ForkMaster/nixos-mailserver
1
0
Fork 0
mirror of https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git synced 2025-04-02 05:44:33 +05:00
Code Issues Packages Projects Releases Wiki Activity

allow specifying extra domains for dkim signing

Browse Source
This commit is contained in:
Yureka 2024-07-19 18:14:30 +02:00 committed by Yuka
parent c8ec4d5e43
commit 87d8e15705
2 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
default.nix
View File

@ -44,6 +44,13 @@ in
description = "The domains that this mail server serves."; description = "The domains that this mail server serves.";
}; };
dkimDomains = mkOption {
type = types.listOf types.str;
example = [ "example.com" ];
default = [];
description = "The domains that this mail server serves.";
};
certificateDomains = mkOption { certificateDomains = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
example = [ "imap.example.com" "pop3.example.com" ]; example = [ "imap.example.com" "pop3.example.com" ];

11
mail-server/opendkim.nix
View File

@ -41,24 +41,27 @@ let
echo "Generated key for domain ${dom} selector ${cfg.dkimSelector}" echo "Generated key for domain ${dom} selector ${cfg.dkimSelector}"
fi fi
''; '';
createAllCerts = lib.concatStringsSep "\n" (map createDomainDkimCert cfg.domains); createAllCerts = lib.concatStringsSep "\n" (map createDomainDkimCert cfg.dkimDomains);
keyTable = pkgs.writeText "opendkim-KeyTable" keyTable = pkgs.writeText "opendkim-KeyTable"
(lib.concatStringsSep "\n" (lib.flip map cfg.domains (lib.concatStringsSep "\n" (lib.flip map cfg.dkimDomains
(dom: "${dom} ${dom}:${cfg.dkimSelector}:${cfg.dkimKeyDirectory}/${dom}.${cfg.dkimSelector}.key"))); (dom: "${dom} ${dom}:${cfg.dkimSelector}:${cfg.dkimKeyDirectory}/${dom}.${cfg.dkimSelector}.key")));
signingTable = pkgs.writeText "opendkim-SigningTable" signingTable = pkgs.writeText "opendkim-SigningTable"
(lib.concatStringsSep "\n" (lib.flip map cfg.domains (dom: "${dom} ${dom}"))); (lib.concatStringsSep "\n" (lib.flip map cfg.dkimDomains (dom: "${dom} ${dom}")));
dkim = config.services.opendkim; dkim = config.services.opendkim;
args = [ "-f" "-l" ] ++ lib.optionals (dkim.configFile != null) [ "-x" dkim.configFile ]; args = [ "-f" "-l" ] ++ lib.optionals (dkim.configFile != null) [ "-x" dkim.configFile ];
in in
{ {
config = mkIf (cfg.dkimSigning && cfg.enable) { config = mkIf (cfg.dkimSigning && cfg.enable) {
mailserver.dkimDomains = config.mailserver.domains;
services.opendkim = { services.opendkim = {
enable = true; enable = true;
selector = cfg.dkimSelector; selector = cfg.dkimSelector;
keyPath = cfg.dkimKeyDirectory; keyPath = cfg.dkimKeyDirectory;
domains = "csl:${builtins.concatStringsSep "," cfg.domains}"; domains = "csl:${builtins.concatStringsSep "," cfg.dkimDomains}";
configFile = pkgs.writeText "opendkim.conf" ('' configFile = pkgs.writeText "opendkim.conf" (''
Canonicalization ${cfg.dkimHeaderCanonicalization}/${cfg.dkimBodyCanonicalization} Canonicalization ${cfg.dkimHeaderCanonicalization}/${cfg.dkimBodyCanonicalization}
UMask 0002 UMask 0002