diff options
Diffstat (limited to 'modules/private/mail')
-rw-r--r-- | modules/private/mail/default.nix | 4 | ||||
-rw-r--r-- | modules/private/mail/dovecot.nix | 22 | ||||
-rw-r--r-- | modules/private/mail/milters.nix | 10 | ||||
-rw-r--r-- | modules/private/mail/postfix.nix | 48 | ||||
-rw-r--r-- | modules/private/mail/rspamd.nix | 14 |
5 files changed, 49 insertions, 49 deletions
diff --git a/modules/private/mail/default.nix b/modules/private/mail/default.nix index 8be21a1..839939c 100644 --- a/modules/private/mail/default.nix +++ b/modules/private/mail/default.nix | |||
@@ -1,4 +1,4 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | 1 | { lib, pkgs, config, ... }: |
2 | { | 2 | { |
3 | imports = [ | 3 | imports = [ |
4 | ./milters.nix | 4 | ./milters.nix |
@@ -14,7 +14,7 @@ | |||
14 | extraDomains = let | 14 | extraDomains = let |
15 | zonesWithMx = builtins.filter (zone: | 15 | zonesWithMx = builtins.filter (zone: |
16 | lib.attrsets.hasAttr "withEmail" zone && lib.lists.length zone.withEmail > 0 | 16 | lib.attrsets.hasAttr "withEmail" zone && lib.lists.length zone.withEmail > 0 |
17 | ) myconfig.env.dns.masterZones; | 17 | ) config.myEnv.dns.masterZones; |
18 | mxs = map (zone: "mx-1.${zone.name}") zonesWithMx; | 18 | mxs = map (zone: "mx-1.${zone.name}") zonesWithMx; |
19 | in builtins.listToAttrs (map (mx: lib.attrsets.nameValuePair mx null) mxs); | 19 | in builtins.listToAttrs (map (mx: lib.attrsets.nameValuePair mx null) mxs); |
20 | }; | 20 | }; |
diff --git a/modules/private/mail/dovecot.nix b/modules/private/mail/dovecot.nix index 470fc1a..16053ea 100644 --- a/modules/private/mail/dovecot.nix +++ b/modules/private/mail/dovecot.nix | |||
@@ -1,4 +1,4 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | 1 | { lib, pkgs, config, ... }: |
2 | let | 2 | let |
3 | sieve_bin = pkgs.runCommand "sieve_bin" { | 3 | sieve_bin = pkgs.runCommand "sieve_bin" { |
4 | buildInputs = [ pkgs.makeWrapper ]; | 4 | buildInputs = [ pkgs.makeWrapper ]; |
@@ -24,26 +24,26 @@ in | |||
24 | group = config.services.dovecot2.group; | 24 | group = config.services.dovecot2.group; |
25 | permissions = "0400"; | 25 | permissions = "0400"; |
26 | text = '' | 26 | text = '' |
27 | hosts = ${myconfig.env.mail.dovecot.ldap.host} | 27 | hosts = ${config.myEnv.mail.dovecot.ldap.host} |
28 | tls = yes | 28 | tls = yes |
29 | 29 | ||
30 | dn = ${myconfig.env.mail.dovecot.ldap.dn} | 30 | dn = ${config.myEnv.mail.dovecot.ldap.dn} |
31 | dnpass = ${myconfig.env.mail.dovecot.ldap.password} | 31 | dnpass = ${config.myEnv.mail.dovecot.ldap.password} |
32 | 32 | ||
33 | auth_bind = yes | 33 | auth_bind = yes |
34 | 34 | ||
35 | ldap_version = 3 | 35 | ldap_version = 3 |
36 | 36 | ||
37 | base = ${myconfig.env.mail.dovecot.ldap.base} | 37 | base = ${config.myEnv.mail.dovecot.ldap.base} |
38 | scope = subtree | 38 | scope = subtree |
39 | 39 | ||
40 | pass_filter = ${myconfig.env.mail.dovecot.ldap.filter} | 40 | pass_filter = ${config.myEnv.mail.dovecot.ldap.filter} |
41 | pass_attrs = ${myconfig.env.mail.dovecot.ldap.pass_attrs} | 41 | pass_attrs = ${config.myEnv.mail.dovecot.ldap.pass_attrs} |
42 | 42 | ||
43 | user_attrs = ${myconfig.env.mail.dovecot.ldap.user_attrs} | 43 | user_attrs = ${config.myEnv.mail.dovecot.ldap.user_attrs} |
44 | user_filter = ${myconfig.env.mail.dovecot.ldap.filter} | 44 | user_filter = ${config.myEnv.mail.dovecot.ldap.filter} |
45 | iterate_attrs = ${myconfig.env.mail.dovecot.ldap.iterate_attrs} | 45 | iterate_attrs = ${config.myEnv.mail.dovecot.ldap.iterate_attrs} |
46 | iterate_filter = ${myconfig.env.mail.dovecot.ldap.iterate_filter} | 46 | iterate_filter = ${config.myEnv.mail.dovecot.ldap.iterate_filter} |
47 | ''; | 47 | ''; |
48 | } | 48 | } |
49 | ]; | 49 | ]; |
diff --git a/modules/private/mail/milters.nix b/modules/private/mail/milters.nix index 123af4a..6b033e8 100644 --- a/modules/private/mail/milters.nix +++ b/modules/private/mail/milters.nix | |||
@@ -1,4 +1,4 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | 1 | { lib, pkgs, config, ... }: |
2 | { | 2 | { |
3 | options.myServices.mail.milters.sockets = lib.mkOption { | 3 | options.myServices.mail.milters.sockets = lib.mkOption { |
4 | type = lib.types.attrsOf lib.types.path; | 4 | type = lib.types.attrsOf lib.types.path; |
@@ -19,7 +19,7 @@ | |||
19 | user = config.services.opendkim.user; | 19 | user = config.services.opendkim.user; |
20 | group = config.services.opendkim.group; | 20 | group = config.services.opendkim.group; |
21 | permissions = "0400"; | 21 | permissions = "0400"; |
22 | text = myconfig.env.mail.dkim.eldiron.private; | 22 | text = config.myEnv.mail.dkim.eldiron.private; |
23 | } | 23 | } |
24 | { | 24 | { |
25 | dest = "opendkim/eldiron.txt"; | 25 | dest = "opendkim/eldiron.txt"; |
@@ -27,14 +27,14 @@ | |||
27 | group = config.services.opendkim.group; | 27 | group = config.services.opendkim.group; |
28 | permissions = "0444"; | 28 | permissions = "0444"; |
29 | text = '' | 29 | text = '' |
30 | eldiron._domainkey IN TXT ${myconfig.env.mail.dkim.eldiron.public}''; | 30 | eldiron._domainkey IN TXT ${config.myEnv.mail.dkim.eldiron.public}''; |
31 | } | 31 | } |
32 | { | 32 | { |
33 | dest = "opendmarc/ignore.hosts"; | 33 | dest = "opendmarc/ignore.hosts"; |
34 | user = config.services.opendmarc.user; | 34 | user = config.services.opendmarc.user; |
35 | group = config.services.opendmarc.group; | 35 | group = config.services.opendmarc.group; |
36 | permissions = "0400"; | 36 | permissions = "0400"; |
37 | text = myconfig.env.mail.dmarc.ignore_hosts; | 37 | text = config.myEnv.mail.dmarc.ignore_hosts; |
38 | } | 38 | } |
39 | ]; | 39 | ]; |
40 | users.users."${config.services.opendkim.user}".extraGroups = [ "keys" ]; | 40 | users.users."${config.services.opendkim.user}".extraGroups = [ "keys" ]; |
@@ -46,7 +46,7 @@ | |||
46 | (e: "${e.domain}${lib.optionalString (e.domain != "") "."}${zone.name}") | 46 | (e: "${e.domain}${lib.optionalString (e.domain != "") "."}${zone.name}") |
