mail: add automx2

2024-04-13 23:10:23 +02:00 · 2024-04-13 23:10:23 +02:00 · 3e5561f155
parent ba4d7916bb
commit 3e5561f155
1 changed files with 68 additions and 4 deletions
--- a/hosts/mail/default.nix
+++ b/hosts/mail/default.nix
@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:

 {
  microvm.mem = 2048;
@ -15,11 +15,12 @@
  in {
    enable = true;
    certificateScheme = "acme-nginx";
-    # dmarcReporting = {
+    dmarcReporting = {
    #   enable = true;
    #   domain = "c3d2.de";
-    #   organizationName = "Netzbiotop Dresden e.V.";
-    # };
+      organizationName = "Netzbiotop Dresden e.V.";
+    };
+    debug = true;
    domains = [ "netzbiotop.org" ];
    dkimKeyBits = 2048;
    dkimSelector = "default";
@ -103,6 +104,22 @@
      commonHttpConfig = /* nginx */ ''
        proxy_headers_hash_bucket_size 96;
      '';
+      virtualHosts."autoconfig.netzbiotop.org" = {
+        enableACME = true;
+        forceSSL = true;
+        serverAliases = [
+          "autoconfig.netzbiotop.org"
+          "autodiscover.netzbiotop.org"
+        ];
+        locations = {
+          "/".proxyPass = "http://127.0.0.1:4243/";
+          "/initdb".extraConfig = ''
+            # Limit access to clients connecting from localhost
+            allow 127.0.0.1;
+            deny all;
+          '';
+        };
+      };
    };
  };

@ -113,5 +130,52 @@
    };
  };

+  systemd.services.automx2 = {
+    after = [ "network.target" ];
+    postStart = let
+      json = pkgs.writeText "data.json" (builtins.toJSON {
+        provider = config.mailserver.dmarcReporting.organizationName;
+        domains = config.mailserver.domains;
+        servers = [
+          { name = config.mailserver.fqdn; type = "imap"; }
+          { name = config.mailserver.fqdn; type = "pop3"; }
+          { name = config.mailserver.fqdn; type = "smtp"; }
+        ];
+      });
+    in ''
+      sleep 3 && ${lib.getExe pkgs.curl} -X POST --json @${json} http://127.0.0.1:4243/initdb/
+    '';
+    serviceConfig = {
+      Environment = [
+        "AUTOMX2_CONF=${pkgs.writeText "automx2-conf" /* toml */ ''
+          [automx2]
+          loglevel = WARNING
+          db_uri = sqlite:///:memory:
+          proxy_count = 1
+        ''}"
+        "FLASK_APP=automx2.server:app"
+        "FLASK_CONFIG=production"
+      ];
+      ExecStart = "${pkgs.python3.buildEnv.override { extraLibs = [ pkgs.python3Packages.automx2 ]; }}/bin/flask run --host=127.0.0.1 --port=4243";
+      Restart = "always";
+      StateDirectory = "automx2";
+      User = "automx2";
+      WorkingDirectory = "/var/lib/automx2";
+    };
+    unitConfig = {
+      Description = "MUA configuration service";
+      Documentation = "https://rseichter.github.io/automx2/";
+    };
+    wantedBy = [ "multi-user.target" ];
+  };
+
  system.stateVersion = "23.11";
+
+  users = {
+    groups.automx2 = {};
+    users.automx2 = {
+      group = "automx2";
+      isSystemUser = true;
+    };
+  };
 }