Squash changes containing private information

[perso/Immae/Config/Nix.git] / modules / private / mail / milters.nix
diff --git a/modules/private/mail/milters.nix b/modules/private/mail/milters.nix

deleted file mode 100644 (file)

index 4b93a7a..0000000
--- a/modules/private/mail/milters.nix
+++ /dev/null
@@ -1,88 +0,0 @@
-{ lib, pkgs, config, name, ... }:
-{
-  imports =
-       builtins.attrValues (import ../../../lib/flake-compat.nix ../../../flakes/private/openarc).nixosModules
-    ++ builtins.attrValues (import ../../../lib/flake-compat.nix ../../../flakes/private/opendmarc).nixosModules;
-
-  options.myServices.mail.milters.sockets = lib.mkOption {
-    type = lib.types.attrsOf lib.types.path;
-    default = {
-      opendkim = "/run/opendkim/opendkim.sock";
-      opendmarc = config.services.opendmarc.socket;
-      openarc = config.services.openarc.socket;
-    };
-    readOnly = true;
-    description = ''
-      milters sockets
-      '';
-  };
-  config = lib.mkIf (config.myServices.mail.enable || config.myServices.mailBackup.enable) {
-    secrets.keys = {
-      "opendkim" = {
-        isDir = true;
-        user = config.services.opendkim.user;
-        group = config.services.opendkim.group;
-        permissions = "0550";
-      };
-      "opendkim/eldiron.private" = {
-        user = config.services.opendkim.user;
-        group = config.services.opendkim.group;
-        permissions = "0400";
-        text = config.myEnv.mail.dkim.eldiron.private;
-      };
-      "opendkim/eldiron.txt" = {
-        user = config.services.opendkim.user;
-        group = config.services.opendkim.group;
-        permissions = "0444";
-        text = ''
-          eldiron._domainkey   IN      TXT     ${config.myEnv.mail.dkim.eldiron.public}'';
-      };
-    };
-    users.users."${config.services.opendkim.user}".extraGroups = [ "keys" ];
-    services.opendkim = {
-      enable = true;
-      socket = "local:${config.myServices.mail.milters.sockets.opendkim}";
-      domains = builtins.concatStringsSep "," (lib.flatten (map
-        (zone: map
-          (e: "${e.domain}${lib.optionalString (e.domain != "") "."}${zone.name}")
-          (zone.withEmail or [])
-        )
-        config.myEnv.dns.masterZones
-      ));
-      keyPath = config.secrets.fullPaths."opendkim";
-      selector = "eldiron";
-      configFile = pkgs.writeText "opendkim.conf" ''
-        SubDomains        yes
-        UMask             002
-        AlwaysAddARHeader yes
-        '';
-      group = config.services.postfix.group;
-    };
-    systemd.services.opendkim.serviceConfig.Slice = "mail.slice";
-    systemd.services.opendkim.preStart = lib.mkBefore ''
-      # Skip the prestart script as keys are handled in secrets
-      exit 0
-      '';
-    services.filesWatcher.opendkim = {
-      restart = true;
-      paths = [
-        config.secrets.fullPaths."opendkim/eldiron.private"
-      ];
-    };
-
-    systemd.services.milter_verify_from = {
-      description  = "Verify from milter";
-      after = [ "network.target" ];
-      wantedBy = [ "multi-user.target" ];
-
-      serviceConfig = {
-        Slice = "mail.slice";
-        User = "postfix";
-        Group = "postfix";
-        ExecStart = let python = pkgs.python3.withPackages (p: [ p.pymilter ]);
-          in "${python}/bin/python ${./verify_from.py} -s /run/milter_verify_from/verify_from.sock";
-        RuntimeDirectory = "milter_verify_from";
-      };
-    };
-  };
-}