diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2016-04-27 17:41:25 +0200 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2016-04-27 17:41:25 +0200 |
commit | 63758d900960edbad9c64e62de1f48352acd9036 (patch) | |
tree | 348cd6f3964f0f5c27e7f039863266dd36c1a688 | |
parent | 4e3549eb2bcd6817dcbd52791815c322140c1140 (diff) | |
download | nixos-63758d900960edbad9c64e62de1f48352acd9036.tar nixos-63758d900960edbad9c64e62de1f48352acd9036.tar.gz nixos-63758d900960edbad9c64e62de1f48352acd9036.tar.bz2 nixos-63758d900960edbad9c64e62de1f48352acd9036.tar.xz nixos-63758d900960edbad9c64e62de1f48352acd9036.zip |
smtp auth
-rw-r--r-- | users/gkleen.nix | 2 | ||||
-rw-r--r-- | ymir.nix | 20 |
2 files changed, 21 insertions, 1 deletions
diff --git a/users/gkleen.nix b/users/gkleen.nix index 8ee951d6..8be90851 100644 --- a/users/gkleen.nix +++ b/users/gkleen.nix | |||
@@ -1,7 +1,7 @@ | |||
1 | { | 1 | { |
2 | name = "gkleen"; | 2 | name = "gkleen"; |
3 | description = "Gregor Kleen"; | 3 | description = "Gregor Kleen"; |
4 | extraGroups = [ "wheel" "wlan" "lp" "dialout" "audio" "xmpp" ]; | 4 | extraGroups = [ "wheel" "wlan" "lp" "dialout" "audio" "xmpp" "mail" ]; |
5 | group = "users"; | 5 | group = "users"; |
6 | uid = 1000; | 6 | uid = 1000; |
7 | createHome = true; | 7 | createHome = true; |
@@ -327,6 +327,14 @@ in rec { | |||
327 | mailbox_size_limit = 10737418240 | 327 | mailbox_size_limit = 10737418240 |
328 | 328 | ||
329 | mailbox_command = ${pkgs.dovecot}/libexec/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT" | 329 | mailbox_command = ${pkgs.dovecot}/libexec/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT" |
330 | |||
331 | smtpd_sasl_type = dovecot | ||
332 | smtpd_sasl_path = ../data/auth | ||
333 | |||
334 | smtpd_sasl_auth_enable = yes | ||
335 | smtpd_sasl_security_options = noanonymous, noplaintext | ||
336 | smtpd_sasl_tls_security_options = noanonymous | ||
337 | smtpd_tls_auth_only = yes | ||
330 | ''; | 338 | ''; |
331 | extraMasterConf = '' | 339 | extraMasterConf = '' |
332 | uucp unix - n n - - pipe flags=Fqhu user=uucp argv=/var/setuid-wrappers/uux -z -a$sender - $nexthop!rmail ($recipient) | 340 | uucp unix - n n - - pipe flags=Fqhu user=uucp argv=/var/setuid-wrappers/uux -z -a$sender - $nexthop!rmail ($recipient) |
@@ -343,8 +351,20 @@ in rec { | |||
343 | sslServerKey = "/var/lib/acme/yggdrasil.li/key.pem"; | 351 | sslServerKey = "/var/lib/acme/yggdrasil.li/key.pem"; |
344 | extraConfig = '' | 352 | extraConfig = '' |
345 | postmaster_address = postmaster@yggdrasil.li | 353 | postmaster_address = postmaster@yggdrasil.li |
354 | |||
355 | service auth { | ||
356 | unix_listener /var/lib/postfix/data/auth { | ||
357 | mode = 0660 | ||
358 | user = postfix | ||
359 | group = postfix | ||
360 | } | ||
361 | } | ||
346 | ''; | 362 | ''; |
347 | }; | 363 | }; |
364 | security.pam.services.dovecot2.text = '' | ||
365 | auth requisite pam_succeed_if.so user ingroup mail | ||
366 | auth required pam_unix.so audit | ||
367 | ''; | ||
348 | 368 | ||
349 | security.acme = { | 369 | security.acme = { |
350 | certs = { | 370 | certs = { |