]>
Commit | Line | Data |
---|---|---|
8a964143 | 1 | { lib, pkgs, config, myconfig, ... }: |
af421a8f | 2 | { |
52c3e9e7 IB |
3 | config.users.users.nullmailer.uid = config.ids.uids.nullmailer; |
4 | config.users.groups.nullmailer.gid = config.ids.gids.nullmailer; | |
5 | ||
af421a8f IB |
6 | config.services.nullmailer = { |
7 | enable = true; | |
8 | config = { | |
9 | me = myconfig.env.mail.host; | |
10 | remotes = "${myconfig.env.mail.relay} smtp"; | |
11 | }; | |
12 | }; | |
411af8e3 IB |
13 | |
14 | config.secrets.keys = [ | |
15 | { | |
16 | dest = "opendkim/eldiron.private"; | |
17 | user = config.services.opendkim.user; | |
18 | group = config.services.opendkim.group; | |
19 | permissions = "0400"; | |
20 | text = myconfig.env.mail.dkim.eldiron.private; | |
21 | } | |
22 | { | |
23 | dest = "opendkim/eldiron.txt"; | |
24 | user = config.services.opendkim.user; | |
25 | group = config.services.opendkim.group; | |
26 | permissions = "0444"; | |
27 | text = '' | |
28 | eldiron._domainkey IN TXT ${myconfig.env.mail.dkim.eldiron.public}''; | |
29 | } | |
30 | { | |
31 | dest = "opendmarc/ignore.hosts"; | |
32 | user = config.services.opendmarc.user; | |
33 | group = config.services.opendmarc.group; | |
34 | permissions = "0400"; | |
35 | text = myconfig.env.mail.dmarc.ignore_hosts; | |
36 | } | |
37 | ]; | |
38 | config.users.users."${config.services.opendkim.user}".extraGroups = [ "keys" ]; | |
39 | config.services.opendkim = { | |
40 | enable = true; | |
41 | domains = builtins.concatStringsSep "," (lib.flatten (map | |
42 | (zone: map | |
43 | (e: "${e.domain}${lib.optionalString (e.domain != "") "."}${zone.name}") | |
44 | (zone.withEmail or []) | |
45 | ) | |
46 | myconfig.env.dns.masterZones | |
47 | )); | |
48 | keyPath = "${config.secrets.location}/opendkim"; | |
49 | selector = "eldiron"; | |
50 | configFile = pkgs.writeText "opendkim.conf" '' | |
51 | SubDomains yes | |
52 | UMask 002 | |
53 | ''; | |
54 | }; | |
55 | config.systemd.services.opendkim.preStart = lib.mkBefore '' | |
56 | # Skip the prestart script as keys are handled in secrets | |
57 | exit 0 | |
58 | ''; | |
59 | config.services.filesWatcher.opendkim = { | |
60 | restart = true; | |
61 | paths = [ | |
62 | config.secrets.fullPaths."opendkim/eldiron.private" | |
63 | ]; | |
64 | }; | |
65 | ||
66 | config.users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ]; | |
67 | config.services.opendmarc = { | |
68 | enable = true; | |
69 | configFile = pkgs.writeText "opendmarc.conf" '' | |
70 | AuthservID HOSTNAME | |
71 | FailureReports false | |
72 | FailureReportsBcc postmaster@localhost.immae.eu | |
73 | FailureReportsOnNone true | |
74 | FailureReportsSentBy postmaster@immae.eu | |
75 | IgnoreAuthenticatedClients true | |
76 | IgnoreHosts ${config.secrets.fullPaths."opendmarc/ignore.hosts"} | |
77 | SoftwareHeader true | |
78 | SPFSelfValidate true | |
79 | TrustedAuthservIDs HOSTNAME, immae.eu, nef2.ens.fr | |
80 | UMask 002 | |
81 | ''; | |
82 | }; | |
83 | config.services.filesWatcher.opendmarc = { | |
84 | restart = true; | |
85 | paths = [ | |
86 | config.secrets.fullPaths."opendmarc/ignore.hosts" | |
87 | ]; | |
88 | }; | |
89 | ||
90 | config.services.openarc = { | |
91 | enable = true; | |
92 | user = "opendkim"; | |
93 | group = "opendkim"; | |
94 | configFile = pkgs.writeText "openarc.conf" '' | |
95 | AuthservID mail.immae.eu | |
96 | Domain mail.immae.eu | |
97 | KeyFile ${config.secrets.fullPaths."opendkim/eldiron.private"} | |
98 | Mode sv | |
99 | Selector eldiron | |
100 | SoftwareHeader yes | |
101 | Syslog Yes | |
102 | ''; | |
103 | }; | |
104 | config.systemd.services.openarc.postStart = lib.optionalString | |
105 | (lib.strings.hasPrefix "local:" config.services.openarc.socket) '' | |
106 | while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do | |
107 | sleep 0.5 | |
108 | done | |
109 | chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket} | |
110 | ''; | |
111 | config.services.filesWatcher.openarc = { | |
112 | restart = true; | |
113 | paths = [ | |
114 | config.secrets.fullPaths."opendkim/eldiron.private" | |
115 | ]; | |
116 | }; | |
af421a8f | 117 | } |