From 69c69dfb4613e6c4caa893cfe3fd714fc3e4470d Mon Sep 17 00:00:00 2001 From: Alexander Tomokhov Date: Fri, 27 Dec 2024 07:46:36 +0400 Subject: [PATCH] chore dovecot&postfix: rename nix files, disable debug --- .../{ldap-dovecot.nix => auth-dovecot.nix} | 23 ++++++++----------- .../{ldap-postfix.nix => auth-postfix.nix} | 11 +++------ sp-modules/simple-nixos-mailserver/flake.nix | 4 ++-- 3 files changed, 15 insertions(+), 23 deletions(-) rename sp-modules/simple-nixos-mailserver/{ldap-dovecot.nix => auth-dovecot.nix} (90%) rename sp-modules/simple-nixos-mailserver/{ldap-postfix.nix => auth-postfix.nix} (90%) diff --git a/sp-modules/simple-nixos-mailserver/ldap-dovecot.nix b/sp-modules/simple-nixos-mailserver/auth-dovecot.nix similarity index 90% rename from sp-modules/simple-nixos-mailserver/ldap-dovecot.nix rename to sp-modules/simple-nixos-mailserver/auth-dovecot.nix index 4a22442..55f3197 100644 --- a/sp-modules/simple-nixos-mailserver/ldap-dovecot.nix +++ b/sp-modules/simple-nixos-mailserver/auth-dovecot.nix @@ -21,8 +21,8 @@ let ${lib.optionalString config.mailserver.ldap.startTls '' tls = yes ''} - # tls_require_cert = hard - # tls_ca_cert_file = ${config.mailserver.ldap.tlsCAFile} + tls_require_cert = hard + tls_ca_cert_file = ${config.mailserver.ldap.tlsCAFile} dn = ${config.mailserver.ldap.bind.dn} sasl_bind = no auth_bind = no @@ -108,24 +108,21 @@ lib.mkIf config.selfprivacy.modules.auth.enable { default_fields = home=/var/vmail/${domain}/%u uid=${toString config.mailserver.vmailUID} gid=${toString config.mailserver.vmailUID} } - #auth_username_format = %Ln - - # FIXME - auth_debug = yes - auth_debug_passwords = yes # Be cautious with this in production as it logs passwords - auth_verbose = yes - mail_debug = yes + # with debugging OAuth2 token gets printed in logs + # auth_debug = yes + # auth_debug_passwords = yes + # auth_verbose = yes + # mail_debug = yes ''; services.dovecot2.enablePAM = false; systemd.services.dovecot2 = { # TODO does it merge with existing preStart? preStart = setPwdInLdapConfFile + "\n"; - # FIXME pass dependant services to auth module option instead - wants = [ "kanidm.service" ]; - after = [ "kanidm.service" ]; + # FIXME pass dependant services to auth module option instead? + wants = [ auth-passthru.oauth2-systemd-service ]; + after = [ auth-passthru.oauth2-systemd-service ]; }; # does it merge with existing restartTriggers? systemd.services.postfix.restartTriggers = [ setPwdInLdapConfFile ]; - } diff --git a/sp-modules/simple-nixos-mailserver/ldap-postfix.nix b/sp-modules/simple-nixos-mailserver/auth-postfix.nix similarity index 90% rename from sp-modules/simple-nixos-mailserver/ldap-postfix.nix rename to sp-modules/simple-nixos-mailserver/auth-postfix.nix index 217f9bf..6404380 100644 --- a/sp-modules/simple-nixos-mailserver/ldap-postfix.nix +++ b/sp-modules/simple-nixos-mailserver/auth-postfix.nix @@ -14,8 +14,8 @@ let server_host = ${lib.concatStringsSep " " cfg.ldap.uris} start_tls = ${if cfg.ldap.startTls then "yes" else "no"} version = 3 - # tls_ca_cert_file = ${cfg.ldap.tlsCAFile} - # tls_require_cert = yes + tls_ca_cert_file = ${cfg.ldap.tlsCAFile} + tls_require_cert = yes search_base = ${cfg.ldap.searchBase} scope = ${cfg.ldap.searchScope} @@ -63,17 +63,12 @@ lib.mkIf config.selfprivacy.modules.auth.enable { restartTriggers = [ appendPwdInVirtualMailboxMap appendPwdInSenderLoginMap ]; wants = [ auth-passthru.oauth2-systemd-service ]; - after = [ "kanidm.service" ]; + after = [ auth-passthru.oauth2-systemd-service ]; }; services.postfix = { # the list should be merged with other options from nixos-mailserver config.virtual_mailbox_maps = [ "ldap:${ldapVirtualMailboxMapFile}" ]; inherit submissionOptions; submissionsOptions = submissionOptions; - # extraConfig = '' - # debug_peer_list = - # debug_peer_level = 3 - # smtp_tls_security_level = encrypt - # ''; }; } diff --git a/sp-modules/simple-nixos-mailserver/flake.nix b/sp-modules/simple-nixos-mailserver/flake.nix index ebc9a0e..333e097 100644 --- a/sp-modules/simple-nixos-mailserver/flake.nix +++ b/sp-modules/simple-nixos-mailserver/flake.nix @@ -10,8 +10,8 @@ mailserver.nixosModules.default ./options.nix ./config.nix - ./ldap-postfix.nix - ./ldap-dovecot.nix + ./auth-postfix.nix + ./auth-dovecot.nix ]; }; configPathsNeeded =