Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

changes

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2024-10-18 15:24:20 +02:00
parent c681eb3139
commit 3eb9ce0e89
21 changed files with 356 additions and 455 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
hosts/mail.social-grow.tech/modules/postfix.nix
View File

@@ -5,16 +5,18 @@
}:
let
domain = config.networking.domain;
ldapServer = "ldap.cloonar.com";
# domain = "cloonar.com";
components = lib.strings.splitString "." domain;
dcComponents = map (x: "dc=" + x) components;
ldapPath = builtins.concatStringsSep "," dcComponents;
ldapServer = "ldap.${domain}";
domains = pkgs.writeText "domains.cf" ''
server_host = ldap://${ldapServer}
search_base = ou=domains,dc=cloonar,dc=com
search_base = ou=domains,${ldapPath}
version = 3
bind = yes
start_tls = yes
bind_dn = cn=vmail,ou=system,ou=users,dc=cloonar,dc=com
bind_dn = cn=vmail,ou=system,ou=users,${ldapPath}
bind_pw = @ldap-password@
scope = one
query_filter = (&(dc=%s)(objectClass=mailDomain))
@@ -28,7 +30,7 @@ let
version = 3
bind = yes
start_tls = yes
bind_dn = cn=vmail,ou=system,ou=users,dc=cloonar,dc=com
bind_dn = cn=vmail,ou=system,ou=users,${ldapPath}
bind_pw = @ldap-password@
scope = sub
query_filter = (&(uid=%u)(objectClass=mailAccount))
@@ -42,7 +44,7 @@ let
version = 3
bind = yes
start_tls = yes
bind_dn = cn=vmail,ou=system,ou=users,dc=cloonar,dc=com
bind_dn = cn=vmail,ou=system,ou=users,${ldapPath}
bind_pw = @ldap-password@
scope = sub
query_filter = (|(&(objectClass=mailAccount)(uid=%u))(&(objectClass=mailAlias)(mail=%s)))
@@ -56,7 +58,7 @@ let
version = 3
bind = yes
start_tls = yes
bind_dn = cn=vmail,ou=system,ou=users,dc=cloonar,dc=com
bind_dn = cn=vmail,ou=system,ou=users,${ldapPath}
bind_pw = @ldap-password@
scope = sub
query_filter = (&(objectClass=mailAccount)(uid=%u))
@@ -70,7 +72,7 @@ let
version = 3
bind = yes
start_tls = yes
bind_dn = cn=vmail,ou=system,ou=users,dc=cloonar,dc=com
bind_dn = cn=vmail,ou=system,ou=users,${ldapPath}
bind_pw = @ldap-password@
scope = one
query_filter = (&(objectClass=mailAlias)(mail=%s))
@@ -80,7 +82,7 @@ let
helo_access = pkgs.writeText "helo_access" ''
/^([0-9\.]+)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server sent non RFC compliant HELO identity (''${1})
cloonar.com REJECT ACCESS DENIED. Your email was rejected because the sending mail server sent non RFC compliant HELO identity (''${1})
${domain} REJECT ACCESS DENIED. Your email was rejected because the sending mail server sent non RFC compliant HELO identity (''${1})
ghetto.at REJECT ACCESS DENIED. Your email was rejected because the sending mail server sent non RFC compliant HELO identity (''${1})
'';
in
@@ -89,7 +91,7 @@ in
enable = true;
enableSubmission = true;
hostname = "mail.${domain}";
domain = "cloonar.com";
domain = domain;
masterConfig."465" = {
type = "inet";
@@ -147,9 +149,9 @@ in
smtp_dns_support_level = "dnssec";
smtp_tls_security_level = "dane";
smtpd_tls_cert_file = "/var/lib/acme/mail.cloonar.com/full.pem";
smtpd_tls_key_file = "/var/lib/acme/mail.cloonar.com/key.pem";
smtpd_tls_CAfile = "/var/lib/acme/mail.cloonar.com/fullchain.pem";
smtpd_tls_cert_file = "/var/lib/acme/mail.${domain}/full.pem";
smtpd_tls_key_file = "/var/lib/acme/mail.${domain}/key.pem";
smtpd_tls_CAfile = "/var/lib/acme/mail.${domain}/fullchain.pem";
smtpd_tls_dh512_param_file = config.security.dhparams.params.postfix512.path;
smtpd_tls_dh1024_param_file = config.security.dhparams.params.postfix2048.path;