Hello, I am trying converting from debian to nixos.
I use gmail to send system notification. I usually set it up like this:
I set this options at /etc/postfix/main.cf
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
relayhost = [smtp.gmail.com]:587
Create a password file like this
# cat /etc/postfix/sasl_passwd
[smtp.gmail.com]:587 here_is_your_mail@gmail.com:pasw0rd_from_google_app_unique_passwords
# postmap /etc/postfix/sasl_passwd
And add some aliases in /etc/aliases
as far I have this
services.postfix = {
enable = true;
submissionOptions.smtp_sasl_auth_enable = "yes";
relayHost = "smtp.gmail.com";
relayPort = 587;
};
How do I setup those configurations and how I use sops-nix to store the credentials? I already have a working sops storing rsa keys.
Thanks
I’d bet
submissionOptions.smtp_sasl_password_maps = "hash:${config.sops.secrets.sasl_passwd.path}";
Sops docs also say you should make sure it start after sops, and configure user
{config, ...}: {
systemd.services.postfix.after = [ "sops-nix.service" ];
sops.secrets.sasl_passwd = {
owner = config.services.postfix.user;
key = "sasl_passwd";
}
References:
services.postfix
services.postfix (implementation)
sops-nix docs
Thanks I will try that!
Mostly I was wondering how the password file is hashed on configuration.
How to run postmap /etc/postfix/sasl_passwd
With
submissionOptions.smtp_sasl_password_maps = "hash:${config.sops.secrets.postfix_sasl_passwd.path}";
I don’t see any entry for the smtp_sasl_password_maps
in the /etc/postfix/main.cf
Here is my current config if it helps:
Also.
I have sops working ok, but I thought that postfix accepts only a hashed password file (sasl_passwd.db
) that is created from the clear text sasl_passwd
file running an extra command (postman
). I can not store the sasl_passwd.db
in binary, in sops secrets.
Sorry If I am missing something. I am not familiar with postfix, I just needed, so my systems can send notification to my email.
Thanks for your time!