From d1fb1b3de166c2371ee8853c973343fbaf4ae9b3 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Tue, 4 Apr 2023 00:04:04 +0200
Subject: [PATCH 1/3] initial mailman config

---
 flake.nix           |  2 ++
 modules/mail.nix    |  6 +++++-
 modules/mailman.nix | 11 +++++++++++
 3 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 modules/mailman.nix

diff --git a/flake.nix b/flake.nix
index 5812f1f..2c7bd71 100755
--- a/flake.nix
+++ b/flake.nix
@@ -69,6 +69,8 @@
             ./modules/ldap.nix
             # ./modules/keycloak.nix replaced by portunus
             ./modules/nginx.nix
+            ./modules/mail.nix
+            ./modules/mailman.nix
             ./modules/hedgedoc.nix
             ./modules/wiki.nix
             ./modules/stream.nix
diff --git a/modules/mail.nix b/modules/mail.nix
index 8a4db0e..d047743 100644
--- a/modules/mail.nix
+++ b/modules/mail.nix
@@ -41,6 +41,8 @@ in
       networks = [ "127.0.0.1" "141.30.30.169" ];
       sslCert = "/var/lib/acme/${hostname}/fullchain.pem";
       sslKey = "/var/lib/acme/${hostname}/key.pem";
+      relayDomains = [ "hash:/var/lib/mailman/data/postfix_domains" ];
+
       extraAliases = ''
         # Taken from kaki, maybe we can throw out some at some point
         # General redirections for pseudo accounts
@@ -99,7 +101,9 @@ in
         smtpd_sasl_auth_enable = true;
         smtpd_sasl_path = "/var/lib/postfix/auth";
         smtpd_sasl_type = "dovecot";
-        # virtual_mailbox_base = "/var/mail";
+        #mailman stuff
+        transport_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ];
+        local_recipient_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ];
       };
     };
     dovecot2 = {
diff --git a/modules/mailman.nix b/modules/mailman.nix
new file mode 100644
index 0000000..6f5bb2e
--- /dev/null
+++ b/modules/mailman.nix
@@ -0,0 +1,11 @@
+{ config, ... }:
+{
+  services.mailman = {
+    enable = true;
+    serve.enable = true;
+    webHosts = [ "lists.${config.fsr.domain}" ];
+    hyperkitty.enable = true;
+    enablePostfix = true;
+    siteOwner = "root@${config.fsr.domain}";
+  };
+}

From 12f1d690baa2de5ca32fcab2858af985baec82e1 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Tue, 4 Apr 2023 14:25:21 +0200
Subject: [PATCH 2/3] added ldap config to mailman

---
 modules/mailman.nix | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/modules/mailman.nix b/modules/mailman.nix
index 6f5bb2e..d7076b0 100644
--- a/modules/mailman.nix
+++ b/modules/mailman.nix
@@ -1,5 +1,9 @@
 { config, ... }:
 {
+  sops.secrets.mailman_ldap_search = {
+    key = "portunus_search";
+    owner = config.services.mailman.webUser;
+  };
   services.mailman = {
     enable = true;
     serve.enable = true;
@@ -7,5 +11,19 @@
     hyperkitty.enable = true;
     enablePostfix = true;
     siteOwner = "root@${config.fsr.domain}";
+    ldap = {
+      enable = true;
+      serverUri = "ldap://localhost";
+      bindDn = "uid=search, ou=users, dc=ifsr, dc=de";
+      bindPasswordFile = config.sops.secrets.mailman_ldap_search.path;
+      userSearch = {
+        ou = "ou=users, dc=ifsr, dc=de";
+        query = "(&(objectClass=posixAccount)(uid=%(user)s))";
+      };
+      groupSearch = {
+        ou = "ou=groups, dc=ifsr, dc=de";
+        query = "(objectClass=groupOfNames)";
+      };
+    };
   };
 }

From 197e8e6add98dabea08dc55f85457d84a0d029be Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Tue, 4 Apr 2023 14:27:43 +0200
Subject: [PATCH 3/3] added mailman to quitte flake

---
 flake.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/flake.nix b/flake.nix
index 2c7bd71..7e351f7 100755
--- a/flake.nix
+++ b/flake.nix
@@ -44,6 +44,7 @@
             ./modules/ldap.nix
             # ./modules/keycloak.nix replaced by portunus
             ./modules/mail.nix
+            ./modules/mailman.nix
             ./modules/nginx.nix
             ./modules/hedgedoc.nix
             ./modules/wiki.nix