{ pkgs, lib, config, ... }:
let
domain = "sourcephile.fr";
domainSuffix = "dc=sourcephile,dc=fr";
in
{
services.postfix = {
extraAliases = ''
'';
virtual = ''
root@${domain} julm+root@${domain}
'';
transport = ''
'';
tls_server_sni_maps =
let chain = [
"/var/lib/acme/${domain}/key.pem"
"/var/lib/acme/${domain}/fullchain.pem"
]; in {
"smtp.${domain}" = chain;
"mail.${domain}" = chain;
};
config = {
virtual_mailbox_domains = [
domain
];
virtual_mailbox_maps = [
# Map the main address and aliases to the main mail address.
# This is checked by permit_auth_recipient
("ldap:"+pkgs.writeText "ldap-mail-${domain}.cf" ''
domain = ${domain}
version = 3
debuglevel = 0
server_host = ldapi://%2Frun%2Fslapd%2Fsock
bind = sasl
sasl_mechs = EXTERNAL
search_base = ou=posix,${domainSuffix}
scope = sub
dereference = 0
query_filter = (&(|(mail=%s)(mailAlias=%s))(mailEnabled=TRUE))
result_format = %s
result_attribute = mail
'')
];
# Map MAIL FROM addresses to the SASL login names allowed to use it.
smtpd_sender_login_maps = [
("ldap:"+pkgs.writeText "ldap-senders-${domain}.cf" ''
domain = ${domain}
version = 3
debuglevel = 0
server_host = ldapi://%2Frun%2Fslapd%2Fsock
bind = sasl
sasl_mechs = EXTERNAL
search_base = ou=posix,${domainSuffix}
scope = sub
dereference = 0
query_filter = (&(|(mail=%s)(mailAlias=%s))(mailEnabled=TRUE))
result_format = %s@${domain}
result_attribute = uid
'')
];
};
};
security.acme.certs."${domain}" = {
postRun = "systemctl reload postfix";
};
systemd.services.postfix = {
wants = [ "openldap.service" "acme-selfsigned-${domain}.service" "acme-${domain}.service"];
after = [ "openldap.service" "acme-selfsigned-${domain}.service" ];
};
}