1 { pkgs, lib, config, ... }:
3 domain = "autogeree.net";
4 domainSuffix = "dc=autogeree,dc=net";
11 root@${domain} julm+root@${domain}
15 "/var/lib/acme/${domain}/key.pem"
16 "/var/lib/acme/${domain}/fullchain.pem"
18 "smtp.${domain}" = chain;
19 "mail.${domain}" = chain;
22 virtual_mailbox_domains = [ domain ];
23 virtual_mailbox_maps = [
24 # Map the main address and aliases to the main mail address.
25 # This is checked by permit_auth_recipient
26 ("ldap:"+pkgs.writeText "ldap-mail-${domain}.cf" ''
30 server_host = ldapi://%2Frun%2Fslapd%2Fsock
33 search_base = ou=posix,${domainSuffix}
36 query_filter = (&(|(mail=%s)(mailAlias=%s))(mailEnabled=TRUE))
38 result_attribute = mail
41 # Map MAIL FROM addresses to the SASL login names allowed to use it.
42 smtpd_sender_login_maps = [
43 ("ldap:"+pkgs.writeText "ldap-senders-${domain}.cf" ''
47 server_host = ldapi://%2Frun%2Fslapd%2Fsock
50 search_base = ou=posix,${domainSuffix}
53 query_filter = (&(|(mail=%s)(mailAlias=%s))(mailEnabled=TRUE))
54 result_format = %s@${domain}
55 result_attribute = uid
60 security.acme.certs."${domain}" = {
61 postRun = "systemctl reload postfix";
63 systemd.services.postfix = {
64 wants = [ "openldap.service" "acme-selfsigned-${domain}.service" "acme-${domain}.service"];
65 after = [ "openldap.service" "acme-selfsigned-${domain}.service" ];