1 { pkgs, lib, config, ... }:
3 inherit (pkgs.lib) loadFile;
4 domain = "sourcephile.fr";
5 domainSuffix = "dc=sourcephile,dc=fr";
12 root@${domain} julm+root@${domain}
13 equipage@${domain} public-inbox
14 linky@public-inbox.${domain} public-inbox@${domain}
18 "/var/lib/acme/${domain}/key.pem"
19 "/var/lib/acme/${domain}/fullchain.pem"
21 "smtp.${domain}" = chain;
22 "mail.${domain}" = chain;
25 virtual_mailbox_domains = [
27 "public-inbox.${domain}"
29 virtual_mailbox_maps = [
30 # Map the main address and aliases to the main mail address.
31 # This is checked by permit_auth_recipient
32 ("ldap:"+pkgs.writeText "ldap-mail-${domain}.cf" ''
36 server_host = ldapi://
39 search_base = ou=posix,${domainSuffix}
42 query_filter = (&(|(mail=%s)(mailAlias=%s))(mailEnabled=TRUE))
44 result_attribute = mail
47 # Map MAIL FROM addresses to the SASL login names allowed to use it.
48 smtpd_sender_login_maps = [
49 ("ldap:"+pkgs.writeText "ldap-senders-${domain}.cf" ''
53 server_host = ldapi://
56 search_base = ou=posix,${domainSuffix}
59 query_filter = (&(|(mail=%s)(mailAlias=%s))(mailEnabled=TRUE))
60 result_format = %s@${domain}
61 result_attribute = uid
66 security.acme.certs."${domain}" = {
67 postRun = "systemctl reload postfix";
69 systemd.services.postfix = {
70 wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service"];
71 after = [ "acme-selfsigned-${domain}.service" ];