1 files changed, 43 insertions, 0 deletions

diff --git a/modules/workstation/mail/postfix/default.nix b/modules/workstation/mail/postfix/default.nix
new file mode 100644
index 000000000000..db16bced3a5e
--- /dev/null
+++ b/modules/workstation/mail/postfix/default.nix
@@ -0,0 +1,43 @@
+{ pkgs, lib, config, ... }:
+
+{
+  services.postfix.enable = true;
+
+  services.postfix.hostname = with lib; with config.networking;
+    concatStringsSep "." (filter (x: x != null) [ hostName domain ]);
+
+  services.postfix.relayHost = "smtp.fastmail.com";
+  services.postfix.relayPort = 465;
+
+  services.postfix.recipientDelimiter = "+";
+  services.postfix.config.home_mailbox = "mail/INBOX/";
+  services.postfix.canonical = ''
+    qyliss hi@alyssa.is
+  '';
+  services.postfix.virtual = ''
+    hi@alyssa.is qyliss
+  '';
+
+  # NixOS links /var/lib/postfix/conf to /etc/postfix, but
+  # postfix.service deletes /var/lib/postfix in an ExecStartPre, so we
+  # can't keep files there without adding them to the store.
+  #
+  # Work around this with a layer of symlink indirection.
+  services.postfix.mapFiles.sasl_passwd = pkgs.runCommand "sasl_passwd" {} ''
+    ln -s /var/lib/postfix/sasl_passwd $out
+  '';
+  services.postfix.config.smtp_sasl_password_maps = "hash:/etc/postfix/sasl_passwd";
+
+  services.postfix.config.sender_dependent_relayhost_maps = "hash:/etc/postfix/sender_dependent_relayhost";
+  services.postfix.mapFiles.sender_dependent_relayhost = pkgs.writeText "sender_dependent_relayhost" ''
+    @unikie.com [smtp.gmail.com]:465
+  '';
+
+  services.postfix.config.smtp_sasl_auth_enable = true;
+  services.postfix.config.smtp_sasl_tls_security_options = "noanonymous";
+  services.postfix.config.smtp_tls_security_level = "encrypt";
+  services.postfix.config.smtp_tls_wrappermode = true;
+
+  systemd.services.postfix-setup.unitConfig.ConditionPathExists = "/var/lib/postfix/sasl_passwd";
+  systemd.services.postfix.unitConfig.ConditionPathExists = "/var/lib/postfix/sasl_passwd";
+}