{ config, lib, pkgs, self, ... }: let # Source: https://github.com/NixOS/nixpkgs/blob/nixos-22.11/nixos/modules/services/mail/mailman.nix#L9C10-L10 # webEnv is required by the mailman-uwsgi systemd service inherit (pkgs.mailmanPackages.buildEnvs {}) webEnv; in { networking.firewall.allowedTCPPorts = [25]; services.postfix = { enable = true; relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"]; # FIXME: get TLS certs for list.pub.solar from caddy #sslCert = config.security.acme.certs."lists.example.org".directory + "/full.pem"; #sslKey = config.security.acme.certs."lists.example.org".directory + "/key.pem"; config = { transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"]; local_recipient_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"]; }; }; services.mailman = { enable = true; # We use caddy instead of nginx #serve.enable = true; hyperkitty.enable = true; webHosts = ["list.pub.solar"]; siteOwner = "admins@pub.solar"; }; systemd.services.mailman-uwsgi = let uwsgiConfig.uwsgi = { type = "normal"; plugins = ["python3"]; home = webEnv; manage-script-name = true; mount = "/=mailman_web.wsgi:application"; http = "127.0.0.1:18507"; }; uwsgiConfigFile = pkgs.writeText "uwsgi-mailman.json" (builtins.toJSON uwsgiConfig); in { wantedBy = ["multi-user.target"]; after = ["postgresql.service"]; requires = ["mailman-web-setup.service" "postgresql.service"]; restartTriggers = [config.environment.etc."mailman3/settings.py".source]; serviceConfig = { # Since the mailman-web settings.py obstinately creates a logs # dir in the cwd, change to the (writable) runtime directory before # starting uwsgi. ExecStart = "${pkgs.coreutils}/bin/env -C $RUNTIME_DIRECTORY ${pkgs.uwsgi.override {plugins = ["python3"];}}/bin/uwsgi --json ${uwsgiConfigFile}"; User = "mailman-web"; Group = "mailman"; RuntimeDirectory = "mailman-uwsgi"; }; }; }