diff options
-rw-r--r-- | flake.lock | 12 | ||||
-rw-r--r-- | flake.nix | 8 | ||||
-rw-r--r-- | hosts/surtr/email/default.nix | 21 | ||||
-rw-r--r-- | hosts/surtr/postgresql.nix | 37 |
4 files changed, 61 insertions, 17 deletions
@@ -64,11 +64,11 @@ | |||
64 | ] | 64 | ] |
65 | }, | 65 | }, |
66 | "locked": { | 66 | "locked": { |
67 | "lastModified": 1651886851, | 67 | "lastModified": 1652214259, |
68 | "narHash": "sha256-kbXOJSf1uho0/7P54nZkJdJY3oAelIjyc6tfiRhaXJI=", | 68 | "narHash": "sha256-kbribVik1m3SU6QNpZ3euybljqs0CEQ0lEEz7MN+u8U=", |
69 | "owner": "nix-community", | 69 | "owner": "nix-community", |
70 | "repo": "home-manager", | 70 | "repo": "home-manager", |
71 | "rev": "882bd8118bdbff3a6e53e5ced393932b351ce2f6", | 71 | "rev": "f735a8502b098962ae965c2600c7be9f7711b814", |
72 | "type": "github" | 72 | "type": "github" |
73 | }, | 73 | }, |
74 | "original": { | 74 | "original": { |
@@ -80,11 +80,11 @@ | |||
80 | }, | 80 | }, |
81 | "nixpkgs": { | 81 | "nixpkgs": { |
82 | "locked": { | 82 | "locked": { |
83 | "lastModified": 1652107188, | 83 | "lastModified": 1652424998, |
84 | "narHash": "sha256-6CVG9pABO7FB1qP/d7gwuP166COGHv3WC1AQ5r/n1ds=", | 84 | "narHash": "sha256-6rqAwXEVlnXzCcju+ZcxZnLNql6bdiG9deREbBAb2Pc=", |
85 | "owner": "NixOS", | 85 | "owner": "NixOS", |
86 | "repo": "nixpkgs", | 86 | "repo": "nixpkgs", |
87 | "rev": "403d21a9416b865c9f1da016a110c2610610b4c5", | 87 | "rev": "d999ca3e08b053b80d4e52e700a4627e692479eb", |
88 | "type": "github" | 88 | "type": "github" |
89 | }, | 89 | }, |
90 | "original": { | 90 | "original": { |
@@ -210,10 +210,10 @@ | |||
210 | system = { | 210 | system = { |
211 | path = deploy-rs.lib.${self.nixosConfigurations.${hostname}.config.nixpkgs.system}.activate.nixos self.nixosConfigurations.${hostname}; | 211 | path = deploy-rs.lib.${self.nixosConfigurations.${hostname}.config.nixpkgs.system}.activate.nixos self.nixosConfigurations.${hostname}; |
212 | }; | 212 | }; |
213 | } // (mapAttrs (_user: usercfg: { | 213 | }; # // (mapAttrs (_user: usercfg: { |
214 | user = usercfg.home.username; | 214 | # user = usercfg.home.username; |
215 | path = activateHomeManager (self.nixosConfigurations.${hostname}.config.nixpkgs.system) usercfg.home; | 215 | # path = activateHomeManager (self.nixosConfigurations.${hostname}.config.nixpkgs.system) usercfg.home; |
216 | }) self.nixosConfigurations.${hostname}.config.home-manager.users); | 216 | # }) self.nixosConfigurations.${hostname}.config.home-manager.users); |
217 | }) (nixImport { dir = ./hosts; _import = (_path: name: name); }); | 217 | }) (nixImport { dir = ./hosts; _import = (_path: name: name); }); |
218 | overrides = if pathExists ./deploy then nixImport { dir = ./deploy; _import = path: _name: import (./deploy + "/${path}") inputs; } else {}; | 218 | overrides = if pathExists ./deploy then nixImport { dir = ./deploy; _import = path: _name: import (./deploy + "/${path}") inputs; } else {}; |
219 | filterEnabled = attrs: mapAttrs (_n: v: filterAttrs (n: _v: n != "enabled") v) (filterAttrs (_n: v: v.enabled or true) attrs); | 219 | filterEnabled = attrs: mapAttrs (_n: v: filterAttrs (n: _v: n != "enabled") v) (filterAttrs (_n: v: v.enabled or true) attrs); |
diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix index 2ddff519..57883864 100644 --- a/hosts/surtr/email/default.nix +++ b/hosts/surtr/email/default.nix | |||
@@ -37,7 +37,7 @@ in { | |||
37 | services.postfix = { | 37 | services.postfix = { |
38 | enable = true; | 38 | enable = true; |
39 | hostname = "surtr.yggdrasil.li"; | 39 | hostname = "surtr.yggdrasil.li"; |
40 | recipientDelimiter = "+"; | 40 | recipientDelimiter = ""; |
