]> Git — Sourcephile - sourcephile-nix.git/blob - servers/mermet/postfix/sourcephile.fr.nix
nix: remove redundant nixpkgs in /nix/store due to pkgs.path
[sourcephile-nix.git] / servers / mermet / postfix / sourcephile.fr.nix
1 { pkgs, lib, config, ... }:
2 let
3 inherit (pkgs.lib) loadFile;
4 domain = "sourcephile.fr";
5 domainSuffix = "dc=sourcephile,dc=fr";
6 in
7 {
8 services.postfix = {
9 extraAliases = ''
10 '';
11 virtual = ''
12 root@${domain} julm+root@${domain}
13 '';
14 tls_server_sni_maps =
15 let chain = [
16 "/var/lib/acme/${domain}/key.pem"
17 "/var/lib/acme/${domain}/fullchain.pem"
18 ]; in {
19 "smtp.${domain}" = chain;
20 "mail.${domain}" = chain;
21 };
22 config = {
23 virtual_mailbox_domains = [ domain ];
24 virtual_mailbox_maps = [
25 # Map the main address and aliases to the main mail address.
26 # This is checked by permit_auth_recipient
27 ("ldap:"+pkgs.writeText "ldap-mail-${domain}.cf" ''
28 domain = ${domain}
29 version = 3
30 debuglevel = 0
31 server_host = ldapi://
32 bind = sasl
33 sasl_mechs = EXTERNAL
34 search_base = ou=posix,${domainSuffix}
35 scope = sub
36 dereference = 0
37 query_filter = (&(|(mail=%s)(mailAlias=%s))(mailEnabled=TRUE))
38 result_format = %s
39 result_attribute = mail
40 '')
41 ];
42 # Map MAIL FROM addresses to the SASL login names allowed to use it.
43 smtpd_sender_login_maps = [
44 ("ldap:"+pkgs.writeText "ldap-senders-${domain}.cf" ''
45 domain = ${domain}
46 version = 3
47 debuglevel = 0
48 server_host = ldapi://
49 bind = sasl
50 sasl_mechs = EXTERNAL
51 search_base = ou=posix,${domainSuffix}
52 scope = sub
53 dereference = 0
54 query_filter = (&(|(mail=%s)(mailAlias=%s))(mailEnabled=TRUE))
55 result_format = %s@${domain}
56 result_attribute = uid
57 '')
58 ];
59 };
60 };
61 systemd.services.postfix.after = [
62 "acme-${domain}.service"
63 ];
64 }