raphael/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(mail/enium): add virtual mail adresses

Browse source 
- Now the mail can be send from different identities, recieve by the
users
This commit is contained in:
Raphael 2025-10-16 00:30:32 +02:00
parent 2a6d84aac6
commit 7e594e5869
No known key found for this signature in database
1 changed files with 54 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

69
services/self_host/mail.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
cfg = config.service.selfhost.mail; cfg = config.service.selfhost.mail;
@ -12,7 +17,7 @@ in
group = "vmail"; group = "vmail";
shell = "/run/current-system/sw/bin/nologin"; shell = "/run/current-system/sw/bin/nologin";
}; };
users.groups.vmail = {}; users.groups.vmail = { };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d /var/vmail 0750 vmail vmail - -" "d /var/vmail 0750 vmail vmail - -"
"d /var/spool/postfix 0755 postfix postfix - -" "d /var/spool/postfix 0755 postfix postfix - -"
@ -22,25 +27,31 @@ in
security.acme.certs."mail.enium.eu" = { security.acme.certs."mail.enium.eu" = {
group = "nginx"; group = "nginx";
reloadServices = [ "postfix.service" "dovecot.service" ]; reloadServices = [
"postfix.service"
"dovecot.service"
];
}; };
users.groups.nginx.members = [ "postfix" "dovecot" ]; users.groups.nginx.members = [
"postfix"
"dovecot"
];
services.postfix = { services.postfix = {
enable = true; enable = true;
rootAlias = "raphael@enium.eu"; rootAlias = "direction@enium.eu";
settings = { settings = {
main = { main = {
myhostname = "mail.enium.eu"; myhostname = "mail.enium.eu";
mydomain = "enium.eu"; mydomain = "enium.eu";
relayhost = [ relayhost = [
"[in-v3.mailjet.com]:587" "[in-v3.mailjet.com]:587"
]; ];
mydestination = "localhost"; mydestination = "localhost";
inet_interfaces = "all"; inet_interfaces = "all";
inet_protocols = "ipv4"; inet_protocols = "ipv4";
smtp_sasl_auth_enable = "yes"; smtp_sasl_auth_enable = "yes";
smtp_sasl_password_maps = "hash:/var/lib/postfix/sasl_passwd"; smtp_sasl_password_maps = "hash:/var/lib/postfix/sasl_passwd";
@ -55,6 +66,7 @@ in
virtual_mailbox_domains = "enium.eu"; virtual_mailbox_domains = "enium.eu";
virtual_transport = "lmtp:unix:/run/dovecot/lmtp"; virtual_transport = "lmtp:unix:/run/dovecot/lmtp";
virtual_mailbox_maps = "hash:/var/lib/postfix/vmailbox"; virtual_mailbox_maps = "hash:/var/lib/postfix/vmailbox";
virtual_alias_maps = "hash:/var/lib/postfix/virtual";
local_recipient_maps = ""; local_recipient_maps = "";
@ -62,7 +74,7 @@ in
smtpd_recipient_restrictions = "check_recipient_access hash:/var/lib/postfix/recipient_access"; smtpd_recipient_restrictions = "check_recipient_access hash:/var/lib/postfix/recipient_access";
smtpd_tls_cert_file = "/var/lib/acme/mail.enium.eu/fullchain.pem"; smtpd_tls_cert_file = "/var/lib/acme/mail.enium.eu/fullchain.pem";
smtpd_tls_key_file = "/var/lib/acme/mail.enium.eu/key.pem"; smtpd_tls_key_file = "/var/lib/acme/mail.enium.eu/key.pem";
smtpd_milters = "unix:/run/rspamd/rspamd-milter.sock"; smtpd_milters = "unix:/run/rspamd/rspamd-milter.sock";
non_smtpd_milters = "unix:/run/rspamd/rspamd-milter.sock"; non_smtpd_milters = "unix:/run/rspamd/rspamd-milter.sock";
@ -72,7 +84,7 @@ in
master."submission" = { master."submission" = {
type = "inet"; type = "inet";
private = false; private = false;
chroot = false; chroot = false;
