Simon Bruder
10b8d432d5
This applies the REUSE specification to the repository, so the licensing information can be tracked for every file individually.
57 lines
1.7 KiB
Nix
57 lines
1.7 KiB
Nix
# SPDX-FileCopyrightText: 2023 Simon Bruder <simon@sbruder.de>
|
|
#
|
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
{ config, lib, pkgs, ... }:
|
|
let
|
|
cfg = config.sbruder.mailserver;
|
|
in
|
|
{
|
|
options.sbruder.mailserver.dkim = {
|
|
enable = (lib.mkEnableOption "DKIM signing") // { default = true; };
|
|
selector = lib.mkOption {
|
|
type = lib.types.str;
|
|
description = "DKIM Selector to use";
|
|
default = "mail";
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf (cfg.enable && cfg.dkim.enable) {
|
|
services.opendkim = {
|
|
enable = true;
|
|
selector = cfg.dkim.selector;
|
|
domains = "csl:${lib.concatStringsSep "," cfg.domains}";
|
|
configFile = pkgs.writeText "opendkim.conf" ''
|
|
UMask 0002
|
|
'';
|
|
};
|
|
systemd.services.opendkim = {
|
|
# changed to use larger key size
|
|
preStart =
|
|
let
|
|
inherit (config.services.opendkim) keyPath selector;
|
|
in
|
|
lib.mkForce ''
|
|
cd "${keyPath}"
|
|
if ! test -f ${selector}.private; then
|
|
${pkgs.opendkim}/bin/opendkim-genkey \
|
|
-s ${selector} \
|
|
-d all-domains-generic-key \
|
|
-b 4096
|
|
echo "Generated OpenDKIM key! Please update your DNS settings:\n"
|
|
echo "-------------------------------------------------------------"
|
|
cat ${selector}.txt
|
|
echo "-------------------------------------------------------------"
|
|
fi
|
|
'';
|
|
};
|
|
|
|
users.users.postfix.extraGroups = lib.mkIf cfg.dkim.enable (lib.singleton config.users.users.opendkim.group);
|
|
|
|
services.postfix.config = {
|
|
smtpd_milters = lib.singleton "unix:/run/opendkim/opendkim.sock";
|
|
non_smtpd_milters = lib.singleton "unix:/run/opendkim/opendkim.sock";
|
|
};
|
|
};
|
|
}
|