Add local mail service

2024-08-28 12:22:41 +02:00 · 2024-08-28 12:22:41 +02:00 · aa0d1752f6
parent 3e88ea9241
commit aa0d1752f6
8 changed files with 42 additions and 3 deletions
--- a/.reuse/dep5
+++ b/.reuse/dep5
@ -7,6 +7,7 @@ Source: https://git.sbruder.de/simon/nixos-config
 Files:
       .git-crypt/keys/default/0/*.gpg
       secrets.yaml
+       secrets/*.yaml
       **/secrets.yaml
       keys/*/*.asc
       machines/*/secrets/*.nix
--- a/.sops.yaml
+++ b/.sops.yaml
@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: CC0-1.0

-keys:
+keys: &all-keys
  # sops does not (yet) support ADSKs,
  # so all encryption subkeys have to be added manually
  - &simon 6CD375BD0741F67E5A289BC333A01CBE0554C763 # offline
@ -135,3 +135,6 @@ creation_rules:
      - *renge
      - *koyomi
      - *hiroshi
+  - path_regex: secrets/local-mail\.yaml$
+    key_groups:
+    - pgp: *all-keys
--- a/machines/vueko/secrets/mail-users.nix
+++ b/machines/vueko/secrets/mail-users.nix
--- a/modules/default.nix
+++ b/modules/default.nix
@ -41,6 +41,7 @@
    ./gui.nix
    ./infovhost.nix
    ./initrd-ssh.nix
+    ./local-mail.nix
    ./locales.nix
    ./logitech.nix
    ./mailserver
--- a/modules/local-mail.nix
+++ b/modules/local-mail.nix
@ -0,0 +1,32 @@
+# SPDX-FileCopyrightText: 2024 Simon Bruder <simon@sbruder.de>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+{ config, pkgs, ... }:
+
+{
+  sops.secrets.system-mail.sopsFile = ../secrets/local-mail.yaml;
+
+  programs.msmtp = {
+    enable = true;
+    setSendmail = true;
+    accounts.default = {
+      host = "vueko.sbruder.de";
+      port = "465";
+      tls = "on";
+      tls_starttls = "off";
+      from = ''"system+%U@%H"@sbruder.de'';
+      allow_from_override = "off";
+      auth = "on";
+      user = "system@sbruder.de";
+      passwordeval = "cat ${config.sops.secrets.system-mail.path}";
+      aliases = pkgs.writeText "msmtp-aliases" ''
+        default: simon@sbruder.de
+      '';
+    };
+  };
+
+  boot.swraid.mdadmConf = ''
+    MAILFROM "mdadm on ${config.networking.hostName}" <"system+root@${config.networking.hostName}"@sbruder.de>
+    MAILADDR simon@sbruder.de
+  '';
+}
--- a/modules/mailserver/postfix.nix
+++ b/modules/mailserver/postfix.nix
@ -42,6 +42,8 @@ lib.mkIf cfg.enable {
  services.postfix = {
    enable = true;

+    setSendmail = lib.mkForce false;
+
    enableSubmission = true; # plain/STARTTLS (latter is forced in submissionOptions)
    enableSubmissions = true; # submission with implicit TLS (TCP/465)

--- a/secrets.yaml
+++ b/secrets.yaml
@ -11,8 +11,8 @@ sops:
    azure_kv: []
    hc_vault: []
    age: []
-    lastmodified: "2023-12-28T16:12:09Z"
-    mac: ENC[AES256_GCM,data:f7gcMjAEMU6uOeS7x2zvtyu+7DvPOCbtBy+zStALFou6B2rMBuqzJC1CynFh1f+NAKGtv1P3sMdag5Es5xsRHjFqQ0FfWceAB2anTsqW3ZLu+ZKS02p03lR5Tz59GQgS1MHcNkEovY2qZ/Mk/BODJzKYjqmb7ItjXTcSAGII5vg=,iv:gZE0w3Ih5x8xJ0x7sU+ZWo289PIaBUn/y8y78QDqidQ=,tag:cxlGk81xQGifm3IyE5ypwg==,type:str]
+    lastmodified: "2024-08-28T20:20:46Z"
+    mac: ENC[AES256_GCM,data:i6AZEdSTH6Ig74wX6kdemIIzd2v0VbuKmhYRDEchVHg+4UmL/PoLwPCv9As4toFvHp0dWE2p9tarOirkbraoFKVB0MeDRdKE0WEBu5biY4ZPTufHPUKyQ5v2VkFkBhAmI/hYPgHXwfzKt3vTDBJtfcYUl9+GqITerF7JDTYXngk=,iv:nbR4eGBEK+YQKS8MmFuz4LWApaHs2YwxvJcQgDkpdE4=,tag:OF+tq5AlE4RtuMqwmRy4jg==,type:str]
    pgp:
        - created_at: "2024-08-20T22:32:59Z"
          enc: |-
--- a/secrets/local-mail.yaml
+++ b/secrets/local-mail.yaml