yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request 'add deltachat module' (#448) from maddy into main

Browse Source 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/448
This commit is contained in:
Mic92
2023-11-03 10:39:51 +00:00
parent 331529c1df f71e56b111
commit 96053b679c
6 changed files with 165 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
checks/deltachat/default.nix Normal file
View File

@@ -0,0 +1,24 @@
(import ../lib/container-test.nix) ({ pkgs, ... }: {
name = "secrets";
nodes.machine = { self, ... }: {
imports = [
../../clanModules/deltachat.nix
self.nixosModules.clanCore
{
clanCore.machineName = "machine";
clanCore.clanDir = ./.;
}
];
};
testScript = ''
start_all()
machine.wait_for_unit("maddy")
# imap
machine.succeed("${pkgs.netcat}/bin/nc -z -v ::1 143")
# smtp submission
machine.succeed("${pkgs.netcat}/bin/nc -z -v ::1 587")
# smtp
machine.succeed("${pkgs.netcat}/bin/nc -z -v ::1 25")
'';
})

1
checks/flake-module.nix
View File

@@ -15,6 +15,7 @@
# import our test # import our test
secrets = import ./secrets nixosTestArgs; secrets = import ./secrets nixosTestArgs;
container = import ./container nixosTestArgs; container = import ./container nixosTestArgs;
deltachat = import ./deltachat nixosTestArgs;
}; };
schemaTests = pkgs.callPackages ./schemas.nix { schemaTests = pkgs.callPackages ./schemas.nix {
inherit self; inherit self;

139
clanModules/deltachat.nix Normal file
View File

@@ -0,0 +1,139 @@
{ config, pkgs, ... }: {
environment.systemPackages = [ pkgs.deltachat-desktop ];
services.maddy = {
enable = true;
primaryDomain = "${config.clanCore.machineName}.local";
config = ''
# Minimal configuration with TLS disabled, adapted from upstream example
# configuration here https://github.com/foxcpp/maddy/blob/master/maddy.conf
# Do not use this in unencrypted networks!
auth.pass_table local_authdb {
table sql_table {
driver sqlite3
dsn credentials.db
table_name passwords
}
}
storage.imapsql local_mailboxes {
driver sqlite3
dsn imapsql.db
}
table.chain local_rewrites {
optional_step regexp "(.+)\+(.+)@(.+)" "$1@$3"
optional_step static {
entry postmaster postmaster@$(primary_domain)
}
optional_step file /etc/maddy/aliases
}
msgpipeline local_routing {
destination postmaster $(local_domains) {
modify {
replace_rcpt &local_rewrites
}
deliver_to &local_mailboxes
}
default_destination {
reject 550 5.1.1 "User doesn't exist"
}
}
smtp tcp://[::]:25 {
limits {
all rate 20 1s
all concurrency 10
}
dmarc yes
check {
require_mx_record
dkim
spf
}
source $(local_domains) {
reject 501 5.1.8 "Use Submission for outgoing SMTP"
}
default_source {
destination postmaster $(local_domains) {
deliver_to &local_routing
}
default_destination {
reject 550 5.1.1 "User doesn't exist"
}
}
}
submission tcp://[::1]:587 {
limits {
all rate 50 1s
}
auth &local_authdb
source $(local_domains) {
check {
authorize_sender {
prepare_email &local_rewrites
user_to_email identity
}
}
destination postmaster $(local_domains) {
deliver_to &local_routing
}
default_destination {
modify {
dkim $(primary_domain) $(local_domains) default
}
deliver_to &remote_queue
}
}
default_source {
reject 501 5.1.8 "Non-local sender domain"
}
}
target.remote outbound_delivery {
limits {
destination rate 20 1s
destination concurrency 10
}
mx_auth {
dane
mtasts {
cache fs
fs_dir mtasts_cache/
}
local_policy {
min_tls_level encrypted
min_mx_level none
}
}
}
target.queue remote_queue {
target &outbound_delivery
autogenerated_msg_domain $(primary_domain)
bounce {
destination postmaster $(local_domains) {
deliver_to &local_routing
}
default_destination {
reject 550 5.0.0 "Refusing to send DSNs to non-local addresses"
}
}
}
imap tcp://[::1]:143 {
auth &local_authdb
storage &local_mailboxes
}
'';
ensureAccounts = [
"user@${config.clanCore.machineName}.local"
];
ensureCredentials = {
"user@${config.clanCore.machineName}.local".passwordFile = pkgs.writeText "dummy" "foobar";
};
};
}

3
clanModules/dino.nix
View File

@@ -1,3 +0,0 @@
{ pkgs, ... }: {
environment.systemPackages = [ pkgs.dino ];
}

3
clanModules/flake-module.nix
View File

@@ -8,8 +8,7 @@
]; ];
}) })
(builtins.readDir ./diskLayouts); (builtins.readDir ./diskLayouts);
prosody = ./prosody.nix; deltachat = ./deltachat.nix;
dino = ./dino.nix;
xfce = ./xfce.nix; xfce = ./xfce.nix;
}; };
} }

30
clanModules/prosody.nix
View File

@@ -1,30 +0,0 @@
{ config
, ...
}: {
services.prosody = {
enable = true;
modules.bosh = true;
extraModules = [ "private" "vcard" "privacy" "compression" "component" "muc" "pep" "adhoc" "lastactivity" "admin_adhoc" "blocklist" ];
virtualHosts = {
"${config.clanCore.machineName}.local" = {
domain = "${config.clanCore.machineName}.local";
enabled = true;
};
};
extraConfig = ''
allow_unencrypted_plain_auth = true
'';
c2sRequireEncryption = false;
s2sRequireEncryption = false;
muc = [{
domain = "muc.${config.clanCore.machineName}.local";
maxHistoryMessages = 10000;
name = "${config.clanCore.machineName} Prosody";
}];
uploadHttp = {
domain = "upload.${config.clanCore.machineName}.local";
};
};
# xmpp-server
networking.firewall.allowedTCPPorts = [ 5269 ];
}