shell: gnupg: always update conf

[sourcephile-nix.git] / servers / mermet / postfix / sourcephile.fr.nix
diff --git a/servers/mermet/postfix/sourcephile.fr.nix b/servers/mermet/postfix/sourcephile.fr.nix

index 38dfb7c8a2ca8b09ae721e52dd302a5946639beb..a7782c7ba6f705180a40eeb09e8a6b4534021965 100644 (file)
--- a/servers/mermet/postfix/sourcephile.fr.nix
+++ b/servers/mermet/postfix/sourcephile.fr.nix
@@ -1,6 +1,8 @@
  { pkgs, lib, config, ... }:
  let
+  inherit (pkgs.lib) loadFile;
    domain = "sourcephile.fr";
+  domainSuffix = "dc=sourcephile,dc=fr";
  in
  {
  systemd.services.postfix.after = [
@@ -12,20 +14,27 @@ services.postfix = {
    virtual = ''
      root@${domain} julm+root@${domain}
    '';
+  tls_server_sni_maps =
+    let chain = [
+      "/run/keys/${domain}.key.pem"
+      (loadFile (../../../../sec/openssl + "/${domain}/cert.self-signed.pem"))
+    ]; in {
+    "smtp.${domain}" = chain;
+    "mail.${domain}" = chain;
+  };
    config = {
      virtual_mailbox_domains = [ domain ];
      virtual_mailbox_maps = [
-      "hash:/etc/postfix/virtual"
        # Map the main address and aliases to the main mail address.
        # This is checked by permit_auth_recipient
-      ("ldap:"+pkgs.writeText "ldap-mail.cf" ''
+      ("ldap:"+pkgs.writeText "ldap-mail-${domain}.cf" ''
          domain           = ${domain}
          version          = 3
          debuglevel       = 0
          server_host      = ldapi://
          bind             = sasl
          sasl_mechs       = EXTERNAL
-        search_base      = ou=posix,dc=sourcephile,dc=fr
+        search_base      = ou=posix,${domainSuffix}
          scope            = sub
          dereference      = 0
          query_filter     = (&(|(mail=%s)(mailAlias=%s))(mailEnabled=TRUE))
@@ -33,23 +42,23 @@ services.postfix = {
          result_attribute = mail
        '')
      ];
+    # Map MAIL FROM addresses to the SASL login names allowed to use it.
+    smtpd_sender_login_maps = [
+      ("ldap:"+pkgs.writeText "ldap-senders-${domain}.cf" ''
+        domain           = ${domain}
+        version          = 3
+        debuglevel       = 0
+        server_host      = ldapi://
+        bind             = sasl
+        sasl_mechs       = EXTERNAL
+        search_base      = ou=posix,${domainSuffix}
+        scope            = sub
+        dereference      = 0
+        query_filter     = (&(|(mail=%s)(mailAlias=%s))(mailEnabled=TRUE))
+        result_format    = %s@${domain}
+        result_attribute = uid
+      '')
+    ];
    };
-  # Map MAIL FROM addresses to the SASL login names allowed to use it.
-  submissions.smtpd_sender_login_maps = [
-    ("ldap:"+pkgs.writeText "ldap-senders.cf" ''
-      domain           = ${domain}
-      version          = 3
-      debuglevel       = 0
-      server_host      = ldapi://
-      bind             = sasl
-      sasl_mechs       = EXTERNAL
-      search_base      = ou=posix,dc=sourcephile,dc=fr
-      scope            = sub
-      dereference      = 0
-      query_filter     = (&(|(mail=%s)(mailAlias=%s))(mailEnabled=TRUE))
-      result_format    = %s@${domain}
-      result_attribute = uid
-    '')
-  ];
  };
  }