Skynet/nixos
6
1
Fork 0
Code Issues 43 Pull requests 1 Projects Releases Packages Wiki Activity Actions

email: updated email config

Browse source
This commit is contained in:
silver 2023-07-04 21:53:24 +01:00
parent ad1f5a8678
commit ccf78c06a4
3 changed files with 33 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

51
applications/email.nix
View file

@ -1,6 +1,15 @@
{ config, pkgs, lib, ...}: with lib; { config, pkgs, lib, ...}: with lib;
let let
cfg = config.services.skynet_email; cfg = config.services.skynet_email;
# create teh new strings
create_filter_array = map (x: "(memberOf=cn=${x},ou=groups,${cfg.ldap.base})");
create_filter_join = (x: concatStringsSep "" x);
# thought you could escape racket?
create_filter = (groups: create_filter_join (create_filter_array groups) );
in { in {
imports = [ imports = [
@ -31,7 +40,7 @@
domain = mkOption { domain = mkOption {
type = types.str; type = types.str;
default = "ulcompsoc.ie"; default = "skynet.ie";
description = lib.mdDoc "domaino"; description = lib.mdDoc "domaino";
}; };
@ -41,6 +50,19 @@
description = lib.mdDoc "mailserver subdomain"; description = lib.mdDoc "mailserver subdomain";
}; };
groups = mkOption {
type = types.listOf types.str;
default = [
# general skynet users
"skynet-users"
# C&S folsk get access
"skynet-cns"
# skynet service accounts
"skynet-service"
];
description = lib.mdDoc "Groups we want to allow access to the email";
};
ldap = { ldap = {
hosts = mkOption { hosts = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
@ -69,7 +91,6 @@
}; };
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -102,12 +123,8 @@
cfg.domain cfg.domain
]; ];
#hierarchySeparator = "/"; # 20MB max size
messageSizeLimit = 20000000;
# 100MB max size
messageSizeLimit = 100000000;
#localDnsResolver = false;
ldap = { ldap = {
enable = true; enable = true;
@ -116,37 +133,25 @@
dn = cfg.ldap.bind_dn; dn = cfg.ldap.bind_dn;
passwordFile = config.age.secrets.ldap_pw.path; passwordFile = config.age.secrets.ldap_pw.path;
}; };
searchBase = cfg.ldap.searchBase; searchBase = cfg.ldap.searchBase;
searchScope = "sub"; searchScope = "sub";
dovecot = { dovecot = {
#userAttrs = "uidNumber=uid,gidNumber=gid,skMail=mail";
# use the set email account
#userFilter = "(&(memberOf=cn=skynet-users,ou=groups,${cfg.ldap.base}))(uid=%n))";
#userFilter = "(&(objectClass=posixAccount)(uid=%u))";
userFilter = "(skMail=%u)"; userFilter = "(skMail=%u)";
# "fix" until userAttrs is fixed # accept emails in, but only allow access to paid up members
#passAttrs = ''uid=user,userPassword=password passFilter = "(&(|${create_filter cfg.groups})(skMail=%u))";
#user_attrs = uidNumber=uid,gidNumber=gid,mail=/var/vmail/%u/%d
#'';
passFilter = "(skMail=%u)";
}; };
postfix = { postfix = {
filter = "(skMail=%s)"; filter = "(skMail=%s)";
# these may be reversed???
# https://gist.github.com/calbrecht/bca39174f39a74e52a6d05bf630ad495
uidAttribute = "skMail"; uidAttribute = "skMail";
mailAttribute = "skMail"; mailAttribute = "skMail";
}; };
}; };
# feckin spammers # feckin spammers
rejectRecipients = [ rejectRecipients = [

6
flake.lock
View file

@ -280,11 +280,11 @@
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1684569145, "lastModified": 1688416558,
"narHash": "sha256-Dr8KAgjiGuigTgEp7zFO08zPA5o0RxzoPad+oDtg/G0=", "narHash": "sha256-v9UudcBYAHssB+e6Mip+5dOClFlPwy80wJjbpUMomJk=",
"owner": "mweinelt", "owner": "mweinelt",
"repo": "nixos-mailserver", "repo": "nixos-mailserver",
"rev": "5d13cf0550bd5b201b28f116acc5f4b19dd5d753", "rev": "a1c985f325300fc8bca3e8dfe5a9676c10ab1055",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {

2
machines/gir.nix
View file

@ -53,5 +53,7 @@ in {
# the name is used for dns # the name is used for dns
name = name; name = name;
}; };
domain = "ulcompsoc.ie";
}; };
} }