From 1a64deeb894dc95e2645a75771732c6cc53a79ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Wed, 4 Oct 2023 01:35:06 +0200 Subject: Squash changes containing private information There were a lot of changes since the previous commit, but a lot of them contained personnal information about users. All thos changes got stashed into a single commit (history is kept in a different place) and private information was moved in a separate private repository --- modules/private/mail/milters.nix | 88 ---------------------------------------- 1 file changed, 88 deletions(-) delete mode 100644 modules/private/mail/milters.nix (limited to 'modules/private/mail/milters.nix') diff --git a/modules/private/mail/milters.nix b/modules/private/mail/milters.nix deleted file mode 100644 index 4b93a7a..0000000 --- a/modules/private/mail/milters.nix +++ /dev/null @@ -1,88 +0,0 @@ -{ lib, pkgs, config, name, ... }: -{ - imports = - builtins.attrValues (import ../../../lib/flake-compat.nix ../../../flakes/private/openarc).nixosModules - ++ builtins.attrValues (import ../../../lib/flake-compat.nix ../../../flakes/private/opendmarc).nixosModules; - - options.myServices.mail.milters.sockets = lib.mkOption { - type = lib.types.attrsOf lib.types.path; - default = { - opendkim = "/run/opendkim/opendkim.sock"; - opendmarc = config.services.opendmarc.socket; - openarc = config.services.openarc.socket; - }; - readOnly = true; - description = '' - milters sockets - ''; - }; - config = lib.mkIf (config.myServices.mail.enable || config.myServices.mailBackup.enable) { - secrets.keys = { - "opendkim" = { - isDir = true; - user = config.services.opendkim.user; - group = config.services.opendkim.group; - permissions = "0550"; - }; - "opendkim/eldiron.private" = { - user = config.services.opendkim.user; - group = config.services.opendkim.group; - permissions = "0400"; - text = config.myEnv.mail.dkim.eldiron.private; - }; - "opendkim/eldiron.txt" = { - user = config.services.opendkim.user; - group = config.services.opendkim.group; - permissions = "0444"; - text = '' - eldiron._domainkey IN TXT ${config.myEnv.mail.dkim.eldiron.public}''; - }; - }; - users.users."${config.services.opendkim.user}".extraGroups = [ "keys" ]; - services.opendkim = { - enable = true; - socket = "local:${config.myServices.mail.milters.sockets.opendkim}"; - domains = builtins.concatStringsSep "," (lib.flatten (map - (zone: map - (e: "${e.domain}${lib.optionalString (e.domain != "") "."}${zone.name}") - (zone.withEmail or []) - ) - config.myEnv.dns.masterZones - )); - keyPath = config.secrets.fullPaths."opendkim"; - selector = "eldiron"; - configFile = pkgs.writeText "opendkim.conf" '' - SubDomains yes - UMask 002 - AlwaysAddARHeader yes - ''; - group = config.services.postfix.group; - }; - systemd.services.opendkim.serviceConfig.Slice = "mail.slice"; - systemd.services.opendkim.preStart = lib.mkBefore '' - # Skip the prestart script as keys are handled in secrets - exit 0 - ''; - services.filesWatcher.opendkim = { - restart = true; - paths = [ - config.secrets.fullPaths."opendkim/eldiron.private" - ]; - }; - - systemd.services.milter_verify_from = { - description = "Verify from milter"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - - serviceConfig = { - Slice = "mail.slice"; - User = "postfix"; - Group = "postfix"; - ExecStart = let python = pkgs.python3.withPackages (p: [ p.pymilter ]); - in "${python}/bin/python ${./verify_from.py} -s /run/milter_verify_from/verify_from.sock"; - RuntimeDirectory = "milter_verify_from"; - }; - }; - }; -} -- cgit v1.2.3