raphael/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(self_host/mail): correcting the connection to mailjet with agenix

Browse source
This commit is contained in:
Raphael 2025-10-16 22:04:11 +02:00
parent 625094c61c
commit 51e7b071dc
No known key found for this signature in database
1 changed files with 42 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

77
services/self_host/mail.nix
View file

@ -20,10 +20,17 @@ in
}; };
users.groups.vmail = { }; users.groups.vmail = { };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d /var/vmail 0750 vmail vmail - -" "d /run/dovecot 0755 dovecot dovecot - -"
"d /var/lib/postfix 0755 postfix postfix - -"
"d /var/lib/postfix/data 0755 postfix postfix - -"
"d /var/lib/postfix/queue 0755 root root - -"
"d /var/lib/postfix/queue/maildrop 0730 postfix postdrop - -"
"d /var/lib/postfix/queue/pid 0755 root root - -"
"d /var/lib/postfix/queue/private 0750 postfix postfix - -"
"d /var/lib/postfix/queue/public 0730 postfix postdrop - -"
"d /var/spool/postfix 0755 postfix postfix - -" "d /var/spool/postfix 0755 postfix postfix - -"
"d /var/spool/postfix/private 0750 postfix postfix - -" "d /var/spool/postfix/private 0750 postfix postfix - -"
"d /run/dovecot 0755 dovecot dovecot - -" "d /var/vmail 0750 vmail vmail - -"
]; ];
security.acme.certs."mail.enium.eu" = { security.acme.certs."mail.enium.eu" = {
@ -77,8 +84,8 @@ in
smtpd_tls_cert_file = "/var/lib/acme/mail.enium.eu/fullchain.pem"; smtpd_tls_cert_file = "/var/lib/acme/mail.enium.eu/fullchain.pem";
smtpd_tls_key_file = "/var/lib/acme/mail.enium.eu/key.pem"; smtpd_tls_key_file = "/var/lib/acme/mail.enium.eu/key.pem";
smtpd_milters = "unix:/run/rspamd/rspamd-milter.sock"; smtpd_milters = "unix:/run/rspamd/rspamd.sock";
non_smtpd_milters = "unix:/run/rspamd/rspamd-milter.sock"; non_smtpd_milters = "unix:/run/rspamd/rspamd.sock";
milter_protocol = "6"; milter_protocol = "6";
milter_default_action = "accept"; milter_default_action = "accept";
}; };
@ -101,21 +108,18 @@ in
}; };
}; };
# environment.etc."postfix-sasl_passwd" = { # environment.etc."postfix-sasl_passwd" = {
# text = "[in-v3.mailjet.com]:587 ${mailjetSecrets.smtpUser}:${mailjetSecrets.smtpPass}\n"; # text = "[in-v3.mailjet.com]:587 ${builtins.readFile mailjet-user}:${builtins.readFile mailjet-pass}\n";
# mode = "0600"; # mode = "0600";
# }; # };
environment.etc."postfix-recipient_access".text = '' environment.etc."postfix-recipient_access".text = ''
no-reply@enium.eu REJECT 550 Cette adresse nest pas autorise a recevoir de mail no-reply@enium.eu REJECT 550 Cette adresse nest pas autorise a recevoir de mail
''; '';
systemd.services.postfix.preStart = lib.mkMerge [ systemd.services.postfix.preStart = lib.mkMerge [
(lib.mkBefore ''
umask 077
install -d -m 0700 /var/lib/postfix
echo "[in-v3.mailjet.com]:587 $(cat ${mailjet-user}):$(cat ${mailjet-pass})" > /var/lib/postfix/sasl_passwd
${pkgs.postfix}/bin/postmap /var/lib/postfix/sasl_passwd
'')
(lib.mkAfter '' (lib.mkAfter ''
install -Dm600 /etc/postfix-sasl_passwd /var/lib/postfix/sasl_passwd umask 077
echo "[in-v3.mailjet.com]:587 $(cat ${config.age.secrets."mailjet-user".path}):$(cat ${config.age.secrets."mailjet-pass".path})" > /var/lib/postfix/sasl_passwd
chown postfix:postfix /var/lib/postfix/sasl_passwd
chmod 600 /var/lib/postfix/sasl_passwd
${pkgs.postfix}/bin/postmap /var/lib/postfix/sasl_passwd ${pkgs.postfix}/bin/postmap /var/lib/postfix/sasl_passwd
'') '')
(lib.mkAfter '' (lib.mkAfter ''
@ -188,12 +192,14 @@ in
''; '';
}; };
systemd.services.postfix.requires = [ systemd.services.postfix = {
"agenix.service" after = [
]; "rspamd.service"
systemd.services.postfix.after = [ ];
"agenix.service" requires = [
]; "rspamd.service"
];
};
systemd.services.dovecot.after = [ systemd.services.dovecot.after = [
"postfix-setup.service" "postfix-setup.service"
"postfix.service" "postfix.service"
@ -215,24 +221,17 @@ in
''; '';
environment.etc."postfix-sender_login".text = '' environment.etc."postfix-sender_login".text = ''
raphael@enium.eu raphael@enium.eu raphael@enium.eu raphael@enium.eu
no-reply@enium.eu raphael@enium.eu
direction@enium.eu raphael@enium.eu
recrutement@enium.eu raphael@enium.eu
contact@enium.eu raphael@enium.eu
benjamin@enium.eu benjamin@enium.eu benjamin@enium.eu benjamin@enium.eu
no-reply@enium.eu benjamin@enium.eu
direction@enium.eu benjamin@enium.eu no-reply@enium.eu raphael@enium.eu, benjamin@enium.eu
recrutement@enium.eu benjamin@enium.eu direction@enium.eu raphael@enium.eu, benjamin@enium.eu
contact@enium.eu benjamin@enium.eu recrutement@enium.eu raphael@enium.eu, benjamin@enium.eu
contact@enium.eu raphael@enium.eu, benjamin@enium.eu
''; '';
environment.etc."postfix-virtual".text = '' environment.etc."postfix-virtual".text = ''
direction@enium.eu raphael@enium.eu direction@enium.eu raphael@enium.eu, benjamin@enium.eu
recrutement@enium.eu raphael@enium.eu recrutement@enium.eu raphael@enium.eu, benjamin@enium.eu
contact@enium.eu raphael@enium.eu contact@enium.eu raphael@enium.eu, benjamin@enium.eu
direction@enium.eu benjamin@enium.eu
recrutement@enium.eu benjamin@enium.eu
contact@enium.eu benjamin@enium.eu
''; '';
services.nginx.virtualHosts."mail.enium.eu" = { services.nginx.virtualHosts."mail.enium.eu" = {
@ -240,8 +239,16 @@ in
enableACME = true; enableACME = true;
}; };
services.rspamd.enable = true; services.rspamd = {
enable = true;
extraConfig = ''
milter {
unix_permissions = 0660;
user = "rspamd";
group = "postfix";
}
'';
};
services.roundcube = { services.roundcube = {
enable = true; enable = true;
hostName = "mail.enium.eu"; hostName = "mail.enium.eu";