47 | (zone.withEmail or []) | 47 | (zone.withEmail or []) |
48 | ) | 48 | ) |
49 | myconfig.env.dns.masterZones | 49 | config.myEnv.dns.masterZones |
50 | )); | 50 | )); |
51 | keyPath = "${config.secrets.location}/opendkim"; | 51 | keyPath = "${config.secrets.location}/opendkim"; |
52 | selector = "eldiron"; | 52 | selector = "eldiron"; |
diff --git a/modules/private/mail/postfix.nix b/modules/private/mail/postfix.nix index a679027..f8f86f6 100644 --- a/modules/private/mail/postfix.nix +++ b/modules/private/mail/postfix.nix | |||
@@ -1,4 +1,4 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | 1 | { lib, pkgs, config, ... }: |
2 | { | 2 | { |
3 | config = lib.mkIf config.myServices.mail.enable { | 3 | config = lib.mkIf config.myServices.mail.enable { |
4 | services.duplyBackup.profiles.mail.excludeFile = '' | 4 | services.duplyBackup.profiles.mail.excludeFile = '' |
@@ -13,10 +13,10 @@ | |||
13 | text = '' | 13 | text = '' |
14 | # We need to specify that option to trigger ssl connection | 14 | # We need to specify that option to trigger ssl connection |
15 | tls_ciphers = TLSv1.2 | 15 | tls_ciphers = TLSv1.2 |
16 | user = ${myconfig.env.mail.postfix.mysql.user} | 16 | user = ${config.myEnv.mail.postfix.mysql.user} |
17 | password = ${myconfig.env.mail.postfix.mysql.password} | 17 | password = ${config.myEnv.mail.postfix.mysql.password} |
18 | hosts = unix:${myconfig.env.mail.postfix.mysql.socket} | 18 | hosts = unix:${config.myEnv.mail.postfix.mysql.socket} |
19 | dbname = ${myconfig.env.mail.postfix.mysql.database} | 19 | dbname = ${config.myEnv.mail.postfix.mysql.database} |
20 | query = SELECT DISTINCT destination | 20 | query = SELECT DISTINCT destination |
21 | FROM forwardings_merge | 21 | FROM forwardings_merge |
22 | WHERE | 22 | WHERE |
@@ -41,10 +41,10 @@ | |||
41 | text = '' | 41 | text = '' |
42 | # We need to specify that option to trigger ssl connection | 42 | # We need to specify that option to trigger ssl connection |
43 | tls_ciphers = TLSv1.2 | 43 | tls_ciphers = TLSv1.2 |
44 | user = ${myconfig.env.mail.postfix.mysql.user} | 44 | user = ${config.myEnv.mail.postfix.mysql.user} |
45 | password = ${myconfig.env.mail.postfix.mysql.password} | 45 | password = ${config.myEnv.mail.postfix.mysql.password} |
46 | hosts = unix:${myconfig.env.mail.postfix.mysql.socket} | 46 | hosts = unix:${config.myEnv.mail.postfix.mysql.socket} |
47 | dbname = ${myconfig.env.mail.postfix.mysql.database} | 47 | dbname = ${config.myEnv.mail.postfix.mysql.database} |
48 | result_format = /%d/%u | 48 | result_format = /%d/%u |
49 | query = SELECT DISTINCT '%s' | 49 | query = SELECT DISTINCT '%s' |
50 | FROM mailboxes | 50 | FROM mailboxes |
@@ -68,10 +68,10 @@ | |||
68 | text = '' | 68 | text = '' |
69 | # We need to specify that option to trigger ssl connection | 69 | # We need to specify that option to trigger ssl connection |
70 | tls_ciphers = TLSv1.2 | 70 | tls_ciphers = TLSv1.2 |
