From 2916ca4cd3af101f25df4b3ebd2ece894c88cefc Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 29 Oct 2023 00:31:09 +0200 Subject: [PATCH] feat: mailman initial commit --- hosts/nachtigall/apps/mailman.nix | 69 +++++++++++++++++++++++++++++++ hosts/nachtigall/default.nix | 3 +- 2 files changed, 71 insertions(+), 1 deletion(-) create mode 100644 hosts/nachtigall/apps/mailman.nix diff --git a/hosts/nachtigall/apps/mailman.nix b/hosts/nachtigall/apps/mailman.nix new file mode 100644 index 00000000..b01b3808 --- /dev/null +++ b/hosts/nachtigall/apps/mailman.nix @@ -0,0 +1,69 @@ +{ + flake, + config, + lib, + pkgs, + ... +}: +{ + networking.firewall.allowedTCPPorts = [25]; + + services.postfix = { + enable = true; + relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"]; + # get TLS certs for list.pub.solar from acme + sslCert = "/var/lib/acme/list.pub.solar/fullchain.pem"; + sslKey = "/var/lib/acme/list.pub.solar/key.pem"; + config = { + transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"]; + local_recipient_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"]; + }; + rootAlias = "admins@pub.solar"; + postmasterAlias = "admins@pub.solar"; + hostname = "list.pub.solar"; + }; + + systemd.paths.watcher-acme-ssl-file = { + description = "Watches for changes in acme's TLS cert file (after renewals) to reload postfix"; + documentation = ["systemd.path(5)"]; + partOf = ["postfix-reload.service"]; + pathConfig = { + PathChanged = "/var/lib/acme/list.pub.solar/fullchain.pem"; + Unit = "postfix-reload.service"; + }; + wantedBy = ["multi-user.target"]; + }; + + systemd.services."postfix-reload" = { + description = "Reloads postfix config, e.g. after TLS certs change, notified by watcher-acme-ssl-file.path"; + documentation = ["systemd.path(5)"]; + requires = ["postfix.service"]; + after = ["postfix.service"]; + startLimitIntervalSec = 10; + startLimitBurst = 5; + serviceConfig.Type = "oneshot"; + script = '' + ${pkgs.systemd}/bin/systemctl reload postfix + ''; + wantedBy = ["multi-user.target"]; + }; + + services.mailman = { + enable = true; + serve.enable = true; + hyperkitty.enable = true; + webHosts = ["list.pub.solar"]; + siteOwner = "admins@pub.solar"; + }; + + # TODO add django-keycloak as auth provider + # https://django-keycloak.readthedocs.io/en/latest/ + ## Extend settings.py directly since this can't be done via JSON + ## settings (services.mailman.webSettings) + #environment.etc."mailman3/settings.py".text = '' + # INSTALLED_APPS.extend([ + # "allauth.socialaccount.providers.github", + # "allauth.socialaccount.providers.gitlab" + # ]) + #''; +} diff --git a/hosts/nachtigall/default.nix b/hosts/nachtigall/default.nix index 5ee4ba96..451acdea 100644 --- a/hosts/nachtigall/default.nix +++ b/hosts/nachtigall/default.nix @@ -11,10 +11,11 @@ ./apps/nginx.nix ./apps/keycloak.nix + ./apps/mailman.nix + ./apps/mastodon.nix ./apps/nginx-mastodon.nix ./apps/nginx-mastodon-files.nix ./apps/nginx-website.nix - ./apps/mastodon.nix ./apps/opensearch.nix ./apps/postgresql.nix ./apps/forgejo.nix