...

2 files changed, 8 insertions, 2 deletions

diff --git a/hosts/surtr/email/ccert-policy-server/ccert_policy_server/__main__.py b/hosts/surtr/email/ccert-policy-server/ccert_policy_server/__main__.py
index e87ae141..dfe98a76 100644
--- a/hosts/surtr/email/ccert-policy-server/ccert_policy_server/__main__.py
+++ b/hosts/surtr/email/ccert-policy-server/ccert_policy_server/__main__.py
@@ -48,7 +48,7 @@ class PolicyHandler(StreamRequestHandler):
                     cur.row_factory = namedtuple_row
 
                     if relay_eligible:
-                        cur.execute('SELECT EXISTS(SELECT true FROM "mailbox" INNER JOIN "relay_access" ON "mailbox".id = "relay_access"."mailbox" WHERE "mailbox"."mailbox" = %(user)s AND ("domain" = %(domain)s OR "domain" ilike CONCAT("%_.", %(domain)s)) as "exists"', params = {'user': user, 'domain': domain})
+                        cur.execute('SELECT EXISTS(SELECT true FROM "mailbox" INNER JOIN "relay_access" ON "mailbox".id = "relay_access"."mailbox" WHERE "mailbox"."mailbox" = %(user)s AND ("domain" = %(domain)s OR "domain" ilike CONCAT("%%_.", %(domain)s)) as "exists"', params = {'user': user, 'domain': domain})
                         if (row := cur.fetchone()) is not None:
                             allowed = row.exists
 
diff --git a/hosts/surtr/postgresql/default.nix b/hosts/surtr/postgresql/default.nix
index 3640ff12..e29da0b8 100644
--- a/hosts/surtr/postgresql/default.nix
+++ b/hosts/surtr/postgresql/default.nix
@@ -297,7 +297,6 @@ in {
 
           COMMIT;
 
-
           BEGIN;
           SELECT _v.register_patch('014-relay', ARRAY['000-base'], null);
 
@@ -308,6 +307,13 @@ in {
           );
 
           COMMIT;
+
+          BEGIN;
+          SELECT _v.register_patch('015-relay-unique', ARRAY['000-base', '014-relay'], null);
+
+          CREATE UNIQUE INDEX relay_unique ON relay_access (mailbox, domain);
+
+          COMMIT;
         ''}
 
         psql etebase postgres -eXf ${pkgs.writeText "etebase.sql" ''