postfix: fix smtpd_tls_sni_maps

[sourcephile-nix.git] / servers / mermet / postfix / sourcephile.fr.nix

{ pkgs, lib, config, ... }:
let
  inherit (pkgs.lib) loadFile;
  domain = "sourcephile.fr";
  domainSuffix = "dc=sourcephile,dc=fr";
in
{
systemd.services.postfix.after = [
  "${domain}.key.pem-key.service"
];
services.postfix = {
  extraAliases = ''
  '';
  virtual = ''
    root@${domain} julm+root@${domain}
  '';
  tls_server_sni_maps =
    let chain = [
      "/run/keys/${domain}.key.pem"
      (loadFile (../../../../sec/openssl + "/${domain}/cert.self-signed.pem"))
    ]; in {
    "smtp.${domain}" = chain;
    "mail.${domain}" = chain;
  };
  config = {
    virtual_mailbox_domains = [ domain ];
    virtual_mailbox_maps = [
      # Map the main address and aliases to the main mail address.
      # This is checked by permit_auth_recipient
      ("ldap:"+pkgs.writeText "ldap-mail-${domain}.cf" ''
        domain           = ${domain}
        version          = 3
        debuglevel       = 0
        server_host      = ldapi://
        bind             = sasl
        sasl_mechs       = EXTERNAL
        search_base      = ou=posix,${domainSuffix}
        scope            = sub
        dereference      = 0
        query_filter     = (&(|(mail=%s)(mailAlias=%s))(mailEnabled=TRUE))
        result_format    = %s
        result_attribute = mail
      '')
    ];
    # Map MAIL FROM addresses to the SASL login names allowed to use it.
    smtpd_sender_login_maps = [
      ("ldap:"+pkgs.writeText "ldap-senders-${domain}.cf" ''
        domain           = ${domain}
        version          = 3
        debuglevel       = 0
        server_host      = ldapi://
        bind             = sasl
        sasl_mechs       = EXTERNAL
        search_base      = ou=posix,${domainSuffix}
        scope            = sub
        dereference      = 0
        query_filter     = (&(|(mail=%s)(mailAlias=%s))(mailEnabled=TRUE))
        result_format    = %s@${domain}
        result_attribute = uid
      '')
    ];
  };
};
}