{ lib, pkgs, config, myconfig, ... }:
{
- config.users.users.nullmailer.uid = config.ids.uids.nullmailer;
- config.users.groups.nullmailer.gid = config.ids.gids.nullmailer;
-
- config.services.nullmailer = {
- enable = true;
- config = {
- me = myconfig.env.mail.host;
- remotes = "${myconfig.env.mail.relay} smtp";
+ options.myServices.mail.milters.sockets = lib.mkOption {
+ type = lib.types.attrsOf lib.types.path;
+ default = {
+ opendkim = "/run/opendkim/opendkim.sock";
+ opendmarc = "/run/opendmarc/opendmarc.sock";
+ openarc = "/run/openarc/openarc.sock";
};
+ readOnly = true;
+ description = ''
+ milters sockets
+ '';
};
-
config.secrets.keys = [
{
dest = "opendkim/eldiron.private";
config.users.users."${config.services.opendkim.user}".extraGroups = [ "keys" ];
config.services.opendkim = {
enable = true;
+ socket = "local:${config.myServices.mail.milters.sockets.opendkim}";
domains = builtins.concatStringsSep "," (lib.flatten (map
(zone: map
(e: "${e.domain}${lib.optionalString (e.domain != "") "."}${zone.name}")
SubDomains yes
UMask 002
'';
+ group = config.services.postfix.group;
};
config.systemd.services.opendkim.preStart = lib.mkBefore ''
# Skip the prestart script as keys are handled in secrets
config.users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
config.services.opendmarc = {
enable = true;
+ socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
configFile = pkgs.writeText "opendmarc.conf" ''
AuthservID HOSTNAME
FailureReports false
TrustedAuthservIDs HOSTNAME, immae.eu, nef2.ens.fr
UMask 002
'';
+ group = config.services.postfix.group;
};
config.services.filesWatcher.opendmarc = {
restart = true;
config.services.openarc = {
enable = true;
user = "opendkim";
- group = "opendkim";
+ socket = "local:${config.myServices.mail.milters.sockets.openarc}";
+ group = config.services.postfix.group;
configFile = pkgs.writeText "openarc.conf" ''
AuthservID mail.immae.eu
Domain mail.immae.eu
projects / perso / Immae / Config / Nix.git / blobdiff