Merge pull request #30 from fsr/mailman

Mailman config
2023-04-24 21:12:15 +02:00 · 2023-04-24 21:12:15 +02:00 · 5f761825f0
parent 8f3e98a934 197e8e6add
commit 5f761825f0
3 changed files with 37 additions and 1 deletions
--- a/flake.nix
+++ b/flake.nix
@ -44,6 +44,7 @@
            ./modules/ldap.nix
            # ./modules/keycloak.nix replaced by portunus
            ./modules/mail.nix
+            ./modules/mailman.nix
            ./modules/nginx.nix
            ./modules/hedgedoc.nix
            ./modules/wiki.nix
@ -69,6 +70,8 @@
            ./modules/ldap.nix
            # ./modules/keycloak.nix replaced by portunus
            ./modules/nginx.nix
+            ./modules/mail.nix
+            ./modules/mailman.nix
            ./modules/hedgedoc.nix
            ./modules/wiki.nix
            ./modules/stream.nix
--- a/modules/mail.nix
+++ b/modules/mail.nix
@ -41,6 +41,8 @@ in
      networks = [ "127.0.0.1" "141.30.30.169" ];
      sslCert = "/var/lib/acme/${hostname}/fullchain.pem";
      sslKey = "/var/lib/acme/${hostname}/key.pem";
+      relayDomains = [ "hash:/var/lib/mailman/data/postfix_domains" ];
+
      extraAliases = ''
        # Taken from kaki, maybe we can throw out some at some point
        # General redirections for pseudo accounts
@ -99,7 +101,9 @@ in
        smtpd_sasl_auth_enable = true;
        smtpd_sasl_path = "/var/lib/postfix/auth";
        smtpd_sasl_type = "dovecot";
-        # virtual_mailbox_base = "/var/mail";
+        #mailman stuff
+        transport_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ];
+        local_recipient_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ];
      };
    };
    dovecot2 = {
--- a/modules/mailman.nix
+++ b/modules/mailman.nix
@ -0,0 +1,29 @@
+{ config, ... }:
+{
+  sops.secrets.mailman_ldap_search = {
+    key = "portunus_search";
+    owner = config.services.mailman.webUser;
+  };
+  services.mailman = {
+    enable = true;
+    serve.enable = true;
+    webHosts = [ "lists.${config.fsr.domain}" ];
+    hyperkitty.enable = true;
+    enablePostfix = true;
+    siteOwner = "root@${config.fsr.domain}";
+    ldap = {
+      enable = true;
+      serverUri = "ldap://localhost";
+      bindDn = "uid=search, ou=users, dc=ifsr, dc=de";
+      bindPasswordFile = config.sops.secrets.mailman_ldap_search.path;
+      userSearch = {
+        ou = "ou=users, dc=ifsr, dc=de";
+        query = "(&(objectClass=posixAccount)(uid=%(user)s))";
+      };
+      groupSearch = {
+        ou = "ou=groups, dc=ifsr, dc=de";
+        query = "(objectClass=groupOfNames)";
+      };
+    };
+  };
+}