41 | setSendmail = true; | 41 | setSendmail = true; |
42 | postmasterAlias = ""; rootAlias = ""; extraAliases = ""; | 42 | postmasterAlias = ""; rootAlias = ""; extraAliases = ""; |
43 | destination = []; | 43 | destination = []; |
@@ -100,6 +100,11 @@ in { | |||
100 | "reject_unauth_pipelining" | 100 | "reject_unauth_pipelining" |
101 | "reject_non_fqdn_recipient" | 101 | "reject_non_fqdn_recipient" |
102 | "reject_unknown_recipient_domain" | 102 | "reject_unknown_recipient_domain" |
103 | "check_recipient_access pgsql:${pkgs.writeText "check_recipient_access.cf" '' | ||
104 | hosts = postgresql:///email | ||
105 | dbname = email | ||
106 | query = SELECT action FROM virtual_mailbox_access WHERE lookup = '%s' | ||
107 | ''}" | ||
103 | "permit_mynetworks" | 108 | "permit_mynetworks" |
104 | "check_ccert_access ${relay_ccert}" | 109 | "check_ccert_access ${relay_ccert}" |
105 | "reject_non_fqdn_helo_hostname" | 110 | "reject_non_fqdn_helo_hostname" |
@@ -156,7 +161,8 @@ in { | |||
156 | dbname = email | 161 | dbname = email |
157 | query = SELECT 1 FROM virtual_mailbox_mapping WHERE lookup = '%s' | 162 | query = SELECT 1 FROM virtual_mailbox_mapping WHERE lookup = '%s' |
158 | ''}''; | 163 | ''}''; |
159 | virtual_transport = "lmtp:unix:/run/postfix/dovecot-lmtp"; | 164 | dvlmtp_destination_recipient_limit = "1"; |
165 | virtual_transport = "dvlmtp:unix:/run/postfix/dovecot-lmtp"; | ||
160 | }; | 166 | }; |
161 | masterConfig = { | 167 | masterConfig = { |
162 | smtps = { | 168 | smtps = { |
@@ -174,6 +180,12 @@ in { | |||
174 | "-o" ''smtpd_milters=${config.services.opendkim.socket}'' | 180 | "-o" ''smtpd_milters=${config.services.opendkim.socket}'' |
175 | ]; | 181 | ]; |
176 | }; | 182 | }; |
183 | dvlmtp = { | ||
184 | command = "lmtp"; | ||
185 | args = [ | ||
186 | "flags=DORX" | ||
187 | ]; | ||
188 | }; | ||
177 | }; | 189 | }; |
178 | }; | 190 | }; |
179 | 191 | ||
@@ -375,7 +387,7 @@ in { | |||
375 | args = ${pkgs.writeText "dovecot-sql.conf" '' | 387 | args = ${pkgs.writeText "dovecot-sql.conf" '' |
376 | driver = pgsql | 388 | driver = pgsql |
377 | connect = dbname=email | 389 | connect = dbname=email |
378 | user_query = SELECT DISTINCT ON (local IS NULL) "user", quota_rule, 'dovecot2' as uid, 'dovecot2' as gid FROM lmtp_mapping WHERE (local = '%n' AND domain = '%d') OR (local IS NULL AND domain = '%d') ORDER BY (local IS NULL) ASC | 390 | user_query = SELECT DISTINCT ON (extension IS NULL, local IS NULL) "user", quota_rule, 'dovecot2' as uid, 'dovecot2' as gid FROM lmtp_mapping WHERE CASE WHEN extension IS NOT NULL AND local IS NOT NULL THEN ('%n' :: citext) = local || '+' || extension AND domain = ('%d' :: citext) WHEN local IS NOT NULL THEN (local = ('%n' :: citext) OR ('%n' :: citext) ILIKE local || '+%%') AND domain = ('%d' :: citext) WHEN extension IS NOT NULL THEN ('%n' :: citext) ILIKE '%%+' || extension AND domain = ('%d' :: citext) ELSE domain = ('%d' :: citext) END ORDER BY (extension IS NULL) ASC, (local IS NULL) ASC |
379 | ''} | 391 | ''} |
380 | 392 | ||
381 | skip = never | 393 | skip = never |
@@ -387,7 +399,8 @@ in { | |||
387 | mail_plugins = $mail_plugins quota | 399 | mail_plugins = $mail_plugins quota |
388 | mailbox_list_index = yes | 400 | mailbox_list_index = yes |
389 | postmaster_address = postmaster@yggdrasil.li | 401 | postmaster_address = postmaster@yggdrasil.li |
390 | recipient_delimiter = + | 402 | recipient_delimiter = |
403 | auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-+_@ | ||
391 | 404 | ||
392 | service lmtp { | 405 | service lmtp { |
393 | vsz_limit = 1G | 406 | vsz_limit = 1G |
