diff options
| author | aszlig <aszlig@nix.build> | 2023-09-15 13:23:20 +0200 |
|---|---|---|
| committer | aszlig <aszlig@nix.build> | 2023-09-15 13:23:20 +0200 |
| commit | 387c4d910c51817cca1d7ac3a73318b9c06bea5e (patch) | |
| tree | 6244147c0b192e9f98eb726a31ac54fc4bda312a | |
| parent | 5b17b40e2d961c15261641940333822de2c4a1ab (diff) | |
machines: Remove "mailserver"
This one never was in use and it was WIP code to do a more fleshed out mailserver configuration that should match an Ansible deployment of a mailserver we had back then at OpenLab. The machine was never in use (which is apparent from its configuration) and I even *added* it to Vuizvui from "LaberNix" (Vuizvui's predecessor) in 915e56fb4453b0701a423b0c96fb145318162ffd probably just for the sake of completeness. Signed-off-by: aszlig <aszlig@nix.build>
| -rw-r--r-- | machines/default.nix | 3 | ||||
| -rw-r--r-- | machines/misc/mailserver.nix | 118 |
2 files changed, 0 insertions, 121 deletions
diff --git a/machines/default.nix b/machines/default.nix index fe4e82f0..8dcd8e0f 100644 --- a/machines/default.nix +++ b/machines/default.nix @@ -22,7 +22,4 @@ with import ../lib; ludwig = callMachine ./sternenseemann/ludwig.nix {}; wolfgang = callMachine ./sternenseemann/wolfgang.nix {}; }; - misc = { - mailserver = callMachine ./misc/mailserver.nix {}; - }; } diff --git a/machines/misc/mailserver.nix b/machines/misc/mailserver.nix deleted file mode 100644 index a9548fcb..00000000 --- a/machines/misc/mailserver.nix +++ /dev/null @@ -1,118 +0,0 @@ -{ config, pkgs, lib, ... }: let - vhostMap = { - smtpd_sender_login_maps = [ - "SELECT username AS allowedUser" - "FROM mailbox" - "WHERE username='%s' AND active = 1" - "UNION SELECT goto FROM alias" - "WHERE address='%s' AND active = 1" - ]; - - virtual_alias_maps = [ - "SELECT goto" - "FROM alias" - "WHERE address='%s' AND active = '1'" - ]; - - virtual_mailbox_domains = [ - "SELECT domain" - "FROM domain" - "WHERE domain='%s' AND active = '1'" - ]; - - virtual_mailbox_maps = [ - "SELECT maildir" - "FROM mailbox" - "WHERE username='%s' AND active = '1'" - ]; - }; - - mkDbMap = query: "proxy:pgsql:${pkgs.writeText "database.cf" '' - hosts = localhost - user = postfix - dbname = postfix - query = ${query} - ''}"; - -in { - services.spamassassin.enable = true; - - services.postfix.enable = true; - services.postfix.hostname = "mailtest.lan"; - - # TODO: This is a dummy, replace it once we know about the real root fs. - fileSystems."/".label = "root"; - boot.loader.grub.device = "nodev"; - - vuizvui.services.postfix.enable = true; - vuizvui.services.postfix.restrictions = { - sender = [ - "reject_authenticated_sender_login_mismatch" - "reject_unknown_sender_domain" - ]; - recipient = [ - "permit_sasl_authenticated" - "permit_mynetworks" - "reject_unauth_destination" - "reject_invalid_hostname" - "reject_non_fqdn_hostname" - "reject_non_fqdn_sender" - "reject_non_fqdn_recipient" - "reject_unknown_reverse_client_hostname" - ]; - helo = [ - "permit_sasl_authenticated" - "permit_mynetworks" - "reject_invalid_hostname" - "reject_unauth_pipelining" - "reject_non_fqdn_hostname" - ]; - }; - - services.postfix.extraConfig = '' - ${lib.concatStrings (lib.mapAttrsToList (cfgvar: query: '' - ${cfgvar} = ${mkDbMap (lib.concatStringsSep " " query)} - '') vhostMap)} - - # a bit more spam protection - disable_vrfy_command = yes - - smtpd_sasl_type=dovecot - smtpd_sasl_path=private/auth_dovecot XXXXXXXXXXXXXXX - smtpd_sasl_auth_enable = yes - smtpd_sasl_authenticated_header = yes - broken_sasl_auth_clients = yes - - proxy_read_maps = ${lib.concatStringsSep " " (map (s: "\$${s}") [ - "local_recipient_maps" "mydestination" "virtual_alias_maps" - "virtual_alias_domains" "virtual_mailbox_maps" "virtual_mailbox_domains" - "relay_recipient_maps" "relay_domains" "canonical_maps" - "sender_canonical_maps" "recipient_canonical_maps" "relocated_maps" - "transport_maps" "mynetworks" "smtpd_sender_login_maps" - ])} - - local_transport = virtual - virtual_transport = dovecot - - virtual_uid_maps = static:5000 XXXXXXXXXXXX - virtual_gid_maps = static:5000 XXXXXXXXXXXX - - smtpd_tls_cert_file=/etc/ssl/mail.crt XXXX: KEYS - smtpd_tls_key_file=/etc/ssl/mail.key XXXX: KEYS - smtpd_use_tls=yes - ''; - - services.postfix.extraMasterConf = '' - mailman unix - n n - - pipe - flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ''${nexthop} ''${user} - # ^^^ FIXME: maybe not needed! - - dovecot unix - n n - - pipe - flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ''${recipient} - # ^^^ FIXME: maybe not needed! - - spamassassin unix - n n - - pipe - user=${toString config.ids.uids.spamd} argv=${pkgs.spamassassin}/bin/spamc -f -e /var/setuid-wrappers/sendmail -oi -f ''${sender} ''${recipient} - # ^^^ FIXME: maybe not needed! - ''; -} |