{ inputs.environment.url = "path:../environment"; inputs.secrets.url = "path:../../secrets"; outputs = { self, environment, secrets }: { nixosModule = self.nixosModules.mail-relay; nixosModules.mail-relay = { lib, pkgs, config, name, ... }: { imports = [ environment.nixosModule secrets.nixosModule ]; options.myServices.mailRelay.enable = lib.mkEnableOption "enable Mail relay services"; config = lib.mkIf config.myServices.mailRelay.enable { secrets.keys."opensmtpd/creds" = { user = "smtpd"; group = "smtpd"; permissions = "0400"; text = '' eldiron ${name}:${config.hostEnv.ldap.password} ''; }; users.users.smtpd.extraGroups = [ "keys" ]; services.opensmtpd = { enable = true; serverConfiguration = let filter-rewrite-from = pkgs.runCommand "filter-rewrite-from.py" { buildInputs = [ pkgs.python38 ]; } '' cp ${./filter-rewrite-from.py} $out patchShebangs $out ''; in '' table creds \ "${config.secrets.fullPaths."opensmtpd/creds"}" # FIXME: filtering requires 6.6, uncomment following lines when # upgrading # filter "fixfrom" \ # proc-exec "${filter-rewrite-from} ${name}@immae.eu" # listen on socket filter "fixfrom" action "relay-rewrite-from" relay \ helo ${config.hostEnv.fqdn} \ host smtp+tls://eldiron@eldiron.immae.eu:587 \ auth \ mail-from ${name}@immae.eu action "relay" relay \ helo ${config.hostEnv.fqdn} \ host smtp+tls://eldiron@eldiron.immae.eu:587 \ auth match for any !mail-from "@immae.eu" action "relay-rewrite-from" match for any mail-from "@immae.eu" action "relay" ''; }; environment.systemPackages = [ config.services.opensmtpd.package ]; }; }; }; }