159 lines
3.5 KiB
Nix
159 lines
3.5 KiB
Nix
{ config, lib, ... }:
|
|
|
|
let
|
|
alias = ''
|
|
@lyes.eu lyes
|
|
lyes@mail.lyes.eu lyes
|
|
abuse@taf.lyes.eu lyes
|
|
abuse@mail.lyes.eu lyes
|
|
abuse@minish.fr lyes
|
|
abuse@minish.link lyes
|
|
postmaster@taf.lyes.eu lyes
|
|
postmaster@mail.lyes.eu lyes
|
|
postmaster@minish.fr lyes
|
|
postmaster@minish.link lyes
|
|
'';
|
|
aliasFile = lib.toFile "alias" alias;
|
|
in
|
|
{
|
|
mailserver = {
|
|
enable = true;
|
|
stateVersion = 3;
|
|
fqdn = "taf.lyes.eu";
|
|
domains = [
|
|
"lyes.eu"
|
|
"taf.lyes.eu"
|
|
"mail.lyes.eu"
|
|
"minish.fr"
|
|
"minish.link"
|
|
];
|
|
|
|
localDnsResolver = false;
|
|
enableManageSieve = true;
|
|
|
|
# debug.all = true;
|
|
|
|
ldap = {
|
|
enable = true;
|
|
|
|
uris = [ "ldaps://auth.lyes.eu:636" ];
|
|
searchBase = "dc=auth,dc=lyes,dc=eu";
|
|
searchScope = "sub";
|
|
|
|
bind = {
|
|
# dn = "dn=token,dc=auth,dc=lyes,dc=eu";
|
|
dn = "dn=token";
|
|
passwordFile = config.age.secrets.taf-token.path;
|
|
};
|
|
|
|
dovecot = {
|
|
userFilter = "(&(memberof=taf_users)(mail=%u))";
|
|
passFilter = "(&(memberof=taf_users)(mail=%u))";
|
|
};
|
|
|
|
postfix = {
|
|
filter = "(&(memberof=taf_users)(mail=%s))";
|
|
mailAttribute = "mail";
|
|
uidAttribute = "name";
|
|
};
|
|
};
|
|
|
|
# fullTextSearch = {
|
|
# enable = true;
|
|
# autoIndex = true;
|
|
# enforced = "body";
|
|
# };
|
|
|
|
# loginAccounts = {
|
|
# "lyes@mail.lyes.eu" = {
|
|
# # hashedPasswordFile = config.age.secrets.lyes-mail-passwd.path;
|
|
# # aliases = [
|
|
# # "@lyes.eu"
|
|
# # ];
|
|
# # quota = "1T";
|
|
# };
|
|
# };
|
|
|
|
# extraVirtualAliases = {
|
|
# "@lyes.eu" = "lyes";
|
|
# "abuse@mail.lyes.eu" = "lyes";
|
|
# # "abuse@minish.fr" = "lyes";
|
|
# # "abuse@minish.link" = "lyes";
|
|
# "postmaster@mail.lyes.eu" = "lyes";
|
|
# # "postmaster@minish.fr" = "lyes";
|
|
# # "postmaster@minish.link" = "lyes";
|
|
# };
|
|
|
|
x509.useACMEHost = config.mailserver.fqdn;
|
|
};
|
|
|
|
services.postfix = {
|
|
mapFiles."valias" = lib.mkForce aliasFile;
|
|
mapFiles."vaccounts" = lib.mkForce aliasFile;
|
|
virtual = lib.mkForce alias;
|
|
|
|
settings = {
|
|
main = {
|
|
# local_recipient_maps = "";
|
|
# virtual_alias_maps = lib.mkForce "ldap:/run/postfix/ldap-virtual-mailbox-map.cf";
|
|
|
|
maximal_queue_lifetime = "31d";
|
|
|
|
relay_domains = [
|
|
"skaven.org"
|
|
"agreg.info"
|
|
];
|
|
|
|
smtpd_recipient_restrictions = [
|
|
"permit_mynetworks"
|
|
"permit_sasl_authenticated"
|
|
];
|
|
};
|
|
};
|
|
};
|
|
|
|
# services.dovecot2.extraConfig = ''
|
|
# userdb {
|
|
# driver = ldap
|
|
# auth_bind = yes
|
|
# # pass_attrs = uid=user
|
|
# pass_filter = (name=%u)
|
|
# }
|
|
|
|
# passdb {
|
|
# driver = ldap
|
|
# auth_bind = yes
|
|
# # pass_attrs = uid=user
|
|
# pass_filter = (name=%u)
|
|
# }
|
|
# '';
|
|
|
|
services.dovecot2 = {
|
|
# enableQuota = lib.mkForce false;
|
|
sieve.extensions = [ "imap4flags" ];
|
|
};
|
|
|
|
services.roundcube = {
|
|
enable = true;
|
|
|
|
hostName = "taf.lyes.eu";
|
|
extraConfig = ''
|
|
$config['imap_host'] = "ssl://taf.lyes.eu:993";
|
|
$config['smtp_host'] = "tls://taf.lyes.eu";
|
|
$config['smtp_port'] = 587;
|
|
$config['smtp_user'] = "%u";
|
|
$config['smtp_pass'] = "%p";
|
|
'';
|
|
};
|
|
|
|
age.secrets = {
|
|
taf-token = {
|
|
file = ../../../secrets/zora/services/taf-token.age;
|
|
};
|
|
|
|
# lyes-mail-passwd = {
|
|
# owner = "postfix";
|
|
# file = ../../../secrets/lyes/mail-passwd.age;
|
|
# };
|
|
};
|
|
}
|