Add pushing to hrz allowlist

nixos/modules/mailman.nix

@@ -63,5 +63,38 @@ in {
     security.acme.acceptTerms = true;
 
     networking.firewall.allowedTCPPorts = [25 80 443];
+
+    # Update HRZ allowlist
+    #
+    systemd.timers."mailAllowlist" = {
+      wantedBy = ["timers.target"];
+      timerConfig = {
+        OnBootSec = "5m"; # Run every 5 minutes
+        OnUnitActiveSec = "5m";
+        RandomizedDelaySec = "1m"; # Randomized delay
+        Unit = "mailAllowlist.service";
+      };
+    };
+    systemd.services."mailAllowlist" = {
+      description = "Post the mail addresses used by mailman to the HRZ allow list";
+      script = ''
+        # Parse addresses
+        awk '{print $1}' /var/lib/mailman/data/postfix_lmtp | grep -v '#' | grep "\S" > addresses
+        # Post addresses to HRZ
+        curl https://www-cgi.hrz.tu-darmstadt.de/mail/whitelist-update.php -F emaildomain=lists.mathebau.de -F password=$(cat /run/secrets/allowlistPass) -F emailliste=@addresses -F meldungen=voll
+        # Cleanup
+        rm addresses
+      '';
+      serviceConfig = {
+        Type = "oneshot";
+        User = "mailman";
+      };
+    };
+    sops.secrets.allowlistPass = {
+      sopsFile = ../machines/lobon/allowlistPass.yaml;
+      owner = "mailman";
+      group = "mailman";
+      mode = "0400";
+    };
   };
 }