mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-11 07:10:39 +02:00
Code Activity

feat: add autoconfig.xml endpoint for maddy

Browse source
This commit is contained in:
oddlama 2024-04-11 23:25:44 +02:00
parent ee82d91214
commit 26dd7b249d
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
1 changed files with 59 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

58
hosts/envoy/maddy.nix
View file

@ -6,13 +6,21 @@
}: let }: let
mailDomains = config.repo.secrets.global.domains.mail; mailDomains = config.repo.secrets.global.domains.mail;
primaryDomain = mailDomains.primary; primaryDomain = mailDomains.primary;
maddyBackupDir = "/var/cache/backups/maddy"; backupDir = "/var/cache/backups/maddy";
in { in {
systemd.tmpfiles.settings."10-maddy".${maddyBackupDir}.d = { systemd.tmpfiles.settings."10-maddy".${backupDir}.d = {
inherit (config.services.maddy) user group; inherit (config.services.maddy) user group;
mode = "0770"; mode = "0770";
}; };
environment.persistence."/state".directories = [
{
directory = backupDir;
inherit (config.services.maddy) user group;
mode = "0750";
}
];
environment.persistence."/persist".directories = [ environment.persistence."/persist".directories = [
{ {
directory = "/var/lib/maddy"; directory = "/var/lib/maddy";
@ -21,18 +29,54 @@ in {
} }
]; ];
# FIXME: hetzner storagebox backup
services.nginx.virtualHosts = lib.mkMerge [
# For each mail domain, add MTA STS entry via nginx # For each mail domain, add MTA STS entry via nginx
# FIXME: autoconfig (lib.genAttrs (map (x: "mta-sts.${x}") mailDomains.all) (domain: {
services.nginx.virtualHosts = lib.genAttrs (map (x: "mta-sts.${x}") mailDomains.all) (_x: {
forceSSL = true; forceSSL = true;
useACMEWildcardHost = true; useACMEWildcardHost = true;
locations."=/.well-known/mta-sts.txt".alias = pkgs.writeText "mta-sts.txt" '' locations."=/.well-known/mta-sts.txt".alias = pkgs.writeText "mta-sts.${domain}.txt" ''
version: STSv1 version: STSv1
mode: enforce mode: enforce
mx: mx1.${primaryDomain} mx: mx1.${primaryDomain}
max_age: 86400 max_age: 86400
''; '';
}); }))
# For each mail domain, add an autoconfig xml file for Thunderbird
(lib.genAttrs (map (x: "autoconfig.${x}") mailDomains.all) (domain: {
forceSSL = true;
useACMEWildcardHost = true;
locations."=/mail/config-v1.1.xml".alias =
pkgs.writeText "autoconfig.${domain}.xml"
/*
xml
*/
''
<?xml version="1.0" encoding="UTF-8"?>
<clientConfig version="1.1">
<emailProvider id="${domain}">
<domain>${domain}</domain>
<displayName>%EMAILADDRESS%</displayName>
<displayShortName>%EMAILLOCALPART%</displayShortName>
<incomingServer type="imap">
<hostname>mail.${primaryDomain}</hostname>
<port>993</port>
<socketType>SSL</socketType>
<authentication>password-cleartext</authentication>
<username>%EMAILADDRESS%</username>
</incomingServer>
<outgoingServer type="smtp">
<hostname>mail.${primaryDomain}</hostname>
<port>465</port>
<socketType>SSL</socketType>
<authentication>password-cleartext</authentication>
<username>%EMAILADDRESS%</username>
</outgoingServer>
</emailProvider>
</clientConfig>
'';
}))
];
networking.firewall.allowedTCPPorts = [25 465 993]; networking.firewall.allowedTCPPorts = [25 465 993];
services.maddy = { services.maddy = {
@ -50,7 +94,7 @@ in {
]; ];
}; };
#ensureCredentials = { #ensureCredentials = {
# "me@${primaryDomain}".passwordFile = config.age.secrets.patrickPasswd.path; # "me@${primaryDomain}".passwordFile = ...;
#}; #};
#ensureAccounts = [ #ensureAccounts = [
# "me@${primaryDomain}" # "me@${primaryDomain}"