email: updated email config
This commit is contained in:
parent
ad1f5a8678
commit
ccf78c06a4
3 changed files with 33 additions and 26 deletions
|
|
@ -1,6 +1,15 @@
|
|||
{ config, pkgs, lib, ...}: with lib;
|
||||
let
|
||||
cfg = config.services.skynet_email;
|
||||
|
||||
# create teh new strings
|
||||
create_filter_array = map (x: "(memberOf=cn=${x},ou=groups,${cfg.ldap.base})");
|
||||
|
||||
create_filter_join = (x: concatStringsSep "" x);
|
||||
|
||||
# thought you could escape racket?
|
||||
create_filter = (groups: create_filter_join (create_filter_array groups) );
|
||||
|
||||
in {
|
||||
|
||||
imports = [
|
||||
|
|
@ -31,7 +40,7 @@
|
|||
|
||||
domain = mkOption {
|
||||
type = types.str;
|
||||
default = "ulcompsoc.ie";
|
||||
default = "skynet.ie";
|
||||
description = lib.mdDoc "domaino";
|
||||
};
|
||||
|
||||
|
|
@ -41,6 +50,19 @@
|
|||
description = lib.mdDoc "mailserver subdomain";
|
||||
};
|
||||
|
||||
groups = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [
|
||||
# general skynet users
|
||||
"skynet-users"
|
||||
# C&S folsk get access
|
||||
"skynet-cns"
|
||||
# skynet service accounts
|
||||
"skynet-service"
|
||||
];
|
||||
description = lib.mdDoc "Groups we want to allow access to the email";
|
||||
};
|
||||
|
||||
ldap = {
|
||||
hosts = mkOption {
|
||||
type = types.listOf types.str;
|
||||
|
|
@ -69,7 +91,6 @@
|
|||
};
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
|
@ -102,12 +123,8 @@
|
|||
cfg.domain
|
||||
];
|
||||
|
||||
#hierarchySeparator = "/";
|
||||
|
||||
# 100MB max size
|
||||
messageSizeLimit = 100000000;
|
||||
|
||||
#localDnsResolver = false;
|
||||
# 20MB max size
|
||||
messageSizeLimit = 20000000;
|
||||
|
||||
ldap = {
|
||||
enable = true;
|
||||
|
|
@ -116,37 +133,25 @@
|
|||
dn = cfg.ldap.bind_dn;
|
||||
passwordFile = config.age.secrets.ldap_pw.path;
|
||||
};
|
||||
|
||||
searchBase = cfg.ldap.searchBase;
|
||||
searchScope = "sub";
|
||||
|
||||
|
||||
dovecot = {
|
||||
#userAttrs = "uidNumber=uid,gidNumber=gid,skMail=mail";
|
||||
# use the set email account
|
||||
#userFilter = "(&(memberOf=cn=skynet-users,ou=groups,${cfg.ldap.base}))(uid=%n))";
|
||||
#userFilter = "(&(objectClass=posixAccount)(uid=%u))";
|
||||
userFilter = "(skMail=%u)";
|
||||
|
||||
# "fix" until userAttrs is fixed
|
||||
#passAttrs = ''uid=user,userPassword=password
|
||||
#user_attrs = uidNumber=uid,gidNumber=gid,mail=/var/vmail/%u/%d
|
||||
#'';
|
||||
passFilter = "(skMail=%u)";
|
||||
# accept emails in, but only allow access to paid up members
|
||||
passFilter = "(&(|${create_filter cfg.groups})(skMail=%u))";
|
||||
};
|
||||
|
||||
postfix = {
|
||||
filter = "(skMail=%s)";
|
||||
|
||||
# these may be reversed???
|
||||
# https://gist.github.com/calbrecht/bca39174f39a74e52a6d05bf630ad495
|
||||
uidAttribute = "skMail";
|
||||
mailAttribute = "skMail";
|
||||
};
|
||||
|
||||
|
||||
};
|
||||
|
||||
|
||||
# feckin spammers
|
||||
rejectRecipients = [
|
||||
|
||||
|
|
|
|||
|
|
@ -280,11 +280,11 @@
|
|||
"utils": "utils"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1684569145,
|
||||
"narHash": "sha256-Dr8KAgjiGuigTgEp7zFO08zPA5o0RxzoPad+oDtg/G0=",
|
||||
"lastModified": 1688416558,
|
||||
"narHash": "sha256-v9UudcBYAHssB+e6Mip+5dOClFlPwy80wJjbpUMomJk=",
|
||||
"owner": "mweinelt",
|
||||
"repo": "nixos-mailserver",
|
||||
"rev": "5d13cf0550bd5b201b28f116acc5f4b19dd5d753",
|
||||
"rev": "a1c985f325300fc8bca3e8dfe5a9676c10ab1055",
|
||||
"type": "gitlab"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
|||
|
|
@ -53,5 +53,7 @@ in {
|
|||
# the name is used for dns
|
||||
name = name;
|
||||
};
|
||||
|
||||
domain = "ulcompsoc.ie";
|
||||
};
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue