fruitbasket/modules/mail/mailman.nix

77 lines
2.2 KiB
Nix
Raw Normal View History

2023-04-04 00:04:04 +02:00
{ config, ... }:
{
2023-04-04 14:25:21 +02:00
sops.secrets.mailman_ldap_search = {
key = "portunus/search-password";
2023-04-04 14:25:21 +02:00
owner = config.services.mailman.webUser;
};
2023-04-04 00:04:04 +02:00
services.mailman = {
enable = true;
serve.enable = true;
webHosts = [ "lists.${config.networking.domain}" ];
2023-04-04 00:04:04 +02:00
hyperkitty.enable = true;
enablePostfix = true;
siteOwner = "mailman@${config.networking.domain}";
2023-09-14 14:54:09 +02:00
settings = {
database = {
class = "mailman.database.postgresql.PostgreSQLDatabase";
url = "postgresql://mailman@/mailman?host=/run/postgresql";
};
};
webSettings = {
DATABASES.default = {
ENGINE = "django.db.backends.postgresql";
2023-12-14 15:42:10 +01:00
NAME = "mailman-web";
2023-09-14 14:54:09 +02:00
};
};
2023-04-04 14:25:21 +02:00
ldap = {
enable = true;
serverUri = "ldap://localhost";
bindDn = "uid=search, ou=users, dc=ifsr, dc=de";
bindPasswordFile = config.sops.secrets.mailman_ldap_search.path;
userSearch = {
ou = "ou=users, dc=ifsr, dc=de";
query = "(&(objectClass=posixAccount)(uid=%(user)s))";
};
groupSearch = {
ou = "ou=groups, dc=ifsr, dc=de";
query = "(objectClass=groupOfNames)";
2023-07-04 09:36:08 +02:00
type = "groupOfNames";
2023-04-04 14:25:21 +02:00
};
2023-07-04 09:36:08 +02:00
superUserGroup = "cn=admins,ou=groups,dc=ifsr,dc=de";
2023-04-04 14:25:21 +02:00
};
2023-04-04 00:04:04 +02:00
};
services.postfix = {
relayDomains = [ "hash:/var/lib/mailman/data/postfix_domains" ];
config = {
mailbox_transport = "lmtp:unix:/run/dovecot2/dovecot-lmtp";
transport_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ];
virtual_alias_maps = [ "hash:/var/lib/mailman/data/postfix_vmap" ];
local_recipient_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ];
};
};
2023-09-14 14:54:09 +02:00
services.postgresql = {
enable = true;
ensureUsers = [
{
name = "mailman";
2023-12-14 15:42:10 +01:00
ensureDBOwnership = true;
2023-09-14 14:54:09 +02:00
}
{
name = "mailman-web";
2023-12-14 15:42:10 +01:00
ensureDBOwnership = true;
2023-09-14 14:54:09 +02:00
}
];
2023-12-14 15:42:10 +01:00
ensureDatabases = [ "mailman" "mailman-web" ];
2023-09-14 14:54:09 +02:00
};
services.nginx.virtualHosts."lists.${config.networking.domain}" = {
2023-04-24 22:30:04 +02:00
enableACME = true;
forceSSL = true;
2024-03-06 20:49:02 +01:00
locations."/robots.txt" = {
extraConfig = ''
add_header Content-Type text/plain;
return 200 "User-agent: *\nDisallow: /\n";
'';
};
2023-04-24 22:30:04 +02:00
};
2023-04-04 00:04:04 +02:00
}