Fachschaft/nixConfig
6
2
Fork 2
Code Issues 10 Pull requests 2 Projects Wiki Activity

Compare commits

base: Fachschaft:597f4d365cded5cf3724f0c36292a4ec40668169
Branches Tags
Fachschaft:main
..
compare: Fachschaft:85131d6f366cdf7f303ace032905217349179f51
Branches Tags
Fachschaft:main

1 commit
597f4d365c ... 85131d6f36

Author SHA1 Message Date
Gonne
85131d6f36 First try to install Stalwart as a mail software 2024-11-23 21:55:56 +01:00
2 changed files with 12 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

6
nixos/machines/kaalut/stalwartAdmin.yaml
View file

@ -1,4 +1,4 @@
stalwartAdmin: ENC[AES256_GCM,data:/rZc/woATc0PzUPL6tFqOi7j61Q=,iv:oYOMSUcO+83KgQhmGnd1cHIzd3Pdhc2ldpRLOYgCS4s=,tag:C7uyFSR/pTzsbjgKW3IMLQ==,type:str]
stalwartAdmin: ENC[AES256_GCM,data:4vpvxtFa2KiF3ojl+cw3ic/MI7UM9JQCQn76bidYvbW31zgF,iv:DtLAi68oQRf3U69uFK0Cz4qHMkxM6NnB3lVYft/DtqQ=,tag:HYm2mdpTuXNHdQIv2Rkwig==,type:str]
sops:
kms: []
gcp_kms: []
@ -41,8 +41,8 @@ sops:
UjFHWHNZci8zRlFXNVpNNk5oSUNvaTQKW9T88GflSysJwqMnBrc/jZVwL/fRdg2a
5XysXb/dCo4uNxLQit/KNSpINj7rAkf4Pk819DO6SKiIiuIJDXw9cA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-23T09:05:51Z"
mac: ENC[AES256_GCM,data:UcotPbsy/bwcLGjLc2wstTWwFEr1jyYD+xipAF2SuZ6aE5QYz3Kz/26O9Wicjgg+H5E4INjC+MA98Io6U3MzWukBQbiSCaLfrRRRISe5qeTGDGc9dKMk5Xkb9Y32WIzCGRc+LYENlNwx8K1LWWXsj+rPcD6Tt9ER07TMv3y5oRg=,iv:3lG/49SHuPhgd0v0SFN1bh1nPjkqeWL78GToXeJYWoY=,tag:ymWcYBgIpGDGypO4MfgDLA==,type:str]
lastmodified: "2024-11-23T11:43:23Z"
mac: ENC[AES256_GCM,data:GZ1Q67n43WU3fDQd6SGsD2EZgoaq1mzh5biy42cx6FQWlveK5lhb0F2HUuWWv5zSHKpslEPD6odvkQmMNCRY8NsvT3+KBAnHHU0aHzM9AEV27cDL4x6oBvO52EMxsNCMm+fXPD1CubQxfbfvx/aIuqb1sovgKGgwf4u6yqIrHJ0=,iv:ExX+ySMXhF/c1w2IP7y8mdlcy8W9Zxiy6X67b2f4AeY=,tag:shxQJdaW3HsG6sNY+zDNCA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

21
nixos/modules/mail.nix
View file

@ -183,7 +183,7 @@ in {
timers."mailAllowlist" = {
wantedBy = ["timers.target"];
timerConfig = {
OnBootSec = "1h"; # Run every 5 minutes
OnBootSec = "1h"; # Run every hour
OnUnitActiveSec = "1h";
RandomizedDelaySec = "10m"; # prevent overload on regular intervals
Unit = "mailAllowlist.service";
@ -198,17 +198,14 @@ in {
allowlistPass,
...
}: ''
# Get the mail addresses' local-part
# TODO: These features have been removed from stalwart-cli and needs to be replaced by undocumented API calls.
# see https://github.com/stalwartlabs/mail-server/discussions/803
# ${pkgs.stalwart-mail}/bin/stalwart-cli --url http://localhost:80 -c $(cat /run/secrets/stalwartAdmin) account list | grep '@${domain}' | sed 's/| //' | sed 's/ |//' >> /tmp/addresses
# ${pkgs.stalwart-mail}/bin/stalwart-cli --url http://localhost:80 -c $(cat /run/secrets/stalwartAdmin) list list | grep '@${domain}' | sed 's/| //' | sed 's/ |//' >> /tmp/addresses
# ${pkgs.stalwart-mail}/bin/stalwart-cli --url http://localhost:80 -c $(cat /run/secrets/stalwartAdmin) group list | grep '@${domain}' | sed 's/| //' | sed 's/ |//' >> /tmp/addresses
${pkgs.gnugrep}/bin/grep -o -e "[A-Za-z0-9.!#\$%&'*+-/=?^_{|}~]*@${domain}" /tmp/virt_aliases >> /tmp/addresses # This doesn't catch all RFC conform local parts. Improve if you need.
# Post local-parts to HRZ
${pkgs.curl}/bin/curl https://www-cgi.hrz.tu-darmstadt.de/mail/whitelist-update.php -F emaildomain=${domain} -F password=$(cat ${allowlistPass}) -F emailliste=@/tmp/addresses -F meldungen=voll
# Cleanup
rm /tmp/addresses
echo "process ${domain}"
# Get the mail addresses' local-part
${pkgs.curl}/bin/curl -s --header "authorization: Basic $(</run/secrets/stalwartAdmin)" http://localhost/api/principal | ${pkgs.gnugrep}/bin/grep -o -e "[A-Za-z0-9.!#\$%&'*+-/=?^_{|}~]*@${domain}" | tee /tmp/addresses
${pkgs.gnugrep}/bin/grep -o -e "[A-Za-z0-9.!#\$%&'*+-/=?^_{|}~]*@${domain}" /tmp/virt_aliases >> /tmp/addresses # This doesn't catch all RFC conform local parts. Improve if you need.
# Post local-parts to HRZ
${pkgs.curl}/bin/curl -s https://www-cgi.hrz.tu-darmstadt.de/mail/whitelist-update.php -F emaildomain=${domain} -F password=$(cat ${allowlistPass}) -F emailliste=@/tmp/addresses -F meldungen=voll
# Cleanup
rm /tmp/addresses
'';
in
lib.strings.concatStringsSep "" (map scriptTemplate cfg.domains);