nix-git/modules/sendmail-mta.nix

101 lines
4.4 KiB
Nix
Raw Normal View History

{ config, pkgs, ... }:
{
# Many programs use the `sendmail` command to send email.
# Nullmailer and OpenSMTP create a symlink from `sendmail` to their binary - they are (to a certain degree) sendmail compatible.
# In the following, we configure and use OpenSMTPD. Nullmailer is an alternative.
# Nullmailer: Send SMTP mail. Has a queue for storage of messages when offline.
# https://wiki.archlinux.org/title/Nullmailer
# OpenSMTPD
# - Manages a local persistent queue of messages that aren't allowed to be lost
# - Schedules delivery with some retry logic in case of temporary failures
# https://www.opensmtpd.org/presentations/eurobsdcon2017-smtpd/eurobsdcon2017-opensmtpd.pdf
# Verbose logging and deamon status
# sudo smtpctl log verbose
# systemctl status opensmtpd
# sudo smtpctl show status
2023-09-18 15:33:52 +02:00
# Send an email.
# TODO: One has set the sender explicitely to `-f langbein@mail.de`.
# echo "Subject: hello" | sendmail -f langbein@mail.de daniel@systemli.org
# Queue handling
# sudo smtpctl show queue
# sudo smtpctl schedule all
# sudo smtpctl remove all
# Monitoring
# sudo smtpctl monitor
# /secrets/smtpd is created by Colmena.
# It contains one line `upstream langbein@mail.de:the-actual-password`.
2023-09-20 11:38:28 +02:00
deployment.keys.smtpd = {
# When non-null, contents of the specified file will be deployed to the specified key on the target machine.
# https://github.com/NixOS/nixops/blob/fc9b55c55da62f949028143b974f67fdc7f40c8b/nix/keys.nix#L58
keyFile = ../secrets/smtpd;
destDir = "/secrets"; # Default: /run/keys
# smtpd user. https://github.com/NixOS/nixpkgs/blob/360a7d31c30abefdc490d203f80e3221b7a24af2/nixos/modules/services/mail/opensmtpd.nix#L93C7-L93C12
user = "smtpd"; # Default: root
#group = "smtpd"; # Default: root
permissions = "0400"; # Default: 0600
uploadAt = "pre-activation"; # Default: pre-activation, Alternative: post-activation
};
# Create file /etc/aliases.
# https://nixos.wiki/wiki/Msmtp#Aliases
environment.etc.aliases = {
text = ''
# Forward email from root to daniel@systemli.org
root: daniel@systemli.org
'';
mode = "0644";
};
services.opensmtpd = {
enable = true;
setSendmail = true;
# Config documentation
# https://man.archlinux.org/man/smtpd.conf.5
# Parts of the configuration were taken from exymple 1:
# This first example is similar to the default configuration (allows for mail from users and daemons on the local machine, as well as permitting email to remote servers), but all outgoing mail is forwarded to a remote SMTP server.
# https://man.archlinux.org/man/smtpd.conf.5#EXAMPLES
# Another config example
# https://xw.is/wiki/OpenSMTPD_forward_to_Google#How
serverConfiguration = ''
# System alias table.
# Provides a convenient way to send mail.
table aliases file:/etc/aliases
table secrets file:/secrets/smtpd
# Only accept local mail
# -> In the example, they use lo0
# -> In the default config of Arch Linux, they use localhost
# -> NixOS example config uses lo. https://search.nixos.org/options?channel=23.05&show=services.opensmtpd.serverConfiguration&from=0&size=50&sort=relevance&type=packages
# -> In the NUR, they use lo. https://github.com/nix-community/nur-combined/blob/2bfaab7c1ff891f540618370c2d184d0f000adb0/repos/priegger/modules/services/opensmtpd-relay/default.nix#L16C1-L16C17
# -> `ip addr` returns `lo` on NixOS.
listen on lo
#listen on lo0
#listen on localhost
# Send local mail.
#
# mbox: Deliver the message to the user's mbox with mail.local(8).
# With mail.local: Reads the standard input up to an end-of-file and appends it to each user's mail file.
# With mail files being stored in: /var/mail/user
# maildir: Deliver the message to the maildir in pathname if specified, or by default to ~/Maildir.
action "local_mail" mbox alias <aliases>
#action "local_mail" maildir alias <aliases>
# Send remote mail.
#action "outbound" relay host smtp+tls://upstream@smtp.mail.de auth <secrets> mail-from langbein@mail.de
action "outbound" relay host smtps://upstream@smtp.mail.de auth <secrets> mail-from langbein@mail.de
match from local for local action "local_mail"
match from local for any action "outbound"
'';
};
}