servers/mermet/postfix/autogeree.net.nix

   1 { pkgs, lib, config, ... }:
   2 let
   3   domain = "autogeree.net";
   4   domainSuffix = "dc=autogeree,dc=net";
   5 in
   6 {
   7 systemd.services.postfix.after = [
   8   "${domain}.key.pem-key.service"
   9 ];
  10 services.postfix = {
  11   extraAliases = ''
  12   '';
  13   virtual = ''
  14     root@${domain} julm+root@${domain}
  15   '';
  16   config = {
  17     virtual_mailbox_domains = [ domain ];
  18     virtual_mailbox_maps = [
  19       # Map the main address and aliases to the main mail address.
  20       # This is checked by permit_auth_recipient
  21       ("ldap:"+pkgs.writeText "ldap-mail-${domain}.cf" ''
  22         domain           = ${domain}
  23         version          = 3
  24         debuglevel       = 0
  25         server_host      = ldapi://
  26         bind             = sasl
  27         sasl_mechs       = EXTERNAL
  28         search_base      = ou=posix,${domainSuffix}
  29         scope            = sub
  30         dereference      = 0
  31         query_filter     = (&(|(mail=%s)(mailAlias=%s))(mailEnabled=TRUE))
  32         result_format    = %s
  33         result_attribute = mail
  34       '')
  35     ];
  36     # Map MAIL FROM addresses to the SASL login names allowed to use it.
  37     smtpd_sender_login_maps = [
  38       ("ldap:"+pkgs.writeText "ldap-senders-${domain}.cf" ''
  39         domain           = ${domain}
  40         version          = 3
  41         debuglevel       = 0
  42         server_host      = ldapi://
  43         bind             = sasl
  44         sasl_mechs       = EXTERNAL
  45         search_base      = ou=posix,${domainSuffix}
  46         scope            = sub
  47         dereference      = 0
  48         query_filter     = (&(|(mail=%s)(mailAlias=%s))(mailEnabled=TRUE))
  49         result_format    = %s@${domain}
  50         result_attribute = uid
  51       '')
  52     ];
  53   };
  54 };
  55 }