71 | user = ${myconfig.env.mail.postfix.mysql.user} | 71 | user = ${config.myEnv.mail.postfix.mysql.user} |
72 | password = ${myconfig.env.mail.postfix.mysql.password} | 72 | password = ${config.myEnv.mail.postfix.mysql.password} |
73 | hosts = unix:${myconfig.env.mail.postfix.mysql.socket} | 73 | hosts = unix:${config.myEnv.mail.postfix.mysql.socket} |
74 | dbname = ${myconfig.env.mail.postfix.mysql.database} | 74 | dbname = ${config.myEnv.mail.postfix.mysql.database} |
75 | query = SELECT DISTINCT destination | 75 | query = SELECT DISTINCT destination |
76 | FROM forwardings_merge | 76 | FROM forwardings_merge |
77 | WHERE | 77 | WHERE |
@@ -132,7 +132,7 @@ | |||
132 | ''; | 132 | ''; |
133 | scripts = lib.attrsets.mapAttrs (n: v: | 133 | scripts = lib.attrsets.mapAttrs (n: v: |
134 | toScript n (pkgs.callPackage (builtins.fetchGit { url = v.src.url; ref = "master"; rev = v.src.rev; }) { scriptEnv = v.env; }) | 134 | toScript n (pkgs.callPackage (builtins.fetchGit { url = v.src.url; ref = "master"; rev = v.src.rev; }) { scriptEnv = v.env; }) |
135 | ) myconfig.env.mail.scripts; | 135 | ) config.myEnv.mail.scripts; |
136 | in builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (n: v: ''${n}: "|${v}"'') scripts); | 136 | in builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (n: v: ''${n}: "|${v}"'') scripts); |
137 | mapFiles = let | 137 | mapFiles = let |
138 | recipient_maps = let | 138 | recipient_maps = let |
@@ -145,7 +145,7 @@ | |||
145 | pairs = n: v: lib.imap1 (i: m: pair n i m) v.recipient_maps; | 145 | pairs = n: v: lib.imap1 (i: m: pair n i m) v.recipient_maps; |
146 | in lib.attrsets.filterAttrs (k: v: v != null) ( | 146 | in lib.attrsets.filterAttrs (k: v: v != null) ( |
147 | lib.attrsets.listToAttrs (lib.flatten ( | 147 | lib.attrsets.listToAttrs (lib.flatten ( |
148 | lib.attrsets.mapAttrsToList pairs myconfig.env.mail.postfix.backup_domains | 148 | lib.attrsets.mapAttrsToList pairs config.myEnv.mail.postfix.backup_domains |
149 | )) | 149 | )) |
150 | ); | 150 | ); |
151 | relay_restrictions = lib.attrsets.filterAttrs (k: v: v != null) ( | 151 | relay_restrictions = lib.attrsets.filterAttrs (k: v: v != null) ( |
@@ -155,7 +155,7 @@ | |||
155 | then pkgs.writeText "recipient_access_${n}" v.relay_restrictions | 155 | then pkgs.writeText "recipient_access_${n}" v.relay_restrictions |
156 | else null | 156 | else null |
157 | ) | 157 | ) |
158 | ) myconfig.env.mail.postfix.backup_domains | 158 | ) config.myEnv.mail.postfix.backup_domains |
159 | ); | 159 | ); |
160 | virtual_map = { | 160 | virtual_map = { |
161 | virtual = pkgs.writeText "postfix-virtual" ( | 161 | virtual = pkgs.writeText "postfix-virtual" ( |
@@ -164,7 +164,7 @@ | |||
164 | n: v: '' | 164 | n: v: '' |
165 | script_${n}@mail.immae.eu ${n}@localhost, scripts@mail.immae.eu | 165 | script_${n}@mail.immae.eu ${n}@localhost, scripts@mail.immae.eu |
166 | '' | 166 | '' |
167 | ) myconfig.env.mail.scripts | 167 | ) config.myEnv.mail.scripts |
