diff options
Diffstat (limited to 'modules/private/mail')
-rw-r--r-- | modules/private/mail/milters.nix | 44 |
1 files changed, 2 insertions, 42 deletions
diff --git a/modules/private/mail/milters.nix b/modules/private/mail/milters.nix index 96c2800..49c5dfd 100644 --- a/modules/private/mail/milters.nix +++ b/modules/private/mail/milters.nix | |||
@@ -1,7 +1,8 @@ | |||
1 | { lib, pkgs, config, name, ... }: | 1 | { lib, pkgs, config, name, ... }: |
2 | { | 2 | { |
3 | imports = | 3 | imports = |
4 | builtins.attrValues (import ../../../lib/flake-compat.nix ../../../flakes/openarc).nixosModules; | 4 | builtins.attrValues (import ../../../lib/flake-compat.nix ../../../flakes/openarc).nixosModules |
5 | ++ builtins.attrValues (import ../../../lib/flake-compat.nix ../../../flakes/opendmarc).nixosModules; | ||
5 | 6 | ||
6 | options.myServices.mail.milters.sockets = lib.mkOption { | 7 | options.myServices.mail.milters.sockets = lib.mkOption { |
7 | type = lib.types.attrsOf lib.types.path; | 8 | type = lib.types.attrsOf lib.types.path; |
@@ -32,20 +33,6 @@ | |||
32 | text = '' | 33 | text = '' |
33 | eldiron._domainkey IN TXT ${config.myEnv.mail.dkim.eldiron.public}''; | 34 | eldiron._domainkey IN TXT ${config.myEnv.mail.dkim.eldiron.public}''; |
34 | } | 35 | } |
35 | { | ||
36 | dest = "opendmarc/ignore.hosts"; | ||
37 | user = config.services.opendmarc.user; | ||
38 | group = config.services.opendmarc.group; | ||
39 | permissions = "0400"; | ||
40 | text = let | ||
41 | mxes = lib.attrsets.filterAttrs | ||
42 | (n: v: v.mx.enable) | ||
43 | config.myEnv.servers; | ||
44 | in | ||
45 | builtins.concatStringsSep "\n" ([ | ||
46 | config.myEnv.mail.dmarc.ignore_hosts | ||
47 | ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes); | ||
48 | } | ||
49 | ]; | 36 | ]; |
50 | users.users."${config.services.opendkim.user}".extraGroups = [ "keys" ]; | 37 | users.users."${config.services.opendkim.user}".extraGroups = [ "keys" ]; |
51 | services.opendkim = { | 38 | services.opendkim = { |
@@ -79,33 +66,6 @@ | |||
79 | ]; | 66 | ]; |
80 | }; | 67 | }; |
81 | 68 | ||
82 | users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ]; | ||
83 | systemd.services.opendmarc.serviceConfig.Slice = "mail.slice"; | ||
84 | services.opendmarc = { | ||
85 | enable = true; | ||
86 | socket = "local:${config.myServices.mail.milters.sockets.opendmarc}"; | ||
87 | configFile = pkgs.writeText "opendmarc.conf" '' | ||
88 | AuthservID HOSTNAME | ||
89 | FailureReports false | ||
90 | FailureReportsBcc postmaster@immae.eu | ||
91 | FailureReportsOnNone true | ||
92 | FailureReportsSentBy postmaster@immae.eu | ||
93 | IgnoreAuthenticatedClients true | ||
94 | IgnoreHosts ${config.secrets.fullPaths."opendmarc/ignore.hosts"} | ||
95 | SoftwareHeader true | ||
96 | SPFIgnoreResults true | ||
97 | SPFSelfValidate true | ||
98 | UMask 002 | ||
99 | ''; | ||
100 | group = config.services.postfix.group; | ||
101 | }; | ||
102 | services.filesWatcher.opendmarc = { | ||
103 | restart = true; | ||
104 | paths = [ | ||
105 | config.secrets.fullPaths."opendmarc/ignore.hosts" | ||
106 | ]; | ||
107 | }; | ||
108 | |||
109 | systemd.services.milter_verify_from = { | 69 | systemd.services.milter_verify_from = { |
110 | description = "Verify from milter"; | 70 | description = "Verify from milter"; |
111 | after = [ "network.target" ]; | 71 | after = [ "network.target" ]; |