1 { pkgs, lib, config, ... }:
3 inherit (pkgs.lib) loadFile;
4 domain = "sourcephile.fr";
5 domainSuffix = "dc=sourcephile,dc=fr";
12 root@${domain} julm+root@${domain}
13 bistrot@${domain} public-inbox@localhost
14 entraide@${domain} public-inbox@localhost
15 environnement@${domain} public-inbox@localhost
16 infra@${domain} public-inbox@localhost
17 labo@${domain} public-inbox@localhost
18 membres@${domain} public-inbox@localhost
22 "/var/lib/acme/${domain}/key.pem"
23 "/var/lib/acme/${domain}/fullchain.pem"
25 "smtp.${domain}" = chain;
26 "mail.${domain}" = chain;
29 virtual_mailbox_domains = [
32 virtual_mailbox_maps = [
33 # Map the main address and aliases to the main mail address.
34 # This is checked by permit_auth_recipient
35 ("ldap:"+pkgs.writeText "ldap-mail-${domain}.cf" ''
39 server_host = ldapi://
42 search_base = ou=posix,${domainSuffix}
45 query_filter = (&(|(mail=%s)(mailAlias=%s))(mailEnabled=TRUE))
47 result_attribute = mail
50 # Map MAIL FROM addresses to the SASL login names allowed to use it.
51 smtpd_sender_login_maps = [
52 ("ldap:"+pkgs.writeText "ldap-senders-${domain}.cf" ''
56 server_host = ldapi://
59 search_base = ou=posix,${domainSuffix}
62 query_filter = (&(|(mail=%s)(mailAlias=%s))(mailEnabled=TRUE))
63 result_format = %s@${domain}
64 result_attribute = uid
69 security.acme.certs."${domain}" = {
70 postRun = "systemctl reload postfix";
72 systemd.services.postfix = {
73 wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service"];
74 after = [ "acme-selfsigned-${domain}.service" ];