2023-01-31 20:25:45 +00:00
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
lib,
|
|
|
|
|
pkgs,
|
|
|
|
|
self,
|
|
|
|
|
...
|
2023-01-31 21:43:59 +00:00
|
|
|
}: let
|
2023-02-02 21:54:18 +00:00
|
|
|
# Source: https://github.com/NixOS/nixpkgs/blob/nixos-22.11/nixos/modules/services/mail/mailman.nix#L9C10-L10
|
|
|
|
|
# webEnv is required by the mailman-uwsgi systemd service
|
|
|
|
|
inherit (pkgs.mailmanPackages.buildEnvs {}) webEnv;
|
2023-01-31 21:43:59 +00:00
|
|
|
in {
|
2023-02-02 21:54:18 +00:00
|
|
|
networking.firewall.allowedTCPPorts = [25];
|
2023-01-31 20:25:45 +00:00
|
|
|
|
2023-02-01 17:58:09 +00:00
|
|
|
services.postfix = {
|
|
|
|
|
enable = true;
|
|
|
|
|
relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"];
|
2023-02-02 21:54:18 +00:00
|
|
|
# FIXME: get TLS certs for list.pub.solar from caddy
|
2023-02-01 17:58:09 +00:00
|
|
|
#sslCert = config.security.acme.certs."lists.example.org".directory + "/full.pem";
|
|
|
|
|
#sslKey = config.security.acme.certs."lists.example.org".directory + "/key.pem";
|
|
|
|
|
config = {
|
|
|
|
|
transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
|
|
|
|
|
local_recipient_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
|
2023-01-31 20:25:45 +00:00
|
|
|
};
|
2023-02-03 13:19:04 +00:00
|
|
|
rootAlias = "admins@pub.solar";
|
|
|
|
|
postmasterAlias = "admins@pub.solar";
|
|
|
|
|
hostname = "list.pub.solar";
|
2023-02-01 17:58:09 +00:00
|
|
|
};
|
2023-02-02 21:54:18 +00:00
|
|
|
|
2023-02-01 17:58:09 +00:00
|
|
|
services.mailman = {
|
|
|
|
|
enable = true;
|
2023-02-02 21:54:18 +00:00
|
|
|
# We use caddy instead of nginx
|
2023-02-01 17:58:09 +00:00
|
|
|
#serve.enable = true;
|
|
|
|
|
hyperkitty.enable = true;
|
|
|
|
|
webHosts = ["list.pub.solar"];
|
|
|
|
|
siteOwner = "admins@pub.solar";
|
|
|
|
|
};
|
2023-01-31 20:25:45 +00:00
|
|
|
|
2023-02-03 13:19:04 +00:00
|
|
|
# TODO add django-keycloak as auth provider
|
|
|
|
|
# https://django-keycloak.readthedocs.io/en/latest/
|
|
|
|
|
## Extend settings.py directly since this can't be done via JSON
|
|
|
|
|
## settings (services.mailman.webSettings)
|
|
|
|
|
#environment.etc."mailman3/settings.py".text = ''
|
|
|
|
|
# INSTALLED_APPS.extend([
|
|
|
|
|
# "allauth.socialaccount.providers.github",
|
|
|
|
|
# "allauth.socialaccount.providers.gitlab"
|
|
|
|
|
# ])
|
|
|
|
|
#'';
|
|
|
|
|
|
2023-02-02 21:54:18 +00:00
|
|
|
systemd.services.mailman-uwsgi = let
|
|
|
|
|
uwsgiConfig.uwsgi = {
|
|
|
|
|
type = "normal";
|
|
|
|
|
plugins = ["python3"];
|
|
|
|
|
home = webEnv;
|
|
|
|
|
manage-script-name = true;
|
|
|
|
|
mount = "/=mailman_web.wsgi:application";
|
|
|
|
|
http = "127.0.0.1:18507";
|
|
|
|
|
};
|
|
|
|
|
uwsgiConfigFile = pkgs.writeText "uwsgi-mailman.json" (builtins.toJSON uwsgiConfig);
|
|
|
|
|
in {
|
|
|
|
|
wantedBy = ["multi-user.target"];
|
|
|
|
|
after = ["postgresql.service"];
|
|
|
|
|
requires = ["mailman-web-setup.service" "postgresql.service"];
|
|
|
|
|
restartTriggers = [config.environment.etc."mailman3/settings.py".source];
|
|
|
|
|
serviceConfig = {
|
|
|
|
|
# Since the mailman-web settings.py obstinately creates a logs
|
|
|
|
|
# dir in the cwd, change to the (writable) runtime directory before
|
|
|
|
|
# starting uwsgi.
|
|
|
|
|
ExecStart = "${pkgs.coreutils}/bin/env -C $RUNTIME_DIRECTORY ${pkgs.uwsgi.override {plugins = ["python3"];}}/bin/uwsgi --json ${uwsgiConfigFile}";
|
|
|
|
|
User = "mailman-web";
|
|
|
|
|
Group = "mailman";
|
|
|
|
|
RuntimeDirectory = "mailman-uwsgi";
|
|
|
|
|
};
|
|
|
|
|
};
|
2023-01-31 20:25:45 +00:00
|
|
|
}
|
