diff options
Diffstat (limited to 'modules/private/mail/milters.nix')
-rw-r--r-- | modules/private/mail/milters.nix | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/modules/private/mail/milters.nix b/modules/private/mail/milters.nix index 6b033e8..16c8a7a 100644 --- a/modules/private/mail/milters.nix +++ b/modules/private/mail/milters.nix | |||
@@ -12,7 +12,7 @@ | |||
12 | milters sockets | 12 | milters sockets |
13 | ''; | 13 | ''; |
14 | }; | 14 | }; |
15 | config = lib.mkIf config.myServices.mail.enable { | 15 | config = lib.mkIf (config.myServices.mail.enable || config.myServices.mailBackup.enable) { |
16 | secrets.keys = [ | 16 | secrets.keys = [ |
17 | { | 17 | { |
18 | dest = "opendkim/eldiron.private"; | 18 | dest = "opendkim/eldiron.private"; |
@@ -34,7 +34,14 @@ | |||
34 | user = config.services.opendmarc.user; | 34 | user = config.services.opendmarc.user; |
35 | group = config.services.opendmarc.group; | 35 | group = config.services.opendmarc.group; |
36 | permissions = "0400"; | 36 | permissions = "0400"; |
37 | text = config.myEnv.mail.dmarc.ignore_hosts; | 37 | text = let |
38 | mxes = lib.attrsets.filterAttrs | ||
39 | (n: v: v.mx.enable) | ||
40 | config.myEnv.servers; | ||
41 | in | ||
42 | builtins.concatStringsSep "\n" ([ | ||
43 | config.myEnv.mail.dmarc.ignore_hosts | ||
44 | ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes); | ||
38 | } | 45 | } |
39 | ]; | 46 | ]; |
40 | users.users."${config.services.opendkim.user}".extraGroups = [ "keys" ]; | 47 | users.users."${config.services.opendkim.user}".extraGroups = [ "keys" ]; |
@@ -51,8 +58,9 @@ | |||
51 | keyPath = "${config.secrets.location}/opendkim"; | 58 | keyPath = "${config.secrets.location}/opendkim"; |
52 | selector = "eldiron"; | 59 | selector = "eldiron"; |
53 | configFile = pkgs.writeText "opendkim.conf" '' | 60 | configFile = pkgs.writeText "opendkim.conf" '' |
54 | SubDomains yes | 61 | SubDomains yes |
55 | UMask 002 | 62 | UMask 002 |
63 | AlwaysAddARHeader yes | ||
56 | ''; | 64 | ''; |
57 | group = config.services.postfix.group; | 65 | group = config.services.postfix.group; |
58 | }; | 66 | }; |
@@ -74,14 +82,14 @@ | |||
74 | configFile = pkgs.writeText "opendmarc.conf" '' | 82 | configFile = pkgs.writeText "opendmarc.conf" '' |
75 | AuthservID HOSTNAME | 83 | AuthservID HOSTNAME |
76 | FailureReports false | 84 | FailureReports false |
77 | FailureReportsBcc postmaster@localhost.immae.eu | 85 | FailureReportsBcc postmaster@immae.eu |
78 | FailureReportsOnNone true | 86 | FailureReportsOnNone true |
79 | FailureReportsSentBy postmaster@immae.eu | 87 | FailureReportsSentBy postmaster@immae.eu |
80 | IgnoreAuthenticatedClients true | 88 | IgnoreAuthenticatedClients true |
81 | IgnoreHosts ${config.secrets.fullPaths."opendmarc/ignore.hosts"} | 89 | IgnoreHosts ${config.secrets.fullPaths."opendmarc/ignore.hosts"} |
82 | SoftwareHeader true | 90 | SoftwareHeader true |
91 | SPFIgnoreResults true | ||
83 | SPFSelfValidate true | 92 | SPFSelfValidate true |
84 | TrustedAuthservIDs HOSTNAME, immae.eu, nef2.ens.fr | ||
85 | UMask 002 | 93 | UMask 002 |
86 | ''; | 94 | ''; |
87 | group = config.services.postfix.group; | 95 | group = config.services.postfix.group; |