1 { pkgs, lib, config, ... }:
3 inherit (pkgs.lib) loadFile;
4 domain = "autogeree.net";
5 domainSuffix = "dc=autogeree,dc=net";
12 root@${domain} julm+root@${domain}
16 "/var/lib/acme/${domain}/key.pem"
17 "/var/lib/acme/${domain}/fullchain.pem"
19 "smtp.${domain}" = chain;
20 "mail.${domain}" = chain;
23 virtual_mailbox_domains = [ domain ];
24 virtual_mailbox_maps = [
25 # Map the main address and aliases to the main mail address.
26 # This is checked by permit_auth_recipient
27 ("ldap:"+pkgs.writeText "ldap-mail-${domain}.cf" ''
31 server_host = ldapi://
34 search_base = ou=posix,${domainSuffix}
37 query_filter = (&(|(mail=%s)(mailAlias=%s))(mailEnabled=TRUE))
39 result_attribute = mail
42 # Map MAIL FROM addresses to the SASL login names allowed to use it.
43 smtpd_sender_login_maps = [
44 ("ldap:"+pkgs.writeText "ldap-senders-${domain}.cf" ''
48 server_host = ldapi://
51 search_base = ou=posix,${domainSuffix}
54 query_filter = (&(|(mail=%s)(mailAlias=%s))(mailEnabled=TRUE))
55 result_format = %s@${domain}
56 result_attribute = uid
61 security.acme.certs."${domain}" = {
62 postRun = "systemctl try-reload postfix";
64 systemd.services.postfix = {
65 wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service"];
66 after = [ "acme-selfsigned-${domain}.service" ];