command = "smtpd"; command = "smtpd";
args = [ args = [
"-o" "smtpd_recipient_restrictions=permit_sasl_authenticated,reject" "-o" "smtpd_recipient_restrictions=permit_sasl_authenticated,reject"
@ -87,10 +99,6 @@ in
}; };
}; };
}; };
environment.etc."postfix-sender_login".text = ''
raphael@enium.eu raphael@enium.eu
no-reply@enium.eu raphael@enium.eu
'';
environment.etc."postfix-sasl_passwd" = { environment.etc."postfix-sasl_passwd" = {
text = "[in-v3.mailjet.com]:587 ${mailjetSecrets.smtpUser}:${mailjetSecrets.smtpPass}\n"; text = "[in-v3.mailjet.com]:587 ${mailjetSecrets.smtpUser}:${mailjetSecrets.smtpPass}\n";
mode = "0600"; mode = "0600";
@ -115,6 +123,10 @@ in
install -Dm644 /etc/postfix-vmailbox /var/lib/postfix/vmailbox install -Dm644 /etc/postfix-vmailbox /var/lib/postfix/vmailbox
${pkgs.postfix}/bin/postmap /var/lib/postfix/vmailbox ${pkgs.postfix}/bin/postmap /var/lib/postfix/vmailbox
'') '')
(lib.mkAfter ''
install -Dm644 /etc/postfix-virtual /var/lib/postfix/virtual
${pkgs.postfix}/bin/postmap /var/lib/postfix/virtual
'')
]; ];
services.dovecot2 = { services.dovecot2 = {
@ -122,7 +134,7 @@ in
enableImap = true; enableImap = true;
mailLocation = "maildir:/var/vmail/%d/%n"; mailLocation = "maildir:/var/vmail/%d/%n";
sslServerCert = "/var/lib/acme/mail.enium.eu/fullchain.pem"; sslServerCert = "/var/lib/acme/mail.enium.eu/fullchain.pem";
sslServerKey = "/var/lib/acme/mail.enium.eu/key.pem"; sslServerKey = "/var/lib/acme/mail.enium.eu/key.pem";
extraConfig = '' extraConfig = ''
disable_plaintext_auth = yes disable_plaintext_auth = yes
auth_mechanisms = plain login auth_mechanisms = plain login
@ -180,9 +192,34 @@ in
# doveadm pw -s SHA512-CRYPT # doveadm pw -s SHA512-CRYPT
environment.etc."dovecot/users".text = '' environment.etc."dovecot/users".text = ''
raphael@enium.eu:{SHA512-CRYPT}$6$rIsn6/dLJ6MbITx5$vMo82dgkQZoV8BQIaO6Bs9J86ZjgcJ.LqMuIqnXVfuBRgZOqY/YiURBUOcS1P2wAo5h4TCFkKExfcjjX1reUU. raphael@enium.eu:{SHA512-CRYPT}$6$rIsn6/dLJ6MbITx5$vMo82dgkQZoV8BQIaO6Bs9J86ZjgcJ.LqMuIqnXVfuBRgZOqY/YiURBUOcS1P2wAo5h4TCFkKExfcjjX1reUU.
benjamin@enium.eu:{SHA512-CRYPT}$6$.34vS2JkrmGnioYo$pUF.vN5Q3njn5WRTLdMU5n7vGJdwk64bB/si0vQXFw.ioky4xlHUVocFXC8GI9wkVJNif.2kHvAYEcEtXvU2I0
deborah@enium.eu:{SHA512-CRYPT}$6$IZ7Dd31uZ4VKzz04$z5IhS25Jve8KsX0GIIXB8GUiPYd3eSuxlDz9RZQHa2tE4hptgtXQVU3av42MIRpaN9GPqG9iM6jiQUwRZ9V39/
''; '';
environment.etc."postfix-vmailbox".text = '' environment.etc."postfix-vmailbox".text = ''
raphael@enium.eu enium.eu/raphael/ raphael@enium.eu enium.eu/raphael/
benjamin@enium.eu enium.eu/benjamin/
deborah@enium.eu enium.eu/deborah/
'';
environment.etc."postfix-sender_login".text = ''
raphael@enium.eu raphael@enium.eu
no-reply@enium.eu raphael@enium.eu
direction@enium.eu raphael@enium.eu
recrutement@enium.eu raphael@enium.eu
contact@enium.eu raphael@enium.eu
benjamin@enium.eu benjamin@enium.eu
no-reply@enium.eu benjamin@enium.eu
direction@enium.eu benjamin@enium.eu
recrutement@enium.eu benjamin@enium.eu
contact@enium.eu benjamin@enium.eu
'';
environment.etc."postfix-virtual".text = ''
direction@enium.eu raphael@enium.eu
recrutement@enium.eu raphael@enium.eu
contact@enium.eu raphael@enium.eu
direction@enium.eu benjamin@enium.eu
recrutement@enium.eu benjamin@enium.eu
contact@enium.eu benjamin@enium.eu
''; '';
services.nginx.virtualHosts."mail.enium.eu" = { services.nginx.virtualHosts."mail.enium.eu" = {