From fa34a1c0495cafffa38837e32efb3b7e4693d590 Mon Sep 17 00:00:00 2001
From: Alejandro Soto <alejandro@34project.org>
Date: Wed, 11 Jan 2023 19:36:21 -0600
Subject: dmz/mail: implement MTA->MDA nspawn bridge

---
 env/users/mailbox.nix | 33 ++++++++++++++++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)

(limited to 'env/users/mailbox.nix')

diff --git a/env/users/mailbox.nix b/env/users/mailbox.nix
index 06e67ef..16b218a 100644
--- a/env/users/mailbox.nix
+++ b/env/users/mailbox.nix
@@ -3,7 +3,21 @@ with lib; let
   cfg = config.local;
 in
 {
-  options.local.mailHost.enable = mkEnableOption "mailbox host service";
+  options.local.mailHost = with types; {
+    enable = mkEnableOption "mailbox host service";
+
+    mdaListen = mkOption {
+      type = str;
+    };
+
+    saslPort = mkOption {
+      type = port;
+    };
+
+    lmtpPort = mkOption {
+      type = port;
+    };
+  };
 
   config =
     let
@@ -48,6 +62,23 @@ in
               vmailPath = "/var/lib/vmail/%{if;%d;ne;;%Ld;${domain}}";
             in
             ''
+              # TODO: los defaults de nixpkgs dejan los sockets bajo
+              # /run/dovecot2 con demasiados permisos rwx, arreglar
+
+              service auth {
+                inet_listener mta-sasl {
+                  port = ${toString cfg.mailHost.saslPort}
+                  address = ${cfg.mailHost.mdaListen}
+                }
+              }
+
+              service lmtp {
+                inet_listener mta-lmtp {
+                  port = ${toString cfg.mailHost.lmtpPort}
+                  address = ${cfg.mailHost.mdaListen}
+                }
+              }
+
               # Esto enfuerza user@domain.tld
               auth_username_format = %{if;%Ld;eq;${domain};%Ln;%{if;%d;ne;;%Lu;%Ln@invalid}}
 
-- 
cgit v1.2.3