email: this will allow folks with permission to send mail as the service accounts
This commit is contained in:
parent
827b109a25
commit
d2ece41ace
1 changed files with 101 additions and 21 deletions
|
@ -17,11 +17,104 @@ with lib; let
|
||||||
create_filter = groups: create_filter_join (create_filter_array groups);
|
create_filter = groups: create_filter_join (create_filter_array groups);
|
||||||
|
|
||||||
# using +mailbox puts the mail in a seperate folder
|
# using +mailbox puts the mail in a seperate folder
|
||||||
create_skynet_email_int = accounts: mailbox: (map (account: "${account}+${mailbox}@skynet.ie") accounts);
|
create_skynet_email_int = accounts: mailbox: (map (account: "${account}@skynet.ie") accounts);
|
||||||
groups_to_accounts = groups: builtins.concatMap (x: config.skynet.users.${x}) groups;
|
groups_to_accounts = groups: builtins.concatMap (x: config.skynet.users.${x}) groups;
|
||||||
create_skynet_email_attribute = mailbox: groups: (create_skynet_email_int (groups_to_accounts groups) mailbox) ++ ["int_${mailbox}@skynet.ie"];
|
create_skynet_email_attribute = mailbox: groups: (create_skynet_email_int (groups_to_accounts groups) mailbox) ++ ["int_${mailbox}@skynet.ie"];
|
||||||
# { mailbox = [users]}
|
create_skynet_email = mailbox: groups: {
|
||||||
create_skynet_email = mailbox: groups: {"${mailbox}@skynet.ie" = create_skynet_email_attribute mailbox groups;};
|
name = "${mailbox}@skynet.ie";
|
||||||
|
value = create_skynet_email_attribute mailbox groups;
|
||||||
|
};
|
||||||
|
create_skynet_service_mailboxes = builtins.listToAttrs (map (mailbox: (create_skynet_email mailbox.account mailbox.members)) service_mailboxes);
|
||||||
|
|
||||||
|
create_config_to = concatStringsSep "\",\"" (map (mailbox: "${mailbox.account}") service_mailboxes);
|
||||||
|
|
||||||
|
service_mailboxes = [
|
||||||
|
{
|
||||||
|
account = "root";
|
||||||
|
members = ["admin"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
account = "abuse";
|
||||||
|
members = ["admin"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
account = "accounts";
|
||||||
|
members = ["committee"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
account = "compsoc";
|
||||||
|
members = ["committee"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
account = "contact";
|
||||||
|
members = ["committee"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
account = "dbadmin";
|
||||||
|
members = ["admin"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
account = "dnsadm";
|
||||||
|
members = ["admin"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
account = "hostmaster";
|
||||||
|
members = ["admin"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
account = "intersocsrep";
|
||||||
|
members = ["committee"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
account = "mailman";
|
||||||
|
members = ["admin"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
account = "security";
|
||||||
|
members = ["admin"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
account = "sysadm";
|
||||||
|
members = ["admin"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
account = "webadmin";
|
||||||
|
members = ["admin"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
account = "pycon2023";
|
||||||
|
members = ["committee"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
account = "skynet_topdesk";
|
||||||
|
members = ["admin"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
account = "topdesk";
|
||||||
|
members = ["admin"];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
configFile =
|
||||||
|
pkgs.writeText "basic_sieve"
|
||||||
|
''
|
||||||
|
require "copy";
|
||||||
|
require "mailbox";
|
||||||
|
require "imap4flags";
|
||||||
|
require ["fileinto", "reject"];
|
||||||
|
require "variables";
|
||||||
|
require "regex";
|
||||||
|
|
||||||
|
# this should be close to teh last step
|
||||||
|
if allof (
|
||||||
|
address :localpart ["To"] ["${toString create_config_to}"],
|
||||||
|
address :domain ["To"] "skynet.ie"
|
||||||
|
){
|
||||||
|
if address :matches ["To"] "*@skynet.ie" {
|
||||||
|
fileinto :create "''${1}";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
'';
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
./dns.nix
|
./dns.nix
|
||||||
|
@ -262,24 +355,7 @@ in {
|
||||||
|
|
||||||
lmtpSaveToDetailMailbox = "yes";
|
lmtpSaveToDetailMailbox = "yes";
|
||||||
|
|
||||||
extraVirtualAliases =
|
extraVirtualAliases = create_skynet_service_mailboxes;
|
||||||
{}
|
|
||||||
// create_skynet_email "root" ["admin"]
|
|
||||||
// create_skynet_email "abuse" ["admin"]
|
|
||||||
// create_skynet_email "accounts" ["committee"]
|
|
||||||
// create_skynet_email "compsoc" ["committee"]
|
|
||||||
// create_skynet_email "contact" ["committee"]
|
|
||||||
// create_skynet_email "dbadmin" ["admin"]
|
|
||||||
// create_skynet_email "dnsadm" ["admin"]
|
|
||||||
// create_skynet_email "hostmaster" ["admin"]
|
|
||||||
// create_skynet_email "intersocsrep" ["committee"]
|
|
||||||
// create_skynet_email "mailman" ["admin"]
|
|
||||||
// create_skynet_email "security" ["admin"]
|
|
||||||
// create_skynet_email "sysadm" ["admin"]
|
|
||||||
// create_skynet_email "webadmin" ["admin"]
|
|
||||||
// create_skynet_email "pycon2023" ["committee"]
|
|
||||||
// create_skynet_email "skynet_topdesk" ["admin"]
|
|
||||||
// create_skynet_email "topdesk" ["admin"];
|
|
||||||
|
|
||||||
# use the letsencrypt certs
|
# use the letsencrypt certs
|
||||||
certificateScheme = "acme";
|
certificateScheme = "acme";
|
||||||
|
@ -320,6 +396,10 @@ in {
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.dovecot2.sieveScripts = {
|
||||||
|
before = configFile;
|
||||||
|
};
|
||||||
|
|
||||||
# tune the spam filter
|
# tune the spam filter
|
||||||
/*
|
/*
|
||||||
services.rspamd.extraConfig = ''
|
services.rspamd.extraConfig = ''
|
||||||
|
|
Loading…
Reference in a new issue