servers/mermet/postfix/sourcephile.fr.nix

   1 { pkgs, lib, config, ... }:
   2 let
   3   domain = "sourcephile.fr";
   4 in
   5 {
   6 systemd.services.postfix.after = [
   7   "${domain}.key.pem-key.service"
   8 ];
   9 services.postfix = {
  10   extraAliases = ''
  11   '';
  12   virtual = ''
  13     root@${domain} julm+root@${domain}
  14   '';
  15   config = {
  16     virtual_mailbox_domains = [ domain ];
  17     virtual_mailbox_maps = [
  18       # Map the main address and aliases to the main mail address.
  19       # This is checked by permit_auth_recipient
  20       ("ldap:"+pkgs.writeText "ldap-mail-${domain}.cf" ''
  21         domain           = ${domain}
  22         version          = 3
  23         debuglevel       = 0
  24         server_host      = ldapi://
  25         bind             = sasl
  26         sasl_mechs       = EXTERNAL
  27         search_base      = ou=posix,dc=sourcephile,dc=fr
  28         scope            = sub
  29         dereference      = 0
  30         query_filter     = (&(|(mail=%s)(mailAlias=%s))(mailEnabled=TRUE))
  31         result_format    = %s
  32         result_attribute = mail
  33       '')
  34     ];
  35     # Map MAIL FROM addresses to the SASL login names allowed to use it.
  36     smtpd_sender_login_maps = [
  37       ("ldap:"+pkgs.writeText "ldap-senders-${domain}.cf" ''
  38         domain           = ${domain}
  39         version          = 3
  40         debuglevel       = 0
  41         server_host      = ldapi://
  42         bind             = sasl
  43         sasl_mechs       = EXTERNAL
  44         search_base      = ou=posix,dc=sourcephile,dc=fr
  45         scope            = sub
  46         dereference      = 0
  47         query_filter     = (&(|(mail=%s)(mailAlias=%s))(mailEnabled=TRUE))
  48         result_format    = %s@${domain}
  49         result_attribute = uid
  50       '')
  51     ];
  52   };
  53 };
  54 }