diff options
Diffstat (limited to 'modules/private/mail/milters.nix')
-rw-r--r-- | modules/private/mail/milters.nix | 88 |
1 files changed, 0 insertions, 88 deletions
diff --git a/modules/private/mail/milters.nix b/modules/private/mail/milters.nix deleted file mode 100644 index 4b93a7a..0000000 --- a/modules/private/mail/milters.nix +++ /dev/null | |||
@@ -1,88 +0,0 @@ | |||
1 | { lib, pkgs, config, name, ... }: | ||
2 | { | ||
3 | imports = | ||
4 | builtins.attrValues (import ../../../lib/flake-compat.nix ../../../flakes/private/openarc).nixosModules | ||
5 | ++ builtins.attrValues (import ../../../lib/flake-compat.nix ../../../flakes/private/opendmarc).nixosModules; | ||
6 | |||
7 | options.myServices.mail.milters.sockets = lib.mkOption { | ||
8 | type = lib.types.attrsOf lib.types.path; | ||
9 | default = { | ||
10 | opendkim = "/run/opendkim/opendkim.sock"; | ||
11 | opendmarc = config.services.opendmarc.socket; | ||
12 | openarc = config.services.openarc.socket; | ||
13 | }; | ||
14 | readOnly = true; | ||
15 | description = '' | ||
16 | milters sockets | ||
17 | ''; | ||
18 | }; | ||
19 | config = lib.mkIf (config.myServices.mail.enable || config.myServices.mailBackup.enable) { | ||
20 | secrets.keys = { | ||
21 | "opendkim" = { | ||
22 | isDir = true; | ||
23 | user = config.services.opendkim.user; | ||
24 | group = config.services.opendkim.group; | ||
25 | permissions = "0550"; | ||
26 | }; | ||
27 | "opendkim/eldiron.private" = { | ||
28 | user = config.services.opendkim.user; | ||
29 | group = config.services.opendkim.group; | ||
30 | permissions = "0400"; | ||
31 | text = config.myEnv.mail.dkim.eldiron.private; | ||
32 | }; | ||
33 | "opendkim/eldiron.txt" = { | ||
34 | user = config.services.opendkim.user; | ||
35 | group = config.services.opendkim.group; | ||
36 | permissions = "0444"; | ||
37 | text = '' | ||
38 | eldiron._domainkey IN TXT ${config.myEnv.mail.dkim.eldiron.public}''; | ||
39 | }; | ||
40 | }; | ||
41 | users.users."${config.services.opendkim.user}".extraGroups = [ "keys" ]; | ||
42 | services.opendkim = { | ||
43 | enable = true; | ||
44 | socket = "local:${config.myServices.mail.milters.sockets.opendkim}"; | ||
45 | domains = builtins.concatStringsSep "," (lib.flatten (map | ||
46 | (zone: map | ||
47 | (e: "${e.domain}${lib.optionalString (e.domain != "") "."}${zone.name}") | ||
48 | (zone.withEmail or []) | ||
49 | ) | ||
50 | config.myEnv.dns.masterZones | ||
51 | )); | ||
52 | keyPath = config.secrets.fullPaths."opendkim"; | ||
53 | selector = "eldiron"; | ||
54 | configFile = pkgs.writeText "opendkim.conf" '' | ||
55 | SubDomains yes | ||
56 | UMask 002 | ||
57 | AlwaysAddARHeader yes | ||
58 | ''; | ||
59 | group = config.services.postfix.group; | ||
60 | }; | ||
61 | systemd.services.opendkim.serviceConfig.Slice = "mail.slice"; | ||
62 | systemd.services.opendkim.preStart = lib.mkBefore '' | ||
63 | # Skip the prestart script as keys are handled in secrets | ||
64 | exit 0 | ||
65 | ''; | ||
66 | services.filesWatcher.opendkim = { | ||
67 | restart = true; | ||
68 | paths = [ | ||
69 | config.secrets.fullPaths."opendkim/eldiron.private" | ||
70 | ]; | ||
71 | }; | ||
72 | |||
73 | systemd.services.milter_verify_from = { | ||
74 | description = "Verify from milter"; | ||
75 | after = [ "network.target" ]; | ||
76 | wantedBy = [ "multi-user.target" ]; | ||
77 | |||
78 | serviceConfig = { | ||
79 | Slice = "mail.slice"; | ||
80 | User = "postfix"; | ||
81 | Group = "postfix"; | ||
82 | ExecStart = let python = pkgs.python3.withPackages (p: [ p.pymilter ]); | ||
83 | in "${python}/bin/python ${./verify_from.py} -s /run/milter_verify_from/verify_from.sock"; | ||
84 | RuntimeDirectory = "milter_verify_from"; | ||
85 | }; | ||
86 | }; | ||
87 | }; | ||
88 | } | ||