nixos-config/modules/mailserver/dkim.nix

57 lines
1.7 KiB
Nix
Raw Permalink Normal View History

# SPDX-FileCopyrightText: 2023 Simon Bruder <simon@sbruder.de>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
{ config, lib, pkgs, ... }:
let
cfg = config.sbruder.mailserver;
in
{
options.sbruder.mailserver.dkim = {
enable = (lib.mkEnableOption "DKIM signing") // { default = true; };
selector = lib.mkOption {
type = lib.types.str;
description = "DKIM Selector to use";
default = "mail";
};
};
config = lib.mkIf (cfg.enable && cfg.dkim.enable) {
services.opendkim = {
enable = true;
selector = cfg.dkim.selector;
domains = "csl:${lib.concatStringsSep "," cfg.domains}";
configFile = pkgs.writeText "opendkim.conf" ''
UMask 0002
'';
};
systemd.services.opendkim = {
# changed to use larger key size
preStart =
let
inherit (config.services.opendkim) keyPath selector;
in
lib.mkForce ''
cd "${keyPath}"
if ! test -f ${selector}.private; then
${pkgs.opendkim}/bin/opendkim-genkey \
-s ${selector} \
-d all-domains-generic-key \
-b 4096
echo "Generated OpenDKIM key! Please update your DNS settings:\n"
echo "-------------------------------------------------------------"
cat ${selector}.txt
echo "-------------------------------------------------------------"
fi
'';
};
users.users.postfix.extraGroups = lib.mkIf cfg.dkim.enable (lib.singleton config.users.users.opendkim.group);
services.postfix.config = {
smtpd_milters = lib.singleton "unix:/run/opendkim/opendkim.sock";
non_smtpd_milters = lib.singleton "unix:/run/opendkim/opendkim.sock";
};
};
}