diff --git a/hosts/surtr/postgresql.nix b/hosts/surtr/postgresql.nix index abd2cb26..a5e93ecf 100644 --- a/hosts/surtr/postgresql.nix +++ b/hosts/surtr/postgresql.nix | |||
@@ -1,4 +1,4 @@ | |||
1 | { pkgs, sources, ... }: | 1 | { pkgs, sources, config, ... }: |
2 | let | 2 | let |
3 | versioning = sources.psql-versioning.src; | 3 | versioning = sources.psql-versioning.src; |
4 | in { | 4 | in { |
@@ -22,8 +22,19 @@ in { | |||
22 | ''; | 22 | ''; |
23 | }; | 23 | }; |
24 | 24 | ||
25 | systemd.services.postgresql = { | 25 | systemd.services.migrate-postgresql = { |
26 | postStart = '' | 26 | after = [ "postgresql.service" ]; |
27 | bindsTo = [ "postgresql.service" ]; | ||
28 | wantedBy = [ "postgresql.service" ]; | ||
29 | |||
30 | serviceConfig = { | ||
31 | Type = "oneshot"; | ||
32 | inherit (config.systemd.services.postgresql.serviceConfig) User Group; | ||
33 | RemainAfterExit = true; | ||
34 | }; | ||
35 | |||
36 | path = [ config.services.postgresql.package ]; | ||
37 | script = '' | ||
27 | psql email postgres -eXf ${pkgs.writeText "email.sql" '' | 38 | psql email postgres -eXf ${pkgs.writeText "email.sql" '' |
28 | \i ${versioning + "/install.versioning.sql"} | 39 | \i ${versioning + "/install.versioning.sql"} |
29 | 40 | ||
@@ -78,6 +89,26 @@ in { | |||
78 | CREATE VIEW imap_user ("user", quota_rule) AS SELECT mailbox AS "user", quota_rule FROM mailbox_quota_rule; | 89 | CREATE VIEW imap_user ("user", quota_rule) AS SELECT mailbox AS "user", quota_rule FROM mailbox_quota_rule; |
79 | CREATE VIEW lmtp_mapping ("user", quota_rule, local, domain) AS SELECT mailbox_quota_rule.mailbox AS "user", quota_rule, local, domain FROM mailbox_quota_rule INNER JOIN mailbox_mapping ON mailbox_quota_rule.id = mailbox_mapping.mailbox; | 90 | CREATE VIEW lmtp_mapping ("user", quota_rule, local, domain) AS SELECT mailbox_quota_rule.mailbox AS "user", quota_rule, local, domain FROM mailbox_quota_rule INNER JOIN mailbox_mapping ON mailbox_quota_rule.id = mailbox_mapping.mailbox; |
80 | COMMIT; | 91 | COMMIT; |
92 | |||
93 | BEGIN; | ||
94 | SELECT _v.register_patch('003-extensions', ARRAY['000-base', '002-citext'], null); | ||
95 | |||
96 | ALTER TABLE mailbox_mapping ADD COLUMN extension citext CHECK (CASE WHEN extension IS NOT NULL THEN extension NOT LIKE '%+%' ELSE true END); | ||
97 | |||
98 | DROP VIEW virtual_mailbox_mapping; | ||
99 | DROP VIEW lmtp_mapping; | ||
100 | |||
101 | CREATE VIEW virtual_mailbox_mapping (lookup) AS SELECT (CASE WHEN local IS NULL THEN ''' ELSE local END) || (CASE WHEN extension IS NULL THEN ''' ELSE '+' || extension END) || '@' || domain AS lookup FROM mailbox_mapping WHERE mailbox IS NOT NULL; | ||
102 | CREATE VIEW virtual_mailbox_access (lookup, action) AS SELECT (CASE WHEN local IS NULL THEN ''' ELSE local END) || (CASE WHEN extension IS NULL THEN ''' ELSE '+' || extension END) || '@' || domain AS lookup, CASE WHEN mailbox IS NULL THEN 'REJECT' ELSE 'DUNNO' END AS action FROM mailbox_mapping; | ||
103 | CREATE VIEW lmtp_mapping ("user", quota_rule, local, extension, domain) AS SELECT mailbox_quota_rule.mailbox AS "user", quota_rule, local, extension, domain FROM mailbox_quota_rule INNER JOIN mailbox_mapping ON mailbox_quota_rule.id = mailbox_mapping.mailbox; | ||
104 | COMMIT; | ||
105 | |||
106 | BEGIN; | ||
107 | SELECT _v.register_patch('004-cascade', ARRAY['000-base'], null); | ||
108 | |||
109 | ALTER TABLE mailbox_mapping DROP CONSTRAINT mailbox_mapping_mailbox_fkey; | ||
110 | ALTER TABLE mailbox_mapping ADD CONSTRAINT mailbox_mapping_mailbox_fkey FOREIGN KEY (mailbox) REFERENCES mailbox(id) ON DELETE CASCADE ON UPDATE RESTRICT; | ||
111 | COMMIT; | ||
81 | ''} | 112 | ''} |
82 | ''; | 113 | ''; |
83 | }; | 114 | }; |