From 3e5561f155db6b9f7a0d2630e2ae526d0665f4bf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Sat, 13 Apr 2024 23:10:23 +0200
Subject: [PATCH] mail: add automx2

---
 hosts/mail/default.nix | 72 +++++++++++++++++++++++++++++++++++++++---
 1 file changed, 68 insertions(+), 4 deletions(-)

diff --git a/hosts/mail/default.nix b/hosts/mail/default.nix
index dd7a8d1f..28659e55 100644
--- a/hosts/mail/default.nix
+++ b/hosts/mail/default.nix
@@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
 
 {
   microvm.mem = 2048;
@@ -15,11 +15,12 @@
   in {
     enable = true;
     certificateScheme = "acme-nginx";
-    # dmarcReporting = {
+    dmarcReporting = {
     #   enable = true;
     #   domain = "c3d2.de";
-    #   organizationName = "Netzbiotop Dresden e.V.";
-    # };
+      organizationName = "Netzbiotop Dresden e.V.";
+    };
+    debug = true;
     domains = [ "netzbiotop.org" ];
     dkimKeyBits = 2048;
     dkimSelector = "default";
@@ -103,6 +104,22 @@
       commonHttpConfig = /* nginx */ ''
         proxy_headers_hash_bucket_size 96;
       '';
+      virtualHosts."autoconfig.netzbiotop.org" = {
+        enableACME = true;
+        forceSSL = true;
+        serverAliases = [
+          "autoconfig.netzbiotop.org"
+          "autodiscover.netzbiotop.org"
+        ];
+        locations = {
+          "/".proxyPass = "http://127.0.0.1:4243/";
+          "/initdb".extraConfig = ''
+            # Limit access to clients connecting from localhost
+            allow 127.0.0.1;
+            deny all;
+          '';
+        };
+      };
     };
   };
 
@@ -113,5 +130,52 @@
     };
   };
 
+  systemd.services.automx2 = {
+    after = [ "network.target" ];
+    postStart = let
+      json = pkgs.writeText "data.json" (builtins.toJSON {
+        provider = config.mailserver.dmarcReporting.organizationName;
+        domains = config.mailserver.domains;
+        servers = [
+          { name = config.mailserver.fqdn; type = "imap"; }
+          { name = config.mailserver.fqdn; type = "pop3"; }
+          { name = config.mailserver.fqdn; type = "smtp"; }
+        ];
+      });
+    in ''
+      sleep 3 && ${lib.getExe pkgs.curl} -X POST --json @${json} http://127.0.0.1:4243/initdb/
+    '';
+    serviceConfig = {
+      Environment = [
+        "AUTOMX2_CONF=${pkgs.writeText "automx2-conf" /* toml */ ''
+          [automx2]
+          loglevel = WARNING
+          db_uri = sqlite:///:memory:
+          proxy_count = 1
+        ''}"
+        "FLASK_APP=automx2.server:app"
+        "FLASK_CONFIG=production"
+      ];
+      ExecStart = "${pkgs.python3.buildEnv.override { extraLibs = [ pkgs.python3Packages.automx2 ]; }}/bin/flask run --host=127.0.0.1 --port=4243";
+      Restart = "always";
+      StateDirectory = "automx2";
+      User = "automx2";
+      WorkingDirectory = "/var/lib/automx2";
+    };
+    unitConfig = {
+      Description = "MUA configuration service";
+      Documentation = "https://rseichter.github.io/automx2/";
+    };
+    wantedBy = [ "multi-user.target" ];
+  };
+
   system.stateVersion = "23.11";
+
+  users = {
+    groups.automx2 = {};
+    users.automx2 = {
+      group = "automx2";
+      isSystemUser = true;
+    };
+  };
 }