = "1"; | 198 | dovecot_destination_recipient_limit = "1"; |
| 199 | virtual_transport = "dovecot"; | 199 | virtual_transport = "dovecot"; |
| 200 | 200 | ||
| 201 | ### Relay domains | 201 | ### Relay domains |
| 202 | relay_domains = lib.flatten (lib.attrsets.mapAttrsToList (n: v: v.domains or []) myconfig.env.mail.postfix.backup_domains); | 202 | relay_domains = lib.flatten (lib.attrsets.mapAttrsToList (n: v: v.domains or []) config.myEnv.mail.postfix.backup_domains); |
| 203 | relay_recipient_maps = lib.flatten (lib.attrsets.mapAttrsToList (n: v: | 203 | relay_recipient_maps = lib.flatten (lib.attrsets.mapAttrsToList (n: v: |
| 204 | lib.imap1 (i: m: "${m.type}:/etc/postfix/relay_${n}_${toString i}") v.recipient_maps | 204 | lib.imap1 (i: m: "${m.type}:/etc/postfix/relay_${n}_${toString i}") v.recipient_maps |
| 205 | ) myconfig.env.mail.postfix.backup_domains); | 205 | ) config.myEnv.mail.postfix.backup_domains); |
| 206 | smtpd_relay_restrictions = [ | 206 | smtpd_relay_restrictions = [ |
| 207 | "permit_mynetworks" | 207 | "permit_mynetworks" |
| 208 | "permit_sasl_authenticated" | 208 | "permit_sasl_authenticated" |
| @@ -211,7 +211,7 @@ | |||
| 211 | if lib.attrsets.hasAttr "relay_restrictions" v | 211 | if lib.attrsets.hasAttr "relay_restrictions" v |
| 212 | then [ "check_recipient_access hash:/etc/postfix/recipient_access_${n}" ] | 212 | then [ "check_recipient_access hash:/etc/postfix/recipient_access_${n}" ] |
| 213 | else [] | 213 | else [] |
| 214 | ) myconfig.env.mail.postfix.backup_domains); | 214 | ) config.myEnv.mail.postfix.backup_domains); |
| 215 | 215 | ||
| 216 | ### Additional smtpd configuration | 216 | ### Additional smtpd configuration |
| 217 | smtpd_tls_received_header = "yes"; | 217 | smtpd_tls_received_header = "yes"; |
| @@ -222,8 +222,8 @@ | |||
| 222 | smtp_tls_loglevel = "1"; | 222 | smtp_tls_loglevel = "1"; |
| 223 | 223 | ||
| 224 | ### Force ip bind for smtp | 224 | ### Force ip bind for smtp |
| 225 | smtp_bind_address = myconfig.env.servers.eldiron.ips.main.ip4; | 225 | smtp_bind_address = config.myEnv.servers.eldiron.ips.main.ip4; |
| 226 | smtp_bind_address6 = builtins.head myconfig.env.servers.eldiron.ips.main.ip6; | 226 | smtp_bind_address6 = builtins.head config.myEnv.servers.eldiron.ips.main.ip6; |
| 227 | 227 | ||
| 228 | # #Unneeded if postfix can only send e-mail from "self" domains | 228 | # #Unneeded if postfix can only send e-mail from "self" domains |
| 229 | # #smtp_sasl_auth_enable = "yes"; | 229 | # #smtp_sasl_auth_enable = "yes"; |
diff --git a/modules/private/mail/rspamd.nix b/modules/private/mail/rspamd.nix index b5f64d8..4d55fc2 100644 --- a/modules/private/mail/rspamd.nix +++ b/modules/private/mail/rspamd.nix | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | { lib, pkgs, config, myconfig, ... }: | 1 | { lib, pkgs, config, ... }: |
| 2 | { | 2 | { |
| 3 | options.myServices.mail.rspamd.sockets = lib.mkOption { | 3 | options.myServices.mail.rspamd.sockets = lib.mkOption { |
| 4 | type = lib.types.attrsOf lib.types.path; | 4 | type = lib.types.attrsOf lib.types.path; |
| @@ -43,14 +43,14 @@ | |||
| 43 | }; | 43 | }; |
| 44 | locals = { | 44 | locals = { |
| 45 | "redis.conf".text = '' | 45 | "redis.conf".text = '' |
| 46 | servers = "${myconfig.env.mail.rspamd.redis.socket}"; | 46 | servers = "${config.myEnv.mail.rspamd.redis.socket}"; |
| 47 | db = "${myconfig.env.mail.rspamd.redis.db}"; | 47 | db = "${config.myEnv.mail.rspamd.redis.db}"; |
| 48 | ''; | 48 | ''; |
| 49 | "classifier-bayes.conf".text = '' | 49 | "classifier-bayes.conf".text = '' |
| 50 | users_enabled = true; | 50 | users_enabled = true; |
| 51 | backend = "redis"; | 51 | backend = "redis"; |
| 52 | servers = "${myconfig.env.mail.rspamd.redis.socket}"; | 52 | servers = "${config.myEnv.mail.rspamd.redis.socket}"; |
| 53 | database = "${myconfig.env.mail.rspamd.redis.db}"; | 53 | database = "${config.myEnv.mail.rspamd.redis.db}"; |
| 54 | autolearn = true; | 54 | autolearn = true; |
| 55 | cache { | 55 | cache { |
| 56 | backend = "redis"; | 56 | backend = "redis"; |
| @@ -69,8 +69,8 @@ | |||
| 69 | workers = { | 69 | workers = { |
| 70 | controller = { | 70 | controller = { |
| 71 | extraConfig = '' | 71 | extraConfig = '' |
| 72 | enable_password = "${myconfig.env.mail.rspamd.write_password_hashed}"; | 72 | enable_password = "${config.myEnv.mail.rspamd.write_password_hashed}"; |
| 73 | password = "${myconfig.env.mail.rspamd.read_password_hashed}"; | 73 | password = "${config.myEnv.mail.rspamd.read_password_hashed}"; |
| 74 | ''; | 74 | ''; |
| 75 | bindSockets = [ { | 75 | bindSockets = [ { |
| 76 | socket = config.myServices.mail.rspamd.sockets.worker-controller; | 76 | socket = config.myServices.mail.rspamd.sockets.worker-controller; |