email: this will allow folks with permission to send mail as the service accounts

This commit is contained in:
silver 2023-10-23 18:29:22 +01:00
parent 827b109a25
commit d2ece41ace

View file

@ -17,11 +17,104 @@ with lib; let
create_filter = groups: create_filter_join (create_filter_array groups); create_filter = groups: create_filter_join (create_filter_array groups);
# using +mailbox puts the mail in a seperate folder # using +mailbox puts the mail in a seperate folder
create_skynet_email_int = accounts: mailbox: (map (account: "${account}+${mailbox}@skynet.ie") accounts); create_skynet_email_int = accounts: mailbox: (map (account: "${account}@skynet.ie") accounts);
groups_to_accounts = groups: builtins.concatMap (x: config.skynet.users.${x}) groups; groups_to_accounts = groups: builtins.concatMap (x: config.skynet.users.${x}) groups;
create_skynet_email_attribute = mailbox: groups: (create_skynet_email_int (groups_to_accounts groups) mailbox) ++ ["int_${mailbox}@skynet.ie"]; create_skynet_email_attribute = mailbox: groups: (create_skynet_email_int (groups_to_accounts groups) mailbox) ++ ["int_${mailbox}@skynet.ie"];
# { mailbox = [users]} create_skynet_email = mailbox: groups: {
create_skynet_email = mailbox: groups: {"${mailbox}@skynet.ie" = create_skynet_email_attribute mailbox groups;}; name = "${mailbox}@skynet.ie";
value = create_skynet_email_attribute mailbox groups;
};
create_skynet_service_mailboxes = builtins.listToAttrs (map (mailbox: (create_skynet_email mailbox.account mailbox.members)) service_mailboxes);
create_config_to = concatStringsSep "\",\"" (map (mailbox: "${mailbox.account}") service_mailboxes);
service_mailboxes = [
{
account = "root";
members = ["admin"];
}
{
account = "abuse";
members = ["admin"];
}
{
account = "accounts";
members = ["committee"];
}
{
account = "compsoc";
members = ["committee"];
}
{
account = "contact";
members = ["committee"];
}
{
account = "dbadmin";
members = ["admin"];
}
{
account = "dnsadm";
members = ["admin"];
}
{
account = "hostmaster";
members = ["admin"];
}
{
account = "intersocsrep";
members = ["committee"];
}
{
account = "mailman";
members = ["admin"];
}
{
account = "security";
members = ["admin"];
}
{
account = "sysadm";
members = ["admin"];
}
{
account = "webadmin";
members = ["admin"];
}
{
account = "pycon2023";
members = ["committee"];
}
{
account = "skynet_topdesk";
members = ["admin"];
}
{
account = "topdesk";
members = ["admin"];
}
];
configFile =
pkgs.writeText "basic_sieve"
''
require "copy";
require "mailbox";
require "imap4flags";
require ["fileinto", "reject"];
require "variables";
require "regex";
# this should be close to teh last step
if allof (
address :localpart ["To"] ["${toString create_config_to}"],
address :domain ["To"] "skynet.ie"
){
if address :matches ["To"] "*@skynet.ie" {
fileinto :create "''${1}";
}
}
'';
in { in {
imports = [ imports = [
./dns.nix ./dns.nix
@ -262,24 +355,7 @@ in {
lmtpSaveToDetailMailbox = "yes"; lmtpSaveToDetailMailbox = "yes";
extraVirtualAliases = extraVirtualAliases = create_skynet_service_mailboxes;
{}
// create_skynet_email "root" ["admin"]
// create_skynet_email "abuse" ["admin"]
// create_skynet_email "accounts" ["committee"]
// create_skynet_email "compsoc" ["committee"]
// create_skynet_email "contact" ["committee"]
// create_skynet_email "dbadmin" ["admin"]
// create_skynet_email "dnsadm" ["admin"]
// create_skynet_email "hostmaster" ["admin"]
// create_skynet_email "intersocsrep" ["committee"]
// create_skynet_email "mailman" ["admin"]
// create_skynet_email "security" ["admin"]
// create_skynet_email "sysadm" ["admin"]
// create_skynet_email "webadmin" ["admin"]
// create_skynet_email "pycon2023" ["committee"]
// create_skynet_email "skynet_topdesk" ["admin"]
// create_skynet_email "topdesk" ["admin"];
# use the letsencrypt certs # use the letsencrypt certs
certificateScheme = "acme"; certificateScheme = "acme";
@ -320,6 +396,10 @@ in {
]; ];
}; };
services.dovecot2.sieveScripts = {
before = configFile;
};
# tune the spam filter # tune the spam filter
/* /*
services.rspamd.extraConfig = '' services.rspamd.extraConfig = ''