mailsystem: Use newly added 'mailnix' package to generate postfix/dovecot files

mailsystem/postfix.nix

@@ -4,42 +4,29 @@
   pkgs,
   ...
 }:
-with (import ./common.nix {inherit config;}); let
+with (import ./common.nix {inherit config pkgs;}); let
   cfg = config.mailsystem;
 
   mappedFile = name: "hash:/var/lib/postfix/conf/${name}";
 
-  attrsToLookupTable = aliases: let
-    lookupTables = lib.mapAttrsToList (from: to: {"${from}" = to;}) aliases;
-  in
-    mergeLookupTables lookupTables;
+  runtimeDir = "/run/postfix";
+  aliases_file = "${runtimeDir}/virtual_aliases";
+  virtual_domains_file = "${runtimeDir}/virtual_domains";
+  denied_recipients_file = "${runtimeDir}/denied_recipients";
 
-  lookupTableToString = attrs: let
-    isDomain = value: !(lib.hasInfix "@" value);
-    valueToString = value:
-      if (isDomain value)
-      then "@${value}"
-      else value;
-    listToString = list: lib.concatStringsSep ", " (map valueToString list);
-  in
-    lib.concatStringsSep "\n" (lib.mapAttrsToList (name: list: "${valueToString name} ${listToString list}") attrs);
+  genPostmapsScript = pkgs.writeScript "generate-postfix-postmaps" ''
+    #!${pkgs.stdenv.shell}
+    set -euo pipefail
 
-  mergeLookupTables = tables: lib.zipAttrsWith (n: v: lib.flatten v) tables;
+    if (! test -d "${runtimeDir}"); then
+      mkdir "${runtimeDir}"
+      chmod 755 "${runtimeDir}"
+    fi
 
-  virtual_accounts = mergeLookupTables (lib.map (name: {"${name}" = name;}) (lib.attrNames cfg.accounts));
-  virtual_aliases = attrsToLookupTable cfg.virtualAliases;
-  all_virtual_aliases = mergeLookupTables [virtual_accounts virtual_aliases];
-
-  # File containing all mappings of aliases/authenticated accounts and their sender mail addresses.
-  aliases_file = let
-    content = lookupTableToString all_virtual_aliases;
-  in
-    builtins.toFile "virtual_aliases" content;
-
-  virtual_domains_file = builtins.toFile "virtual_domains" (lib.concatStringsSep "\n" cfg.domains);
-
-  denied_recipients = map (account: "${account.name} REJECT ${account.rejectMessage}") (lib.filter (account: account.isSystemUser) (lib.attrValues cfg.accounts));
-  denied_recipients_file = builtins.toFile "denied_recipients" (lib.concatStringsSep "\n" denied_recipients);
+    ${pkgs.mailnix}/bin/mailnix "${mailnixCfgFile}" "generate-aliases" > "${aliases_file}"
+    ${pkgs.mailnix}/bin/mailnix "${mailnixCfgFile}" "generate-domains" > "${virtual_domains_file}"
+    ${pkgs.mailnix}/bin/mailnix "${mailnixCfgFile}" "generate-denied-recipients" > "${denied_recipients_file}"
+  '';
 
   submission_header_cleanup_rules = pkgs.writeText "submission_header_cleanup_rules" ''
     # Removes sensitive headers from mails handed in via the submission port.
@@ -83,7 +70,6 @@ in {
 
       mapFiles."virtual_aliases" = aliases_file;
       mapFiles."denied_recipients" = denied_recipients_file;
-      virtual = lookupTableToString all_virtual_aliases;
 
       submissionsOptions = {
         smtpd_tls_security_level = "encrypt";
@@ -110,6 +96,9 @@ in {
         virtual_gid_maps = "static:${toString cfg.vmailUID}";
         virtual_mailbox_base = cfg.mailDirectory;
         virtual_mailbox_domains = virtual_domains_file;
+        virtual_alias_maps = [
+          (mappedFile "virtual_aliases")
+        ];
         virtual_mailbox_maps = [
           (mappedFile "virtual_aliases")
         ];
@@ -193,6 +182,11 @@ in {
       };
     };
 
+    systemd.services.postfix-setup = {
+      preStart = ''
+        ${genPostmapsScript}
+      '';
+    };
     systemd.services.postfix = {
       wants = sslCertService;
       after =