168 | ) | 168 | ) |
169 | ); | 169 | ); |
170 | }; | 170 | }; |
@@ -183,7 +183,7 @@ | |||
183 | 183 | ||
184 | ### Virtual mailboxes config | 184 | ### Virtual mailboxes config |
185 | virtual_alias_maps = "hash:/etc/postfix/virtual mysql:${config.secrets.fullPaths."postfix/mysql_alias_maps"}"; | 185 | virtual_alias_maps = "hash:/etc/postfix/virtual mysql:${config.secrets.fullPaths."postfix/mysql_alias_maps"}"; |
186 | virtual_mailbox_domains = myconfig.env.mail.postfix.additional_mailbox_domains | 186 | virtual_mailbox_domains = config.myEnv.mail.postfix.additional_mailbox_domains |
187 | ++ lib.remove "localhost.immae.eu" (lib.remove null (lib.flatten (map | 187 | ++ lib.remove "localhost.immae.eu" (lib.remove null (lib.flatten (map |
188 | (zone: map | 188 | (zone: map |
189 | (e: if e.receive | 189 | (e: if e.receive |
@@ -192,17 +192,17 @@ | |||
192 | ) | 192 | ) |
193 | (zone.withEmail or []) | 193 | (zone.withEmail or []) |
194 | ) | 194 | ) |
195 | myconfig.env.dns.masterZones | 195 | config.myEnv.dns.masterZones |
196 | ))); | 196 | ))); |
197 | virtual_mailbox_maps = "mysql:${config.secrets.fullPaths."postfix/mysql_mailbox_maps"}"; | 197 | virtual_mailbox_maps = "mysql:${config.secrets.fullPaths."postfix/mysql_mailbox_maps"}"; |
198 | dovecot_destination_recipient_limit = "1"; | 198 | dovecot_destination_recipient_limit = "1"; |
199 | virtual_transport = "dovecot"; | 199 | virtual_transport = "dovecot"; |
200 | 200 | ||
201 | ### Relay domains | 201 | ### Relay domains |
202 | relay_domains = lib.flatten (lib.attrsets.mapAttrsToList (n: v: v.domains or []) myconfig.env.mail.postfix.backup_domains); | 202 | relay_domains = lib.flatten (lib.attrsets.mapAttrsToList (n: v: v.domains or []) config.myEnv.mail.postfix.backup_domains); |
203 | relay_recipient_maps = lib.flatten (lib.attrsets.mapAttrsToList (n: v: | 203 | relay_recipient_maps = lib.flatten (lib.attrsets.mapAttrsToList (n: v: |
204 | lib.imap1 (i: m: "${m.type}:/etc/postfix/relay_${n}_${toString i}") v.recipient_maps | 204 | lib.imap1 (i: m: "${m.type}:/etc/postfix/relay_${n}_${toString i}") v.recipient_maps |
205 | ) myconfig.env.mail.postfix.backup_domains); | 205 | ) config.myEnv.mail.postfix.backup_domains); |
206 | smtpd_relay_restrictions = [ | 206 | smtpd_relay_restrictions = [ |
207 | "permit_mynetworks" | 207 | "permit_mynetworks" |
208 | "permit_sasl_authenticated" | 208 | "permit_sasl_authenticated" |
@@ -211,7 +211,7 @@ | |||
211 | if lib.attrsets.hasAttr "relay_restrictions" v | 211 | if lib.attrsets.hasAttr "relay_restrictions" v |
212 | then [ "check_recipient_access hash:/etc/postfix/recipient_access_${n}" ] | 212 | then [ "check_recipient_access hash:/etc/postfix/recipient_access_${n}" ] |
213 | else [] | 213 | else [] |
214 | ) myconfig.env.mail.postfix.backup_domains); | 214 | ) config.myEnv.mail.postfix.backup_domains); |
215 | 215 | ||
216 | ### Additional smtpd configuration | 216 | ### Additional smtpd configuration |
