...

1 files changed, 10 insertions, 1 deletions

diff --git a/hosts/surtr/postgresql.nix b/hosts/surtr/postgresql.nix
index 66ce60eb..7013ae97 100644
--- a/hosts/surtr/postgresql.nix
+++ b/hosts/surtr/postgresql.nix
@@ -104,7 +104,7 @@ in {
           ALTER TABLE mailbox_mapping ALTER local TYPE citext;
           ALTER TABLE mailbox_mapping ALTER domain TYPE citext;
 
-          CREATE VIEW mailbox_quota_rule (id, mailbox, quota_rule) AS SELECT id, mailbox, (CASE WHEN quota_bytes IS NULL THEN '*:ignore' ELSE '*:bytes=' || quota_bytes END) AS quota_rule FROM mailbox; 
+          CREATE VIEW mailbox_quota_rule (id, mailbox, quota_rule) AS SELECT id, mailbox, (CASE WHEN quota_bytes IS NULL THEN '*:ignore' ELSE '*:bytes=' || quota_bytes END) AS quota_rule FROM mailbox;
 
           CREATE VIEW virtual_mailbox_domain (domain) AS SELECT DISTINCT domain FROM mailbox_mapping;
           CREATE VIEW virtual_mailbox_mapping (lookup) AS SELECT (CASE WHEN local IS NULL THEN ''' ELSE local END) || '@' || domain AS lookup FROM mailbox_mapping;
@@ -143,6 +143,15 @@ in {
 
           GRANT SELECT ON ALL TABLES IN SCHEMA public TO "spm";
           COMMIT;
+
+          BEGIN;
+          SELECT _v.register_patch('007-ccert-sender-policy', ARRAY['000-base'], null);
+
+          CREATE USER "postfix-ccert-sender-policy";
+          GRANT CONNECT ON DATABASE "email" TO "postfix-ccert-sender-policy";
+          ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO "postfix-ccert-sender-policy";
+          GRANT SELECT ON ALL TABLES IN SCHEMA public TO "postfix-ccert-sender-policy";
+          COMMIT;
         ''}
       '';
     };