{ config, lib, ... }: let alias = '' @lyes.eu lyes lyes@mail.lyes.eu lyes abuse@taf.lyes.eu lyes abuse@mail.lyes.eu lyes abuse@minish.fr lyes abuse@minish.link lyes postmaster@taf.lyes.eu lyes postmaster@mail.lyes.eu lyes postmaster@minish.fr lyes postmaster@minish.link lyes ''; aliasFile = lib.toFile "alias" alias; in { mailserver = { enable = true; stateVersion = 3; fqdn = "taf.lyes.eu"; domains = [ "lyes.eu" "taf.lyes.eu" "mail.lyes.eu" "minish.fr" "minish.link" ]; localDnsResolver = false; enableManageSieve = true; # debug.all = true; ldap = { enable = true; uris = [ "ldaps://auth.lyes.eu:636" ]; searchBase = "dc=auth,dc=lyes,dc=eu"; searchScope = "sub"; bind = { # dn = "dn=token,dc=auth,dc=lyes,dc=eu"; dn = "dn=token"; passwordFile = config.age.secrets.taf-token.path; }; dovecot = { userFilter = "(&(memberof=taf_users)(mail=%u))"; passFilter = "(&(memberof=taf_users)(mail=%u))"; }; postfix = { filter = "(&(memberof=taf_users)(mail=%s))"; mailAttribute = "mail"; uidAttribute = "name"; }; }; # fullTextSearch = { # enable = true; # autoIndex = true; # enforced = "body"; # }; # loginAccounts = { # "lyes@mail.lyes.eu" = { # # hashedPasswordFile = config.age.secrets.lyes-mail-passwd.path; # # aliases = [ # # "@lyes.eu" # # ]; # # quota = "1T"; # }; # }; # extraVirtualAliases = { # "@lyes.eu" = "lyes"; # "abuse@mail.lyes.eu" = "lyes"; # # "abuse@minish.fr" = "lyes"; # # "abuse@minish.link" = "lyes"; # "postmaster@mail.lyes.eu" = "lyes"; # # "postmaster@minish.fr" = "lyes"; # # "postmaster@minish.link" = "lyes"; # }; x509.useACMEHost = config.mailserver.fqdn; }; services.postfix = { mapFiles."valias" = lib.mkForce aliasFile; mapFiles."vaccounts" = lib.mkForce aliasFile; virtual = lib.mkForce alias; settings = { main = { # local_recipient_maps = ""; # virtual_alias_maps = lib.mkForce "ldap:/run/postfix/ldap-virtual-mailbox-map.cf"; maximal_queue_lifetime = "31d"; relay_domains = [ "skaven.org" "agreg.info" ]; smtpd_recipient_restrictions = [ "permit_mynetworks" "permit_sasl_authenticated" ]; }; }; }; # services.dovecot2.extraConfig = '' # userdb { # driver = ldap # auth_bind = yes # # pass_attrs = uid=user # pass_filter = (name=%u) # } # passdb { # driver = ldap # auth_bind = yes # # pass_attrs = uid=user # pass_filter = (name=%u) # } # ''; services.dovecot2 = { # enableQuota = lib.mkForce false; sieve.extensions = [ "imap4flags" ]; }; services.roundcube = { enable = true; hostName = "taf.lyes.eu"; extraConfig = '' $config['imap_host'] = "ssl://taf.lyes.eu:993"; $config['smtp_host'] = "tls://taf.lyes.eu"; $config['smtp_port'] = 587; $config['smtp_user'] = "%u"; $config['smtp_pass'] = "%p"; ''; }; age.secrets = { taf-token = { file = ../../../secrets/zora/services/taf-token.age; }; # lyes-mail-passwd = { # owner = "postfix"; # file = ../../../secrets/lyes/mail-passwd.age; # }; }; }