217 | smtpd_tls_received_header = "yes"; | 217 | smtpd_tls_received_header = "yes"; |
@@ -222,8 +222,8 @@ | |||
222 | smtp_tls_loglevel = "1"; | 222 | smtp_tls_loglevel = "1"; |
223 | 223 | ||
224 | ### Force ip bind for smtp | 224 | ### Force ip bind for smtp |
225 | smtp_bind_address = myconfig.env.servers.eldiron.ips.main.ip4; | 225 | smtp_bind_address = config.myEnv.servers.eldiron.ips.main.ip4; |
226 | smtp_bind_address6 = builtins.head myconfig.env.servers.eldiron.ips.main.ip6; | 226 | smtp_bind_address6 = builtins.head config.myEnv.servers.eldiron.ips.main.ip6; |
227 | 227 | ||
228 | # #Unneeded if postfix can only send e-mail from "self" domains | 228 | # #Unneeded if postfix can only send e-mail from "self" domains |
229 | # #smtp_sasl_auth_enable = "yes"; | 229 | # #smtp_sasl_auth_enable = "yes"; |
diff --git a/modules/private/mail/rspamd.nix b/modules/private/mail/rspamd.nix index b5f64d8..4d55fc2 100644 --- a/modules/private/mail/rspamd.nix +++ b/modules/private/mail/rspamd.nix | |||
@@ -1,4 +1,4 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | 1 | { lib, pkgs, config, ... }: |
2 | { | 2 | { |
3 | options.myServices.mail.rspamd.sockets = lib.mkOption { | 3 | options.myServices.mail.rspamd.sockets = lib.mkOption { |
4 | type = lib.types.attrsOf lib.types.path; | 4 | type = lib.types.attrsOf lib.types.path; |
@@ -43,14 +43,14 @@ | |||
43 | }; | 43 | }; |
44 | locals = { | 44 | locals = { |
45 | "redis.conf".text = '' | 45 | "redis.conf".text = '' |
46 | servers = "${myconfig.env.mail.rspamd.redis.socket}"; | 46 | servers = "${config.myEnv.mail.rspamd.redis.socket}"; |
47 | db = "${myconfig.env.mail.rspamd.redis.db}"; | 47 | db = "${config.myEnv.mail.rspamd.redis.db}"; |
48 | ''; | 48 | ''; |
49 | "classifier-bayes.conf".text = '' | 49 | "classifier-bayes.conf".text = '' |
50 | users_enabled = true; | 50 | users_enabled = true; |
51 | backend = "redis"; | 51 | backend = "redis"; |
52 | servers = "${myconfig.env.mail.rspamd.redis.socket}"; | 52 | servers = "${config.myEnv.mail.rspamd.redis.socket}"; |
53 | database = "${myconfig.env.mail.rspamd.redis.db}"; | 53 | database = "${config.myEnv.mail.rspamd.redis.db}"; |
54 | autolearn = true; | 54 | autolearn = true; |
55 | cache { | 55 | cache { |
56 | backend = "redis"; | 56 | backend = "redis"; |
@@ -69,8 +69,8 @@ | |||
69 | workers = { | 69 | workers = { |
70 | controller = { | 70 | controller = { |
71 | extraConfig = '' | 71 | extraConfig = '' |
72 | enable_password = "${myconfig.env.mail.rspamd.write_password_hashed}"; | 72 | enable_password = "${config.myEnv.mail.rspamd.write_password_hashed}"; |
73 | password = "${myconfig.env.mail.rspamd.read_password_hashed}"; | 73 | password = "${config.myEnv.mail.rspamd.read_password_hashed}"; |
74 | ''; | 74 | ''; |
75 | bindSockets = [ { | 75 | bindSockets = [ { |
76 | socket = config.myServices.mail.rspamd.sockets.worker-controller; | 76 | socket = config.myServices.mail.rspamd.sockets.worker-controller; |