dmz/mail: implement MTA->MDA nspawn bridge

1 files changed, 32 insertions, 1 deletions

diff --git a/env/users/mailbox.nix b/env/users/mailbox.nix
index 06e67ef..16b218a 100644
--- a/env/users/mailbox.nix
+++ b/env/users/mailbox.nix
@@ -3,7 +3,21 @@ with lib; let
   cfg = config.local;
 in
 {
-  options.local.mailHost.enable = mkEnableOption "mailbox host service";
+  options.local.mailHost = with types; {
+    enable = mkEnableOption "mailbox host service";
+
+    mdaListen = mkOption {
+      type = str;
+    };
+
+    saslPort = mkOption {
+      type = port;
+    };
+
+    lmtpPort = mkOption {
+      type = port;
+    };
+  };
 
   config =
     let
@@ -48,6 +62,23 @@ in
               vmailPath = "/var/lib/vmail/%{if;%d;ne;;%Ld;${domain}}";
             in
             ''
+              # TODO: los defaults de nixpkgs dejan los sockets bajo
+              # /run/dovecot2 con demasiados permisos rwx, arreglar
+
+              service auth {
+                inet_listener mta-sasl {
+                  port = ${toString cfg.mailHost.saslPort}
+                  address = ${cfg.mailHost.mdaListen}
+                }
+              }
+
+              service lmtp {
+                inet_listener mta-lmtp {
+                  port = ${toString cfg.mailHost.lmtpPort}
+                  address = ${cfg.mailHost.mdaListen}
+                }
+              }
+
               # Esto enfuerza user@domain.tld
               auth_username_format = %{if;%Ld;eq;${domain};%Ln;%{if;%d;ne;;%Lu;%Ln@invalid}}