frieder.hannenheim/fruitbasket
1
0
Fork 0
forked from wurzel/fruitbasket
Code Pull requests Activity

Merge branch 'main' into garbage

Browse source
This commit is contained in:
Rouven Seifert 2023-07-07 12:16:30 +02:00 committed by GitHub
commit 2afef761ed
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 81 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

15
modules/kpp.nix Normal file
View file

@ -0,0 +1,15 @@
{ config, ... }:
let
domain = "kpp.${config.fsr.domain}";
in
{
services.kpp = {
enable = true;
hostName = domain;
};
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
};
}

69
modules/mail.nix
View file

@ -39,7 +39,7 @@ in
domain = "${domain}";
origin = "${domain}";
destination = [ "${hostname}" "${domain}" "localhost" ];
networks = [ "127.0.0.1" "141.30.30.169" ];
networksStyle = "host"; # localhost and own public IP
sslCert = "/var/lib/acme/${hostname}/fullchain.pem";
sslKey = "/var/lib/acme/${hostname}/key.pem";
relayDomains = [ "hash:/var/lib/mailman/data/postfix_domains" ];
@ -47,7 +47,6 @@ in
extraAliases = ''
# Taken from kaki, maybe we can throw out some at some point
# General redirections for pseudo accounts
postmaster: root
bin: root
daemon: root
named: root
@ -62,9 +61,13 @@ in
dumper: root
operator: root
abuse: postmaster
postmaster: root
# trap decode to catch security attacks
decode: root
# yeet into the void
noreply: /dev/null
'';
config = {
home_mailbox = "Maildir/";
@ -99,6 +102,7 @@ in
];
# smtpd_sender_login_maps = [ "ldap:${ldap-senders}" ];
alias_maps = [ "hash:/etc/aliases" ];
alias_database = [ "hash:/etc/aliases" ];
# alias_maps = [ "hash:/etc/aliases" "ldap:${ldap-aliases}" ];
smtpd_milters = [ "local:/run/opendkim/opendkim.sock" ];
non_smtpd_milters = [ "local:/var/run/opendkim/opendkim.sock" ];
@ -106,10 +110,10 @@ in
smtpd_sasl_path = "/var/lib/postfix/auth";
smtpd_sasl_type = "dovecot";
#mailman stuff
local_transport = "lmtp:unix:/run/dovecot2/dovecot-lmtp";
mailbox_transport = "lmtp:unix:/run/dovecot2/dovecot-lmtp";
transport_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ];
local_recipient_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" "ldap:${config.sops.secrets."postfix_ldap_aliases".path}" ];
local_recipient_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" "ldap:${config.sops.secrets."postfix_ldap_aliases".path}" "$alias_maps" ];
};
};
dovecot2 = {
@ -153,37 +157,36 @@ in
pkgs.dovecot_pigeonhole
];
extraConfig = ''
auth_username_format = %Ln
passdb {
driver = ldap
args = ${dovecot-ldap-args}
auth_username_format = %Ln
passdb {
driver = ldap
args = ${dovecot-ldap-args}
}
userdb {
driver = ldap
args = ${dovecot-ldap-args}
}
service auth {
unix_listener /var/lib/postfix/auth {
group = postfix
mode = 0660
user = postfix
}
userdb {
driver = ldap
args = ${dovecot-ldap-args}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
service auth {
unix_listener /var/lib/postfix/auth {
group = postfix
mode = 0660
user = postfix
}
service_count = 1
}
service lmtp {
unix_listener dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
service_count = 1
}
service lmtp {
unix_listener dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
client_limit = 1
}
client_limit = 1
}
'';
};
opendkim = {
@ -191,7 +194,7 @@ in
domains = "csl:${config.fsr.domain}";
selector = config.networking.hostName;
configFile = pkgs.writeText "opendkim-config" ''
UMask 0117
UMask 0117
'';
};
rspamd = {