summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2016-04-27 17:41:25 +0200
committerGregor Kleen <gkleen@yggdrasil.li>2016-04-27 17:41:25 +0200
commit63758d900960edbad9c64e62de1f48352acd9036 (patch)
tree348cd6f3964f0f5c27e7f039863266dd36c1a688
parent4e3549eb2bcd6817dcbd52791815c322140c1140 (diff)
downloadnixos-63758d900960edbad9c64e62de1f48352acd9036.tar
nixos-63758d900960edbad9c64e62de1f48352acd9036.tar.gz
nixos-63758d900960edbad9c64e62de1f48352acd9036.tar.bz2
nixos-63758d900960edbad9c64e62de1f48352acd9036.tar.xz
nixos-63758d900960edbad9c64e62de1f48352acd9036.zip
smtp auth
-rw-r--r--users/gkleen.nix2
-rw-r--r--ymir.nix20
2 files changed, 21 insertions, 1 deletions
diff --git a/users/gkleen.nix b/users/gkleen.nix
index 8ee951d6..8be90851 100644
--- a/users/gkleen.nix
+++ b/users/gkleen.nix
@@ -1,7 +1,7 @@
1{ 1{
2 name = "gkleen"; 2 name = "gkleen";
3 description = "Gregor Kleen"; 3 description = "Gregor Kleen";
4 extraGroups = [ "wheel" "wlan" "lp" "dialout" "audio" "xmpp" ]; 4 extraGroups = [ "wheel" "wlan" "lp" "dialout" "audio" "xmpp" "mail" ];
5 group = "users"; 5 group = "users";
6 uid = 1000; 6 uid = 1000;
7 createHome = true; 7 createHome = true;
diff --git a/ymir.nix b/ymir.nix
index e90e59f7..2eedb641 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -327,6 +327,14 @@ in rec {
327 mailbox_size_limit = 10737418240 327 mailbox_size_limit = 10737418240
328 328
329 mailbox_command = ${pkgs.dovecot}/libexec/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT" 329 mailbox_command = ${pkgs.dovecot}/libexec/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"
330
331 smtpd_sasl_type = dovecot
332 smtpd_sasl_path = ../data/auth
333
334 smtpd_sasl_auth_enable = yes
335 smtpd_sasl_security_options = noanonymous, noplaintext
336 smtpd_sasl_tls_security_options = noanonymous
337 smtpd_tls_auth_only = yes
330 ''; 338 '';
331 extraMasterConf = '' 339 extraMasterConf = ''
332 uucp unix - n n - - pipe flags=Fqhu user=uucp argv=/var/setuid-wrappers/uux -z -a$sender - $nexthop!rmail ($recipient) 340 uucp unix - n n - - pipe flags=Fqhu user=uucp argv=/var/setuid-wrappers/uux -z -a$sender - $nexthop!rmail ($recipient)
@@ -343,8 +351,20 @@ in rec {
343 sslServerKey = "/var/lib/acme/yggdrasil.li/key.pem"; 351 sslServerKey = "/var/lib/acme/yggdrasil.li/key.pem";
344 extraConfig = '' 352 extraConfig = ''
345 postmaster_address = postmaster@yggdrasil.li 353 postmaster_address = postmaster@yggdrasil.li
354
355 service auth {
356 unix_listener /var/lib/postfix/data/auth {
357 mode = 0660
358 user = postfix
359 group = postfix
360 }
361 }
346 ''; 362 '';
347 }; 363 };
364 security.pam.services.dovecot2.text = ''
365 auth requisite pam_succeed_if.so user ingroup mail
366 auth required pam_unix.so audit
367 '';
348 368
349 security.acme = { 369 security.acme = {
350 certs = { 370 certs = {