{ pkgs, lib, config, ... }:
let
+ inherit (pkgs.lib) loadFile;
domain = "sourcephile.fr";
+ domainSuffix = "dc=sourcephile,dc=fr";
in
{
-systemd.services.postfix.after = [
- "${domain}.key.pem-key.service"
-];
services.postfix = {
- config = {
- virtual_mailbox_domains = [ domain ];
- };
+ extraAliases = ''
+ '';
virtual = ''
- root@${domain} julm@${domain}
- admin@${domain} julm@${domain}
- webmaster@${domain} julm@${domain}
- postmaster@${domain} julm@${domain}
+ root@${domain} julm+root@${domain}
'';
+ tls_server_sni_maps =
+ let chain = [
+ "/var/lib/acme/${domain}/key.pem"
+ "/var/lib/acme/${domain}/fullchain.pem"
+ ]; in {
+ "smtp.${domain}" = chain;
+ "mail.${domain}" = chain;
+ };
config = {
- virtual_alias_maps = [
- ("ldap:"+pkgs.writeText "ldap-forward.cf" ''
+ virtual_mailbox_domains = [ domain ];
+ virtual_mailbox_maps = [
+ # Map the main address and aliases to the main mail address.
+ # This is checked by permit_auth_recipient
+ ("ldap:"+pkgs.writeText "ldap-mail-${domain}.cf" ''
+ domain = ${domain}
version = 3
debuglevel = 0
server_host = ldapi://
bind = sasl
sasl_mechs = EXTERNAL
- search_base = ou=posix,dc=sourcephile,dc=fr
+ search_base = ou=posix,${domainSuffix}
scope = sub
dereference = 0
- query_filter = (&(mail=%s)(mailEnabled=TRUE))
+ query_filter = (&(|(mail=%s)(mailAlias=%s))(mailEnabled=TRUE))
result_format = %s
- result_attribute = mailForwardingAddress
+ result_attribute = mail
'')
- ("ldap:"+pkgs.writeText "ldap-virtual_alias_maps.cf" ''
+ ];
+ # Map MAIL FROM addresses to the SASL login names allowed to use it.
+ smtpd_sender_login_maps = [
+ ("ldap:"+pkgs.writeText "ldap-senders-${domain}.cf" ''
+ domain = ${domain}
version = 3
debuglevel = 0
server_host = ldapi://
bind = sasl
sasl_mechs = EXTERNAL
- search_base = ou=posix,dc=sourcephile,dc=fr
+ search_base = ou=posix,${domainSuffix}
scope = sub
dereference = 0
- query_filter = (&(mailAlias=%s)(mailEnabled=TRUE))
- result_format = %s
- result_attribute = mail
+ query_filter = (&(|(mail=%s)(mailAlias=%s))(mailEnabled=TRUE))
+ result_format = %s@${domain}
+ result_attribute = uid
'')
];
};
- # Allowed MAIL FROM addresses that belong to a given SASL authenticated user.
- submissions.smtpd_sender_login_maps = [
- ("ldap:"+pkgs.writeText "ldap-senders.cf" ''
- version = 3
- debuglevel = 0
- server_host = ldapi://
- bind = sasl
- sasl_mechs = EXTERNAL
- search_base = ou=posix,dc=sourcephile,dc=fr
- scope = sub
- dereference = 0
- query_filter = (&(|(mail=%s)(mailAlias=%s))(mailEnabled=TRUE))
- result_format = %s
- result_attribute = uid
- '')
- ];
};
+systemd.services.postfix.after = [
+ "acme-${domain}.service"
+];
}
sourcephile / git / sourcephile-nix.git / blobdiff