zramSwap: increase memoryPercent to 150

[sourcephile-nix.git] / hosts / mermet / postfix.nix

diff --git a/hosts/mermet/postfix.nix b/hosts/mermet/postfix.nix
index d7dec644d5663f2d2954784d6cfb5aa31e656bf3..3ae68c29107612119fb85b218b6e3f440fbc7320 100644 (file)
--- a/hosts/mermet/postfix.nix
+++ b/hosts/mermet/postfix.nix
@@ -1,38 +1,16 @@
 { pkgs, lib, config, ... }:
 let
-  inherit (builtins) attrNames concatStringsSep readFile toPath;
+  inherit (builtins) attrNames readFile toPath;
   inherit (lib) types;
-  inherit (pkgs.lib) loadFile unlines unwords unlinesAttrs;
   inherit (config) networking users;
   inherit (config.services) postfix dovecot2 openldap;
-  domains = [
-    "sourcephile.fr"
-    "autogeree.net"
-  ];
 in
 {
-imports = map (domain: (./postfix + "/${domain}.nix")) domains;
-options = {
-  services.postfix = {
-    tls_server_sni_maps = lib.mkOption {
-      type = types.attrsOf (types.listOf types.path);
-      default = {};
-      apply = m: pkgs.writeText "sni" (lib.concatStringsSep "\n" (lib.mapAttrsToList (domain: x509: ''
-        ${domain} ${unwords x509}
-      '') m));
-    };
-  };
-};
-config = {
+imports = [
+  postfix/autogeree.net.nix
+  postfix/sourcephile.fr.nix
+];
 users.groups.acme.members = [ postfix.user ];
-systemd.services.postfix = {
-  wants = ["openldap.service"];
-  after = ["openldap.service"];
-  preStart = ''
-    install -m 400 -o root -g root ${postfix.tls_server_sni_maps} /run/keys/postfix-sni
-    ${pkgs.postfix}/bin/postmap -F hash:/run/keys/postfix-sni
-  '';
-};
 networking.nftables.ruleset = ''
   add rule inet filter net2fw tcp dport 25 counter accept comment "SMTP"
   add rule inet filter net2fw tcp dport 465 counter accept comment "submissions"
@@ -232,7 +210,7 @@ services.postfix = {
     tls_server_sni_maps = "hash:/run/keys/postfix-sni";
 
     # Only explicitely aliased accounts have a mail, not all the passwd
-    local_recipient_maps = "$alias_maps";
+    #local_recipient_maps = "$alias_maps";
     # Note that the local transport rewrites the envelope recipient
     # according to the alias_maps, and thus the aliasing is transparent
     # to the nexthop (eg. dovecot)
@@ -266,7 +244,7 @@ services.postfix = {
     let
       mkVal = value:
         if lib.isList value
-        then concatStringsSep "," value
+        then lib.concatStringsSep "," value
         else
           if value == true then "yes"
           else if value == false then "no"
@@ -330,25 +308,6 @@ services.postfix = {
         cleanup_service_name = "submissions-header-cleanup";
       };
     };
-    submissions-header-cleanup = {
-      type = "unix";
-      private = false;
-      maxproc = 0;
-      command = "cleanup";
-      args = mkArgs {
-        header_checks = "pcre:" + pkgs.writeText "submission_header_cleanup_rules" ''
-          # Removes sensitive headers from mails handed in via the submission or smtps port.
-          # See https://thomas-leister.de/mailserver-debian-stretch/
-          # Uses "pcre" style regex.
-
-          /^Received:/         IGNORE
-          /^User-Agent:/       IGNORE
-          /^X-Enigmail:/       IGNORE
-          /^X-Mailer:/         IGNORE
-          /^X-Originating-IP:/ IGNORE
-        '';
-      };
-    };
   };
   extraMasterConf = ''
     #spfcheck    unix  -        n       n       -        0        spawn
@@ -434,5 +393,4 @@ services.postfix = {
    #noclue    unix  -       n       n       -       -       pipe
    #  flags=q user=noclue argv=/usr/local/bin/noclue-delivery ${recipient} ${sender}
 };
-};
 }