]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/mermet/postfix/autogeree.net.nix
sourcehut: use mkEnableOption
[sourcephile-nix.git] / hosts / mermet / postfix / autogeree.net.nix
1 { pkgs, lib, config, ... }:
2 let
3 domain = "autogeree.net";
4 domainSuffix = "dc=autogeree,dc=net";
5 in
6 {
7 services.postfix = {
8 extraAliases = ''
9 '';
10 virtual = ''
11 root@${domain} julm+root@${domain}
12 '';
13 tls_server_sni_maps =
14 let chain = [
15 "/var/lib/acme/${domain}/key.pem"
16 "/var/lib/acme/${domain}/fullchain.pem"
17 ]; in {
18 "smtp.${domain}" = chain;
19 "mail.${domain}" = chain;
20 };
21 config = {
22 virtual_mailbox_domains = [ domain ];
23 virtual_mailbox_maps = [
24 # Map the main address and aliases to the main mail address.
25 # This is checked by permit_auth_recipient
26 ("ldap:"+pkgs.writeText "ldap-mail-${domain}.cf" ''
27 domain = ${domain}
28 version = 3
29 debuglevel = 0
30 server_host = ldapi://
31 bind = sasl
32 sasl_mechs = EXTERNAL
33 search_base = ou=posix,${domainSuffix}
34 scope = sub
35 dereference = 0
36 query_filter = (&(|(mail=%s)(mailAlias=%s))(mailEnabled=TRUE))
37 result_format = %s
38 result_attribute = mail
39 '')
40 ];
41 # Map MAIL FROM addresses to the SASL login names allowed to use it.
42 smtpd_sender_login_maps = [
43 ("ldap:"+pkgs.writeText "ldap-senders-${domain}.cf" ''
44 domain = ${domain}
45 version = 3
46 debuglevel = 0
47 server_host = ldapi://
48 bind = sasl
49 sasl_mechs = EXTERNAL
50 search_base = ou=posix,${domainSuffix}
51 scope = sub
52 dereference = 0
53 query_filter = (&(|(mail=%s)(mailAlias=%s))(mailEnabled=TRUE))
54 result_format = %s@${domain}
55 result_attribute = uid
56 '')
57 ];
58 };
59 };
60 security.acme.certs."${domain}" = {
61 postRun = "systemctl reload postfix";
62 };
63 systemd.services.postfix = {
64 wants = [ "openldap.service" "acme-selfsigned-${domain}.service" "acme-${domain}.service"];
65 after = [ "openldap.service" "acme-selfsigned-${domain}.service" ];
66 };
67 }