diff --git a/nixos/machines/kaalut/stalwartAdmin.yaml b/nixos/machines/kaalut/stalwartAdmin.yaml index 9fb24d8..446791a 100644 --- a/nixos/machines/kaalut/stalwartAdmin.yaml +++ b/nixos/machines/kaalut/stalwartAdmin.yaml @@ -1,4 +1,4 @@ -stalwartAdmin: ENC[AES256_GCM,data:4vpvxtFa2KiF3ojl+cw3ic/MI7UM9JQCQn76bidYvbW31zgF,iv:DtLAi68oQRf3U69uFK0Cz4qHMkxM6NnB3lVYft/DtqQ=,tag:HYm2mdpTuXNHdQIv2Rkwig==,type:str] +stalwartAdmin: ENC[AES256_GCM,data:/rZc/woATc0PzUPL6tFqOi7j61Q=,iv:oYOMSUcO+83KgQhmGnd1cHIzd3Pdhc2ldpRLOYgCS4s=,tag:C7uyFSR/pTzsbjgKW3IMLQ==,type:str] sops: kms: [] gcp_kms: [] @@ -41,8 +41,8 @@ sops: UjFHWHNZci8zRlFXNVpNNk5oSUNvaTQKW9T88GflSysJwqMnBrc/jZVwL/fRdg2a 5XysXb/dCo4uNxLQit/KNSpINj7rAkf4Pk819DO6SKiIiuIJDXw9cA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-23T11:43:23Z" - mac: ENC[AES256_GCM,data:GZ1Q67n43WU3fDQd6SGsD2EZgoaq1mzh5biy42cx6FQWlveK5lhb0F2HUuWWv5zSHKpslEPD6odvkQmMNCRY8NsvT3+KBAnHHU0aHzM9AEV27cDL4x6oBvO52EMxsNCMm+fXPD1CubQxfbfvx/aIuqb1sovgKGgwf4u6yqIrHJ0=,iv:ExX+ySMXhF/c1w2IP7y8mdlcy8W9Zxiy6X67b2f4AeY=,tag:shxQJdaW3HsG6sNY+zDNCA==,type:str] + lastmodified: "2024-11-23T09:05:51Z" + mac: ENC[AES256_GCM,data:UcotPbsy/bwcLGjLc2wstTWwFEr1jyYD+xipAF2SuZ6aE5QYz3Kz/26O9Wicjgg+H5E4INjC+MA98Io6U3MzWukBQbiSCaLfrRRRISe5qeTGDGc9dKMk5Xkb9Y32WIzCGRc+LYENlNwx8K1LWWXsj+rPcD6Tt9ER07TMv3y5oRg=,iv:3lG/49SHuPhgd0v0SFN1bh1nPjkqeWL78GToXeJYWoY=,tag:ymWcYBgIpGDGypO4MfgDLA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.1 diff --git a/nixos/modules/mail.nix b/nixos/modules/mail.nix index 556fcf5..7a9294d 100644 --- a/nixos/modules/mail.nix +++ b/nixos/modules/mail.nix @@ -183,7 +183,7 @@ in { timers."mailAllowlist" = { wantedBy = ["timers.target"]; timerConfig = { - OnBootSec = "1h"; # Run every hour + OnBootSec = "1h"; # Run every 5 minutes OnUnitActiveSec = "1h"; RandomizedDelaySec = "10m"; # prevent overload on regular intervals Unit = "mailAllowlist.service"; @@ -198,14 +198,17 @@ in { allowlistPass, ... }: '' - echo "process ${domain}" - # Get the mail addresses' local-part - ${pkgs.curl}/bin/curl -s --header "authorization: Basic $(> /tmp/addresses # This doesn't catch all RFC conform local parts. Improve if you need. - # Post local-parts to HRZ - ${pkgs.curl}/bin/curl -s https://www-cgi.hrz.tu-darmstadt.de/mail/whitelist-update.php -F emaildomain=${domain} -F password=$(cat ${allowlistPass}) -F emailliste=@/tmp/addresses -F meldungen=voll - # Cleanup - rm /tmp/addresses + # Get the mail addresses' local-part + # TODO: These features have been removed from stalwart-cli and needs to be replaced by undocumented API calls. + # see https://github.com/stalwartlabs/mail-server/discussions/803 + # ${pkgs.stalwart-mail}/bin/stalwart-cli --url http://localhost:80 -c $(cat /run/secrets/stalwartAdmin) account list | grep '@${domain}' | sed 's/| //' | sed 's/ |//' >> /tmp/addresses + # ${pkgs.stalwart-mail}/bin/stalwart-cli --url http://localhost:80 -c $(cat /run/secrets/stalwartAdmin) list list | grep '@${domain}' | sed 's/| //' | sed 's/ |//' >> /tmp/addresses + # ${pkgs.stalwart-mail}/bin/stalwart-cli --url http://localhost:80 -c $(cat /run/secrets/stalwartAdmin) group list | grep '@${domain}' | sed 's/| //' | sed 's/ |//' >> /tmp/addresses + ${pkgs.gnugrep}/bin/grep -o -e "[A-Za-z0-9.!#\$%&'*+-/=?^_{|}~]*@${domain}" /tmp/virt_aliases >> /tmp/addresses # This doesn't catch all RFC conform local parts. Improve if you need. + # Post local-parts to HRZ + ${pkgs.curl}/bin/curl https://www-cgi.hrz.tu-darmstadt.de/mail/whitelist-update.php -F emaildomain=${domain} -F password=$(cat ${allowlistPass}) -F emailliste=@/tmp/addresses -F meldungen=voll + # Cleanup + rm /tmp/addresses ''; in lib.strings.concatStringsSep "" (map scriptTemplate cfg.domains);