servers/mermet/postfix/sourcephile.fr.nix

   1 { pkgs, lib, config, ... }:
   2 let
   3   domain = "sourcephile.fr";
   4 in
   5 {
   6 systemd.services.postfix.after = [
   7   "${domain}.key.pem-key.service"
   8 ];
   9 services.postfix = {
  10   extraAliases = ''
  11   '';
  12   virtual = ''
  13     root@${domain} julm+root@${domain}
  14   '';
  15   config = {
  16     virtual_mailbox_domains = [ domain ];
  17     virtual_mailbox_maps = [
  18       "hash:/etc/postfix/virtual"
  19       # Map the main address and aliases to the main mail address.
  20       # This is checked by permit_auth_recipient
  21       ("ldap:"+pkgs.writeText "ldap-mail.cf" ''
  22         domain           = ${domain}
  23         version          = 3
  24         debuglevel       = 0
  25         server_host      = ldapi://
  26         bind             = sasl
  27         sasl_mechs       = EXTERNAL
  28         search_base      = ou=posix,dc=sourcephile,dc=fr
  29         scope            = sub
  30         dereference      = 0
  31         query_filter     = (&(|(mail=%s)(mailAlias=%s))(mailEnabled=TRUE))
  32         result_format    = %s
  33         result_attribute = mail
  34       '')
  35     ];
  36   };
  37   # Map MAIL FROM addresses to the SASL login names allowed to use it.
  38   submissions.smtpd_sender_login_maps = [
  39     ("ldap:"+pkgs.writeText "ldap-senders.cf" ''
  40       domain           = ${domain}
  41       version          = 3
  42       debuglevel       = 0
  43       server_host      = ldapi://
  44       bind             = sasl
  45       sasl_mechs       = EXTERNAL
  46       search_base      = ou=posix,dc=sourcephile,dc=fr
  47       scope            = sub
  48       dereference      = 0
  49       query_filter     = (&(|(mail=%s)(mailAlias=%s))(mailEnabled=TRUE))
  50       result_format    = %s@${domain}
  51       result_attribute = uid
  52     '')
  53   ];
  54 };
  55 }