add postfix

2022-01-22 18:26:11 +01:00 · 2022-01-22 18:26:11 +01:00 · d3a1b3f488
commit d3a1b3f488
parent 366c05ab10
2 changed files with 73 additions and 0 deletions
--- a/config/nixos-8gb-fsn1-1.nix
+++ b/config/nixos-8gb-fsn1-1.nix
@ -15,6 +15,7 @@
    ./services/chir-rs.nix
    ./services/postfixadmin.nix
    ./services/dovecot.nix
+    ./services/postfix.nix
  ];

  boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sd_mod" "sr_mod" ];
--- a/config/services/postfix.nix
+++ b/config/services/postfix.nix
@ -0,0 +1,72 @@
+{ pkgs, ... }:
+let
+  virtual_alias_domains = pkgs.writeText "virtual_alias_domains.cf" ''
+    user = postfix
+    dbname = postfix
+    query = SELECT target_domain FROM alias_domain WHERE alias_domain = '%s' AND active='t';
+  '';
+  virtual_alias_maps = pkgs.writeText "virtual_alias_maps.cf" ''
+    user = postfix
+    dbname = postfix
+    query = SELECT goto FROM alias WHERE address='%s' AND active='t';
+  '';
+  virtual_mailbox_domains = pkgs.writeText "virtual_mailbox_domains.cf" ''
+    user = postfix
+    dbname = postfix
+    query = SELECT domain FROM domain WHERE domain = '%s' AND active='t';
+  '';
+in
+{
+  nixpkgs.overlays = [
+    (curr: prev: {
+      postfix = prev.postfix.override {
+        withPgSQL = true;
+      };
+    })
+  ];
+  services.postfix = {
+    enable = true;
+    enableSubmission = true;
+    enableSubmissions = true;
+    destination = [
+      "localhost"
+      "darkkirb.de"
+      "miifox.net"
+      "chir.rs"
+    ];
+    domain = "chir.rs";
+    hostname = "mail.chir.rs";
+    masterConfig = {
+      submission = {
+        args = [ "-o" "smtpd_tls_security_level=encrypt" ];
+        type = "inet";
+      };
+    };
+    origin = "mail.chir.rs";
+    sslCert = "/var/lib/acme/chir.rs/cert.pem";
+    sslKey = "/var/lib/acme/chir.rs/key.pem";
+    config = {
+      smtp_tls_security_level = "encrypt";
+
+      virtual_alias_domains = "pgsql:${virtual_mailbox_domains}";
+      virtual_alias_maps = "pgsql:${virtual_alias_maps}";
+      virtual_mailbox_domains = "pgsql:${virtual_mailbox_domains}";
+      virtual_transport = "lmtp:unix:/run/dovecot/lmtp";
+      smtpd_milters = "[fd00:e621:e621:2::2]:11332";
+      non_smtpd_milters = "[fd00:e621:e621:2::2]:11332";
+      disable_vrfy_command = "yes";
+      smtpd_banner = "mail.chir.rs ESMTP NO UCE NO UBE NO RELAYCLIENT=yes YES OwO";
+      message_size_limit = "20971520";
+      biff = "no";
+      smtpd_helo_restrictions = "permit_mynetworks, permit_sasl_authenticated";
+      smtpd_helo_required = "yes";
+      smtpd_sasl_type = "dovecot";
+      smtpd_sasl_path = "/run/dovecot/auth";
+      smtpd_sasl_auth_enable = "yes";
+      smtpd_tls_auth_only = "yes";
+      smtpd_tls_mandatory_protocols = "!SSLv2, !SSLv3, !TLSv1, !TLSv1.1";
+      smtpd_tls_protocols = "!SSLv2, !SSLv3, !TLSv1, !TLSv1.1";
+      tls_preempt_cipherlist = "no";
+    };
+  };
+}