nxcaldav

2026-04-24 19:58:21 +02:00
parent 5cc13c9b9a
commit 9ccabedbb2
12 changed files with 376 additions and 32 deletions
--- a/system-modules/nx2site/smtp.nix
+++ b/system-modules/nx2site/smtp.nix
@@ -0,0 +1,60 @@
+{ pkgs, ... }@all: with all; {
+  # Postfix: The SMTP server (MTA)
+  # Handles sending, receiving, and local delivery routing.
+  services.postfix = {
+    enable = true;
+    enableSubmission = true;
+    enableSubmissions = true;
+    
+    # main.cf configuration
+    settings.main = {
+      hostname = "mail.${hyper.domain}";
+      domain = hyper.domain;
+
+      # Allow local services (like CalDAV) to send mail without authentication
+      networks = [ "127.0.0.0/8" "[::1]/128" ];
+      # TLS settings - using ACME certs from proxy.nix
+      smtpd_tls_security_level = "may";
+      smtpd_tls_auth_only = "yes";
+      smtpd_tls_cert_file = "/var/lib/acme/${hyper.domain}/fullchain.pem";
+      smtpd_tls_key_file = "/var/lib/acme/${hyper.domain}/key.pem";
+      
+      # Use Dovecot for authentication (SASL)
+      smtpd_sasl_type = "dovecot";
+      smtpd_sasl_path = "/var/spool/postfix/auth";
+      smtpd_sasl_auth_enable = "yes";
+      smtpd_sasl_security_options = "noanonymous";
+      
+      # Use Dovecot for delivery (LMTP)
+      virtual_transport = "lmtp:unix:/var/spool/postfix/dovecot-lmtp";
+      virtual_mailbox_domains = [ hyper.domain ];
+      mailbox_transport = "lmtp:unix:/var/spool/postfix/dovecot-lmtp";
+      
+      
+      # Basic relay restrictions
+      smtpd_recipient_restrictions = [
+        "permit_mynetworks"
+        "permit_sasl_authenticated"
+        "reject_unauth_destination"
+      ];
+
+      # master.cf configuration: Enable submission (port 587) for mail clients
+      # submission-options = {
+      #   type = "inet";
+      #   private = false;
+      #   command = "smtpd";
+      #   args = [
+      #     "-o smtpd_tls_security_level=encrypt"
+      #     "-o smtpd_sasl_auth_enable=yes"
+      #     "-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject"
+      #     "-o milter_macro_daemon_name=ORIGINATING"
+      #   ];
+      # };
+    };
+  };
+  # create socket ala wiki
+  users.users."postfix" = {
+    createHome = true;
+    home = "/var/spool/postfix";
+  };
+}