nixos-config/modules/mailserver/dkim.nix

# SPDX-FileCopyrightText: 2023 Simon Bruder <simon@sbruder.de>
#
# SPDX-License-Identifier: AGPL-3.0-or-later

{ config, lib, pkgs, ... }:
let
  cfg = config.sbruder.mailserver;
in
{
  options.sbruder.mailserver.dkim = {
    enable = (lib.mkEnableOption "DKIM signing") // { default = true; };
    selector = lib.mkOption {
      type = lib.types.str;
      description = "DKIM Selector to use";
      default = "mail";
    };
  };

  config = lib.mkIf (cfg.enable && cfg.dkim.enable) {
    services.opendkim = {
      enable = true;
      selector = cfg.dkim.selector;
      domains = "csl:${lib.concatStringsSep "," cfg.domains}";
      configFile = pkgs.writeText "opendkim.conf" ''
        UMask 0002
      '';
    };
    systemd.services.opendkim = {
      # changed to use larger key size
      preStart =
        let
          inherit (config.services.opendkim) keyPath selector;
        in
        lib.mkForce ''
          cd "${keyPath}"
          if ! test -f ${selector}.private; then
            ${pkgs.opendkim}/bin/opendkim-genkey \
              -s ${selector} \
              -d all-domains-generic-key \
              -b 4096
            echo "Generated OpenDKIM key! Please update your DNS settings:\n"
            echo "-------------------------------------------------------------"
            cat ${selector}.txt
            echo "-------------------------------------------------------------"
          fi
        '';
    };

    users.users.postfix.extraGroups = lib.mkIf cfg.dkim.enable (lib.singleton config.users.users.opendkim.group);

    services.postfix.config = {
      smtpd_milters = lib.singleton "unix:/run/opendkim/opendkim.sock";
      non_smtpd_milters = lib.singleton "unix:/run/opendkim/opendkim.sock";
    };
  };
}
Relicense This applies the REUSE specification to the repository, so the licensing information can be tracked for every file individually. 2024-01-06 01:19:35 +01:00			`# SPDX-FileCopyrightText: 2023 Simon Bruder <simon@sbruder.de>`
			`#`
			`# SPDX-License-Identifier: AGPL-3.0-or-later`

mailserver: Separate into multiple files 2023-05-31 13:11:12 +02:00			`{ config, lib, pkgs, ... }:`
			`let`
			`cfg = config.sbruder.mailserver;`
			`in`
			`{`
			`options.sbruder.mailserver.dkim = {`
			`enable = (lib.mkEnableOption "DKIM signing") // { default = true; };`
			`selector = lib.mkOption {`
			`type = lib.types.str;`
			`description = "DKIM Selector to use";`
			`default = "mail";`
			`};`
			`};`

			`config = lib.mkIf (cfg.enable && cfg.dkim.enable) {`
			`services.opendkim = {`
			`enable = true;`
			`selector = cfg.dkim.selector;`
			`domains = "csl:${lib.concatStringsSep "," cfg.domains}";`
			`configFile = pkgs.writeText "opendkim.conf" ''`
			`UMask 0002`
			`'';`
			`};`
			`systemd.services.opendkim = {`
			`# changed to use larger key size`
			`preStart =`
			`let`
			`inherit (config.services.opendkim) keyPath selector;`
			`in`
			`lib.mkForce ''`
			`cd "${keyPath}"`
			`if ! test -f ${selector}.private; then`
			`${pkgs.opendkim}/bin/opendkim-genkey \`
			`-s ${selector} \`
			`-d all-domains-generic-key \`
			`-b 4096`
			`echo "Generated OpenDKIM key! Please update your DNS settings:\n"`
			`echo "-------------------------------------------------------------"`
			`cat ${selector}.txt`
			`echo "-------------------------------------------------------------"`
			`fi`
			`'';`
			`};`

			`users.users.postfix.extraGroups = lib.mkIf cfg.dkim.enable (lib.singleton config.users.users.opendkim.group);`

			`services.postfix.config = {`
			`smtpd_milters = lib.singleton "unix:/run/opendkim/opendkim.sock";`
			`non_smtpd_milters = lib.singleton "unix:/run/opendkim/opendkim.sock";`
			`};`
			`};`
			`}`