{ config, ... }:
{
sops.secrets.mailman_ldap_search = {
key = "portunus/search-password";
owner = config.services.mailman.webUser;
};
services.mailman = {
enable = true;
serve.enable = true;
webHosts = [ "lists.${config.networking.domain}" ];
hyperkitty.enable = true;
enablePostfix = true;
siteOwner = "mailman@${config.networking.domain}";
settings = {
database = {
class = "mailman.database.postgresql.PostgreSQLDatabase";
url = "postgresql://mailman@/mailman?host=/run/postgresql";
};
};
webSettings = {
DATABASES.default = {
ENGINE = "django.db.backends.postgresql";
NAME = "mailman-web";
};
};
ldap = {
enable = true;
serverUri = "ldap://localhost";
bindDn = "uid=search, ou=users, dc=ifsr, dc=de";
bindPasswordFile = config.sops.secrets.mailman_ldap_search.path;
userSearch = {
ou = "ou=users, dc=ifsr, dc=de";
query = "(&(objectClass=posixAccount)(uid=%(user)s))";
};
groupSearch = {
ou = "ou=groups, dc=ifsr, dc=de";
query = "(objectClass=groupOfNames)";
type = "groupOfNames";
};
superUserGroup = "cn=admins,ou=groups,dc=ifsr,dc=de";
};
};
services.postfix = {
relayDomains = [ "hash:/var/lib/mailman/data/postfix_domains" ];
config = {
mailbox_transport = "lmtp:unix:/run/dovecot2/dovecot-lmtp";
transport_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ];
virtual_alias_maps = [ "hash:/var/lib/mailman/data/postfix_vmap" ];
local_recipient_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ];
};
};
services.postgresql = {
enable = true;
ensureUsers = [
{
name = "mailman";
ensureDBOwnership = true;
}
{
name = "mailman-web";
ensureDBOwnership = true;
}
];
ensureDatabases = [ "mailman" "mailman-web" ];
};
services.nginx.virtualHosts."lists.${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
locations."/robots.txt" = {
extraConfig = ''
add_header Content-Type text/plain;
return 200 "User-agent: *\nDisallow: /\n";
'';
};
};
}