magic_rb/cluster
1
0
Fork 0
mirror of https://git.sr.ht/~magic_rb/cluster synced 2024-11-22 08:04:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
cluster/containers/postfix.nix

170 lines
6.8 KiB
Nix
Raw Normal View History

Home Assistant test setup Signed-off-by: Magic_RB <magic_rb@redalder.org>
2022-01-18 00:23:43 +01:00
{ nglib, nixpkgs }:
nglib.makeSystem {
system = "x86_64-linux";
name = "nixng-postfix";
inherit nixpkgs;
config = ({ pkgs, config, ... }:
{
config = {
dumb-init = {
enable = true;
type.services = {};
};
init.services.postfix = {
shutdownOnExit = true;
};
services.postfix = {
enable = true;
masterConfig = {
pickup = {
type = "unix";
private = "n";
chroot = "n";
wakeup = "60";
maxproc = "1";
command = "pickup";
};
cleanup = { type = "unix"; private = "n"; chroot = "n"; maxproc = "0";
command = "cleanup"; };
qmgr = { type = "unix"; private = "n"; chroot = "n"; wakeup = "300";
maxproc = "1"; command = "qmgr"; };
tlsmgr = { type = "unix"; wakeup = "1000?"; maxproc = 1; command = "tlsmgr"; };
rewrite = { type = "unix"; chroot = "n"; command = "trivial-rewrite"; };
bounce = { type = "unix"; chroot = "n"; maxproc = 0; command = "bounce"; };
defer = { type = "unix"; chroot = "n"; maxproc = 0; command = "bounce"; };
trace = { type = "unix"; chroot = "n"; maxproc = 0; command = "bounce"; };
verify = { type = "unix"; chroot = "n"; maxproc = 1; command = "verify"; };
flush = { type = "unix"; chroot = "n"; wakeup = "1000?"; maxproc = "0";
command = "flush"; };
proxymap = { type = "unix"; chroot = "n"; command = "proxymap"; };
proxywrite = { type = "unix"; chroot = "n"; maxproc = "1";
command = "proxymap"; };
smtp = [ { type = "unix"; chroot = "n"; command = "smtp"; }
{ type = "inet"; private = "n"; chroot = "n"; command = "smtpd"; }
];
relay = { type = "unix"; chroot = "n"; command = ''
smtp
-o syslog_name=postfix/$service_name
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
''; };
showq = { type = "unix"; private = "n"; chroot = "n"; command = "showq"; };
error = { type = "unix"; chroot = "n"; command = "error"; };
retry = { type = "unix"; chroot = "n"; command = "error"; };
discard = { type = "unix"; chroot = "n"; command = "discard"; };
local = { type = "unix"; unpriv = "n"; chroot = "n"; command = "local"; };
virtual = { type = "unix"; unpriv = "n"; chroot = "n"; command = "virtual"; };
lmtp = { type = "unix"; chroot = "n"; command = "lmtp"; };
anvil = { type = "unix"; chroot = "n"; maxproc = 1; command = "anvil"; };
scache = { type = "unix"; chroot = "n"; maxproc = 1; command = "scache"; };
postlog =
{ type = "unix-dgram"; private = "n"; chroot = "n"; maxproc = "1";
command = "postlogd"; };
};
mainConfig = {
smptd_banner = [ "$myhostname" "ESMTP" "$mail_name" "(Ubuntu)" ];
biff = "no";
# delay_warning_time = "4h";
append_dot_mydomain = "no";
readme_directory = "no";
compatibility_level = 2;
smtpd_tls_cert_file = "/etc/letsencrypt/live/example.com/fullchain.pem";
smtpd_tls_key_file = "/etc/letsencrypt/live/example.com/privkey.pem";
smtpd_use_tls = "yes";
smtpd_tls_auth_only = "yes";
smtp_tls_security_level = "may";
smtpd_tls_security_level = "may";
smtpd_sasl_security_options = [ "noanonymous" "noplaintext" ];
smtpd_sasl_tls_security_options = "noanonymous";
smtpd_sasl_type = "dovecot";
smtpd_sasl_path = "private/auth";
smtpd_sals_auth_enable = "yes";
smtpd_helo_restrictions =
[ "permit_mynetworks"
"permit_sals_authenticated"
"reject_invalid_helo_hostname"
"reject_non_fqdn_helo_hostname"
];
smtpd_recipient_restrictions =
[ "permit_mynetworks"
"permit_sasl_authenticated"
"reject_non_fqdn_recipient"
"reject_unknown_recipient_domain"
"reject_unlisted_recipient"
"reject_unauth_destination"
];
smtpd_sender_restrictions =
[ "permit_mynetworks"
"permit_sasl_authenticated"
"reject_non_fqdn_sender"
"reject_unknown_sender_domain"
];
smtpd_relay_restrictions =
[ "permit_mynetworks"
"permit_sasl_authenticated"
"defer_unauth_destination"
];
myhostname = "example.org";
alias_maps = "hash:/etc/aliases";
alias_database = "hash:/etc/aliases";
mydoamin = "example.org";
myorigin = "$mydomain";
mydestination = "localhost";
relayhost = "";
mynetworks =
[ "127.0.0.0/8"
"[::ffff:127.0.0.0]/104"
"[::1]/128"
];
mailbox_size_limit = 0;
recipient_delimiter = "+";
inet_interfaces = "all";
inet_protocols = "all";
virtual_transport = "lmtp:unix:private/dovecot-lmtp";
virtual_mailbox_domains = "mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf";
virtual_mailbox_maps = "mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf";
virtual_alias_maps =
[ "mysql:/etc/postfix/mysql-virtual-alias-maps.cf"
"mysql:/etc/postfix/mysql-virtual-email2email.cf"
];
disable_vrfy_command = "yes";
strict_rfc821_envelopes = "yes";
# smtpd_etrn_restrictions = "yes";
# smtpd_reject_unlisted_sender = "yes";
# smtpd_reject_unlisted_recipient = "yes";
smtpd_delay_reject = "yes";
smtpd_helo_required = "yes";
smtp_always_send_ehlo = "yes";
# smtpd_hard_error_limit = 1;
smtpd_timeout = "30s";
smtp_helo_timeout = "15s";
smtp_rcpt_timeout = "15s";
smtpd_recipient_limit = "15s";
minimal_backoff_time = "180s";
maximal_backoff_time = "3h";
invalid_hostname_reject_code = 550;
non_fqdn_reject_code = 550;
unknown_address_reject_code = 550;
unknown_client_reject_code = 550;
unknown_hostname_reject_code = 550;
unverified_recipent_reject_code = 550;
unverified_sender_reject_code = 550;
};
};
};
});
}
Reference in a new issue Copy permalink