public
/
mail-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add LDAP network, disable nscd

This commit is contained in:
niten 2023-10-02 12:17:42 -07:00
parent 1dad0af755
commit 675e92dd22
2 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
dovecot.nix
View File

@ -260,14 +260,14 @@ in {
socketPath = "/var/run/dovecot2/old-stats";
};
nscd.enable = false;
sssd = {
enable = true;
# FIXME: pass as config
environmentFile = "/run/dovecot-secrets/sssd.env";
config = ''
[nss]
filter_users = root
filter_groups = root
reconnection_retries = 3
[sssd]
@ -283,8 +283,6 @@ in {
cache_credentials = False
id_provider = ldap
auth_provider = ldap
access_provider = ldap
chpass_provider = ldap
ldap_uri = $SSSD_LDAP_SERVER
ldap_schema = rfc2307bis

11
mail-server.nix
View File

@ -256,6 +256,7 @@ in {
external_network.internal = false;
internal_network.internal = true;
redis_network.internal = true;
ldap_network.internal = true;
};
services = let
antivirusPort = 15407;
@ -271,8 +272,10 @@ in {
service = {
networks = [
"internal_network"
# Needs access to internet to forward emails
# Needs access to internet to forward emails & lookup hosts
"external_network"
# For auth lookups
"ldap_network"
];
volumes = [
"${hostSecrets.dovecotLdapConfig.target-file}:/run/dovecot2/conf.d/ldap.conf:ro"
@ -332,7 +335,7 @@ in {
};
imap = {
service = {
networks = [ "internal_network" "external_network" ];
networks = [ "internal_network" "ldap_network" ];
ports = [ "143:143" "993:993" ];
volumes = [
"${cfg.state-directory}/dovecot:/state"
@ -380,8 +383,8 @@ in {
image = cfg.images.ldap-proxy;
restart = "always";
networks = [
"internal_network"
# Needs access to external network for user lookups
"ldap_network"
# Needs access to external network to talk to Authentik
"external_network"
];
env_file = [ hostSecrets.mailLdapProxyEnv.target-file ];