1 { pkgs, lib, config, ... }:
3 inherit (pkgs.lib) loadFile;
4 domain = "sourcephile.fr";
5 domainSuffix = "dc=sourcephile,dc=fr";
12 root@${domain} julm+root@${domain}
13 bistrot@${domain} public-inbox@localhost
14 entraide@${domain} public-inbox@localhost
15 environnement@${domain} public-inbox@localhost
16 infra@${domain} public-inbox@localhost
17 labo@${domain} public-inbox@localhost
18 membres@${domain} public-inbox@localhost
19 test@${domain} public-inbox@localhost
23 "/var/lib/acme/${domain}/key.pem"
24 "/var/lib/acme/${domain}/fullchain.pem"
26 "smtp.${domain}" = chain;
27 "mail.${domain}" = chain;
30 virtual_mailbox_domains = [
33 virtual_mailbox_maps = [
34 # Map the main address and aliases to the main mail address.
35 # This is checked by permit_auth_recipient
36 ("ldap:"+pkgs.writeText "ldap-mail-${domain}.cf" ''
40 server_host = ldapi://
43 search_base = ou=posix,${domainSuffix}
46 query_filter = (&(|(mail=%s)(mailAlias=%s))(mailEnabled=TRUE))
48 result_attribute = mail
51 # Map MAIL FROM addresses to the SASL login names allowed to use it.
52 smtpd_sender_login_maps = [
53 ("ldap:"+pkgs.writeText "ldap-senders-${domain}.cf" ''
57 server_host = ldapi://
60 search_base = ou=posix,${domainSuffix}
63 query_filter = (&(|(mail=%s)(mailAlias=%s))(mailEnabled=TRUE))
64 result_format = %s@${domain}
65 result_attribute = uid
70 security.acme.certs."${domain}" = {
71 postRun = "systemctl reload postfix";
73 systemd.services.postfix = {
74 wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service"];
75 after = [ "acme-selfsigned-${domain}.service" ];