diff --git a/flake.lock b/flake.lock index f0b5f24..3650034 100644 --- a/flake.lock +++ b/flake.lock @@ -71,11 +71,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1680390120, - "narHash": "sha256-RyDJcG/7mfimadlo8vO0QjW22mvYH1+cCqMuigUntr8=", + "lastModified": 1676162277, + "narHash": "sha256-GK3cnvKNo1l0skGYXXiLJ/TLqdKyIYXd7jOlo0gN+Qw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c1e2efaca8d8a3db6a36f652765d6c6ba7bb8fae", + "rev": "d863ca850a06d91365c01620dcac342574ecf46f", "type": "github" }, "original": { @@ -87,11 +87,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1680334310, - "narHash": "sha256-ISWz16oGxBhF7wqAxefMPwFag6SlsA9up8muV79V9ck=", + "lastModified": 1676375384, + "narHash": "sha256-6HI3jZiuJX+KLz05cocYy2mBAWlISEKHU84ftYfxHZ8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "884e3b68be02ff9d61a042bc9bd9dd2a358f95da", + "rev": "c43f676c938662072772339be6269226c77b51b8", "type": "github" }, "original": { @@ -116,11 +116,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1680404136, - "narHash": "sha256-06D8HJmRv4DdpEQGblMhx2Vm81SBWM61XBBIx7QQfo0=", + "lastModified": 1676171095, + "narHash": "sha256-2laeSjBAAJ9e/C3uTIPb287iX8qeVLtWiilw1uxqG+A=", "owner": "Mic92", "repo": "sops-nix", - "rev": "b93eb910f768f9788737bfed596a598557e5625d", + "rev": "c5dab21d8706afc7ceb05c23d4244dcb48d6aade", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 5812f1f..7e351f7 100755 --- a/flake.nix +++ b/flake.nix @@ -44,6 +44,7 @@ ./modules/ldap.nix # ./modules/keycloak.nix replaced by portunus ./modules/mail.nix + ./modules/mailman.nix ./modules/nginx.nix ./modules/hedgedoc.nix ./modules/wiki.nix @@ -69,6 +70,8 @@ ./modules/ldap.nix # ./modules/keycloak.nix replaced by portunus ./modules/nginx.nix + ./modules/mail.nix + ./modules/mailman.nix ./modules/hedgedoc.nix ./modules/wiki.nix ./modules/stream.nix diff --git a/modules/mail.nix b/modules/mail.nix index 8a4db0e..d047743 100644 --- a/modules/mail.nix +++ b/modules/mail.nix @@ -41,6 +41,8 @@ in networks = [ "127.0.0.1" "141.30.30.169" ]; sslCert = "/var/lib/acme/${hostname}/fullchain.pem"; sslKey = "/var/lib/acme/${hostname}/key.pem"; + relayDomains = [ "hash:/var/lib/mailman/data/postfix_domains" ]; + extraAliases = '' # Taken from kaki, maybe we can throw out some at some point # General redirections for pseudo accounts @@ -99,7 +101,9 @@ in smtpd_sasl_auth_enable = true; smtpd_sasl_path = "/var/lib/postfix/auth"; smtpd_sasl_type = "dovecot"; - # virtual_mailbox_base = "/var/mail"; + #mailman stuff + transport_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ]; + local_recipient_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ]; }; }; dovecot2 = { diff --git a/modules/mailman.nix b/modules/mailman.nix new file mode 100644 index 0000000..d7076b0 --- /dev/null +++ b/modules/mailman.nix @@ -0,0 +1,29 @@ +{ config, ... }: +{ + sops.secrets.mailman_ldap_search = { + key = "portunus_search"; + owner = config.services.mailman.webUser; + }; + services.mailman = { + enable = true; + serve.enable = true; + webHosts = [ "lists.${config.fsr.domain}" ]; + hyperkitty.enable = true; + enablePostfix = true; + siteOwner = "root@${config.fsr.domain}"; + ldap = { + enable = true; + serverUri = "ldap://localhost"; + bindDn = "uid=search, ou=users, dc=ifsr, dc=de"; + bindPasswordFile = config.sops.secrets.mailman_ldap_search.path; + userSearch = { + ou = "ou=users, dc=ifsr, dc=de"; + query = "(&(objectClass=posixAccount)(uid=%(user)s))"; + }; + groupSearch = { + ou = "ou=groups, dc=ifsr, dc=de"; + query = "(objectClass=groupOfNames)"; + }; + }; + }; +}