1
0
Fork 0
forked from pub-solar/infra

Merge pull request 'feat: mailman' (#27) from feat/mailman into main

Reviewed-on: pub-solar/infra-new#27
Reviewed-by: b12f <hello@benjaminbaedorf.eu>
This commit is contained in:
b12f 2023-10-29 00:47:09 +00:00
commit a601ae4606
Signed by: pub.solar gitea
GPG key ID: F0332B04B7054873
2 changed files with 71 additions and 1 deletions

View file

@ -0,0 +1,69 @@
{
flake,
config,
lib,
pkgs,
...
}:
{
networking.firewall.allowedTCPPorts = [25];
services.postfix = {
enable = true;
relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"];
# get TLS certs for list.pub.solar from acme
sslCert = "/var/lib/acme/list.pub.solar/fullchain.pem";
sslKey = "/var/lib/acme/list.pub.solar/key.pem";
config = {
transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
local_recipient_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
};
rootAlias = "admins@pub.solar";
postmasterAlias = "admins@pub.solar";
hostname = "list.pub.solar";
};
systemd.paths.watcher-acme-ssl-file = {
description = "Watches for changes in acme's TLS cert file (after renewals) to reload postfix";
documentation = ["systemd.path(5)"];
partOf = ["postfix-reload.service"];
pathConfig = {
PathChanged = "/var/lib/acme/list.pub.solar/fullchain.pem";
Unit = "postfix-reload.service";
};
wantedBy = ["multi-user.target"];
};
systemd.services."postfix-reload" = {
description = "Reloads postfix config, e.g. after TLS certs change, notified by watcher-acme-ssl-file.path";
documentation = ["systemd.path(5)"];
requires = ["postfix.service"];
after = ["postfix.service"];
startLimitIntervalSec = 10;
startLimitBurst = 5;
serviceConfig.Type = "oneshot";
script = ''
${pkgs.systemd}/bin/systemctl reload postfix
'';
wantedBy = ["multi-user.target"];
};
services.mailman = {
enable = true;
serve.enable = true;
hyperkitty.enable = true;
webHosts = ["list.pub.solar"];
siteOwner = "admins@pub.solar";
};
# TODO add django-keycloak as auth provider
# https://django-keycloak.readthedocs.io/en/latest/
## Extend settings.py directly since this can't be done via JSON
## settings (services.mailman.webSettings)
#environment.etc."mailman3/settings.py".text = ''
# INSTALLED_APPS.extend([
# "allauth.socialaccount.providers.github",
# "allauth.socialaccount.providers.gitlab"
# ])
#'';
}

View file

@ -11,10 +11,11 @@
./apps/nginx.nix
./apps/keycloak.nix
./apps/mailman.nix
./apps/mastodon.nix
./apps/nginx-mastodon.nix
./apps/nginx-mastodon-files.nix
./apps/nginx-website.nix
./apps/mastodon.nix
./apps/opensearch.nix
./apps/postgresql.nix
./apps/forgejo.nix