feat: mailman #27
69
hosts/nachtigall/apps/mailman.nix
Normal file
69
hosts/nachtigall/apps/mailman.nix
Normal file
|
@ -0,0 +1,69 @@
|
|||
{
|
||||
flake,
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
{
|
||||
networking.firewall.allowedTCPPorts = [25];
|
||||
|
||||
services.postfix = {
|
||||
enable = true;
|
||||
relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"];
|
||||
# get TLS certs for list.pub.solar from acme
|
||||
sslCert = "/var/lib/acme/list.pub.solar/fullchain.pem";
|
||||
sslKey = "/var/lib/acme/list.pub.solar/key.pem";
|
||||
config = {
|
||||
transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
|
||||
local_recipient_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
|
||||
};
|
||||
rootAlias = "admins@pub.solar";
|
||||
postmasterAlias = "admins@pub.solar";
|
||||
hostname = "list.pub.solar";
|
||||
};
|
||||
|
||||
systemd.paths.watcher-acme-ssl-file = {
|
||||
description = "Watches for changes in acme's TLS cert file (after renewals) to reload postfix";
|
||||
documentation = ["systemd.path(5)"];
|
||||
partOf = ["postfix-reload.service"];
|
||||
pathConfig = {
|
||||
PathChanged = "/var/lib/acme/list.pub.solar/fullchain.pem";
|
||||
Unit = "postfix-reload.service";
|
||||
};
|
||||
wantedBy = ["multi-user.target"];
|
||||
};
|
||||
|
||||
systemd.services."postfix-reload" = {
|
||||
description = "Reloads postfix config, e.g. after TLS certs change, notified by watcher-acme-ssl-file.path";
|
||||
documentation = ["systemd.path(5)"];
|
||||
requires = ["postfix.service"];
|
||||
after = ["postfix.service"];
|
||||
startLimitIntervalSec = 10;
|
||||
startLimitBurst = 5;
|
||||
serviceConfig.Type = "oneshot";
|
||||
script = ''
|
||||
${pkgs.systemd}/bin/systemctl reload postfix
|
||||
'';
|
||||
wantedBy = ["multi-user.target"];
|
||||
};
|
||||
|
||||
services.mailman = {
|
||||
enable = true;
|
||||
serve.enable = true;
|
||||
hyperkitty.enable = true;
|
||||
webHosts = ["list.pub.solar"];
|
||||
siteOwner = "admins@pub.solar";
|
||||
};
|
||||
|
||||
# TODO add django-keycloak as auth provider
|
||||
# https://django-keycloak.readthedocs.io/en/latest/
|
||||
## Extend settings.py directly since this can't be done via JSON
|
||||
## settings (services.mailman.webSettings)
|
||||
#environment.etc."mailman3/settings.py".text = ''
|
||||
# INSTALLED_APPS.extend([
|
||||
# "allauth.socialaccount.providers.github",
|
||||
# "allauth.socialaccount.providers.gitlab"
|
||||
# ])
|
||||
#'';
|
||||
}
|
|
@ -11,10 +11,11 @@
|
|||
./apps/nginx.nix
|
||||
|
||||
./apps/keycloak.nix
|
||||
./apps/mailman.nix
|
||||
./apps/mastodon.nix
|
||||
./apps/nginx-mastodon.nix
|
||||
./apps/nginx-mastodon-files.nix
|
||||
./apps/nginx-website.nix
|
||||
./apps/mastodon.nix
|
||||
./apps/opensearch.nix
|
||||
./apps/postgresql.nix
|
||||
./apps/forgejo.nix
|
||||
|
|
Loading…
Reference in a new issue