nixos/applications/email.nix

169 lines
3.8 KiB
Nix
Raw Normal View History

{ config, pkgs, lib, ...}: with lib;
let
cfg = config.services.skynet_email;
in {
imports = [
./dns.nix
];
/*
backups = [
"/var/vmail"
"/var/dkim"
];
*/
options.services.skynet_email = {
# options that need to be passed in to make this work
enable = mkEnableOption "Skynet Email";
host = {
ip = mkOption {
type = types.str;
};
name = mkOption {
type = types.str;
};
};
domain = mkOption {
type = types.str;
default = "ulcompsoc.ie";
description = lib.mdDoc "domaino";
};
sub = mkOption {
type = types.str;
default = "mail";
description = lib.mdDoc "mailserver subdomain";
};
ldap = {
hosts = mkOption {
type = types.listOf types.str;
default = [
"ldaps://sso.skynet.ie"
];
description = lib.mdDoc "ldap domains";
};
base = mkOption {
type = types.str;
default = "dc=skynet,dc=ie";
description = lib.mdDoc "where to find users";
};
searchBase = mkOption {
type = types.str;
default = "ou=users,${cfg.ldap.base}";
description = lib.mdDoc "where to find users";
};
bind_dn = mkOption {
type = types.str;
default = "cn=admin,${cfg.ldap.base}";
description = lib.mdDoc "where to find users";
};
};
};
config = mkIf cfg.enable {
age.secrets.ldap_pw.file = ../secrets/ldap/pw.age;
# set up dns record for it
skynet_dns.records.external = [
# basic one
"mail A ${cfg.host.ip}"
# SPF record
''${cfg.domain}. IN TXT "v=spf1 a:${cfg.sub}.${cfg.domain} -all"''
# DKIM
''mail._domainkey.${cfg.domain}. IN TXT "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl8ptSASx37t5sfmU2d2Y6yi9AVrsNFBZDmJ2uaLa4NuvAjxGQCw4wx+1Jui/HOuKYLpntLsjN851wgPR+3i51g4OblqBDvcHn9NYgWRZfHj9AASANQjdsaAbkXuyKuO46hZqeWlpESAcD6a4Evam4fkm+kiZC0+rccb4cWgsuLwIDAQAB"''
# DMARC
''_dmarc.${cfg.domain}. IN TXT "v=DMARC1; p=none"''
];
2023-06-16 23:59:22 +00:00
skynet_dns.records.reverse = [
"${builtins.substring 9 3 cfg.host.ip} IN PTR ${cfg.sub}.${cfg.domain}."
];
mailserver = {
enable = true;
fqdn = "${cfg.sub}.${cfg.domain}";
domains = [
cfg.domain
];
#hierarchySeparator = "/";
# 100MB max size
messageSizeLimit = 100000000;
#localDnsResolver = false;
ldap = {
enable = true;
uris = cfg.ldap.hosts;
bind = {
dn = cfg.ldap.bind_dn;
passwordFile = config.age.secrets.ldap_pw.path;
};
searchBase = cfg.ldap.searchBase;
searchScope = "sub";
dovecot = {
#userAttrs = "uidNumber=uid,gidNumber=gid,skMail=mail";
# use the set email account
#userFilter = "(&(memberOf=cn=skynet-users,ou=groups,${cfg.ldap.base}))(uid=%n))";
#userFilter = "(&(objectClass=posixAccount)(uid=%u))";
userFilter = "(uid=%n)";
# "fix" until userAttrs is fixed
passAttrs = ''uid=user,userPassword=password
user_attrs = uidNumber=uid,gidNumber=gid
'';
passFilter = "(uid=%n)";
};
postfix = {
filter = "skMail=%s";
# these may be reversed???
# https://gist.github.com/calbrecht/bca39174f39a74e52a6d05bf630ad495
uidAttribute = "skMail";
mailAttribute = "uid";
};
};
# feckin spammers
rejectRecipients = [
];
};
# tune the spam filter
/*
services.rspamd.extraConfig = ''
actions {
reject = null; # Disable rejects, default is 15
add_header = 7; # Add header when reaching this score
greylist = 4; # Apply greylisting when reaching this score
}
'';
*/
};
}