From d1fb1b3de166c2371ee8853c973343fbaf4ae9b3 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Tue, 4 Apr 2023 00:04:04 +0200 Subject: [PATCH 1/4] initial mailman config --- flake.nix | 2 ++ modules/mail.nix | 6 +++++- modules/mailman.nix | 11 +++++++++++ 3 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 modules/mailman.nix diff --git a/flake.nix b/flake.nix index 5812f1f..2c7bd71 100755 --- a/flake.nix +++ b/flake.nix @@ -69,6 +69,8 @@ ./modules/ldap.nix # ./modules/keycloak.nix replaced by portunus ./modules/nginx.nix + ./modules/mail.nix + ./modules/mailman.nix ./modules/hedgedoc.nix ./modules/wiki.nix ./modules/stream.nix diff --git a/modules/mail.nix b/modules/mail.nix index 8a4db0e..d047743 100644 --- a/modules/mail.nix +++ b/modules/mail.nix @@ -41,6 +41,8 @@ in networks = [ "127.0.0.1" "141.30.30.169" ]; sslCert = "/var/lib/acme/${hostname}/fullchain.pem"; sslKey = "/var/lib/acme/${hostname}/key.pem"; + relayDomains = [ "hash:/var/lib/mailman/data/postfix_domains" ]; + extraAliases = '' # Taken from kaki, maybe we can throw out some at some point # General redirections for pseudo accounts @@ -99,7 +101,9 @@ in smtpd_sasl_auth_enable = true; smtpd_sasl_path = "/var/lib/postfix/auth"; smtpd_sasl_type = "dovecot"; - # virtual_mailbox_base = "/var/mail"; + #mailman stuff + transport_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ]; + local_recipient_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ]; }; }; dovecot2 = { diff --git a/modules/mailman.nix b/modules/mailman.nix new file mode 100644 index 0000000..6f5bb2e --- /dev/null +++ b/modules/mailman.nix @@ -0,0 +1,11 @@ +{ config, ... }: +{ + services.mailman = { + enable = true; + serve.enable = true; + webHosts = [ "lists.${config.fsr.domain}" ]; + hyperkitty.enable = true; + enablePostfix = true; + siteOwner = "root@${config.fsr.domain}"; + }; +} -- 2.47.1 From c7e7ba2db80d1b21fdd640aa8a470855fa60dcc2 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Tue, 4 Apr 2023 00:10:49 +0200 Subject: [PATCH 2/4] nix flake update --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 3650034..f0b5f24 100644 --- a/flake.lock +++ b/flake.lock @@ -71,11 +71,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1676162277, - "narHash": "sha256-GK3cnvKNo1l0skGYXXiLJ/TLqdKyIYXd7jOlo0gN+Qw=", + "lastModified": 1680390120, + "narHash": "sha256-RyDJcG/7mfimadlo8vO0QjW22mvYH1+cCqMuigUntr8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d863ca850a06d91365c01620dcac342574ecf46f", + "rev": "c1e2efaca8d8a3db6a36f652765d6c6ba7bb8fae", "type": "github" }, "original": { @@ -87,11 +87,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1676375384, - "narHash": "sha256-6HI3jZiuJX+KLz05cocYy2mBAWlISEKHU84ftYfxHZ8=", + "lastModified": 1680334310, + "narHash": "sha256-ISWz16oGxBhF7wqAxefMPwFag6SlsA9up8muV79V9ck=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c43f676c938662072772339be6269226c77b51b8", + "rev": "884e3b68be02ff9d61a042bc9bd9dd2a358f95da", "type": "github" }, "original": { @@ -116,11 +116,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1676171095, - "narHash": "sha256-2laeSjBAAJ9e/C3uTIPb287iX8qeVLtWiilw1uxqG+A=", + "lastModified": 1680404136, + "narHash": "sha256-06D8HJmRv4DdpEQGblMhx2Vm81SBWM61XBBIx7QQfo0=", "owner": "Mic92", "repo": "sops-nix", - "rev": "c5dab21d8706afc7ceb05c23d4244dcb48d6aade", + "rev": "b93eb910f768f9788737bfed596a598557e5625d", "type": "github" }, "original": { -- 2.47.1 From 12f1d690baa2de5ca32fcab2858af985baec82e1 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Tue, 4 Apr 2023 14:25:21 +0200 Subject: [PATCH 3/4] added ldap config to mailman --- modules/mailman.nix | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/modules/mailman.nix b/modules/mailman.nix index 6f5bb2e..d7076b0 100644 --- a/modules/mailman.nix +++ b/modules/mailman.nix @@ -1,5 +1,9 @@ { config, ... }: { + sops.secrets.mailman_ldap_search = { + key = "portunus_search"; + owner = config.services.mailman.webUser; + }; services.mailman = { enable = true; serve.enable = true; @@ -7,5 +11,19 @@ hyperkitty.enable = true; enablePostfix = true; siteOwner = "root@${config.fsr.domain}"; + ldap = { + enable = true; + serverUri = "ldap://localhost"; + bindDn = "uid=search, ou=users, dc=ifsr, dc=de"; + bindPasswordFile = config.sops.secrets.mailman_ldap_search.path; + userSearch = { + ou = "ou=users, dc=ifsr, dc=de"; + query = "(&(objectClass=posixAccount)(uid=%(user)s))"; + }; + groupSearch = { + ou = "ou=groups, dc=ifsr, dc=de"; + query = "(objectClass=groupOfNames)"; + }; + }; }; } -- 2.47.1 From 197e8e6add98dabea08dc55f85457d84a0d029be Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Tue, 4 Apr 2023 14:27:43 +0200 Subject: [PATCH 4/4] added mailman to quitte flake --- flake.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/flake.nix b/flake.nix index 2c7bd71..7e351f7 100755 --- a/flake.nix +++ b/flake.nix @@ -44,6 +44,7 @@ ./modules/ldap.nix # ./modules/keycloak.nix replaced by portunus ./modules/mail.nix + ./modules/mailman.nix ./modules/nginx.nix ./modules/hedgedoc.nix ./modules/wiki.nix -- 2.47.1