mirror of
https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git
synced 2025-03-31 07:59:52 +05:00
domains: seperate into domains and relayDomains
This commit is contained in:
parent
8c1c4640b8
commit
905be88429
14
default.nix
14
default.nix
@ -41,7 +41,15 @@ in
|
||||
type = types.listOf types.str;
|
||||
example = [ "example.com" ];
|
||||
default = [];
|
||||
description = "The domains that this mail server serves.";
|
||||
description = "The domains that this mail server serves and provides an mailbox.";
|
||||
};
|
||||
|
||||
relayDomains = mkOption {
|
||||
type = types.listOf types.str;
|
||||
example = [ "lists.example.com" ];
|
||||
default = [];
|
||||
defaultText = lib.literalExpression "config.mailserver.domains";
|
||||
description = "The domains that this mail server relays.";
|
||||
};
|
||||
|
||||
certificateDomains = mkOption {
|
||||
@ -1334,4 +1342,8 @@ in
|
||||
./mail-server/kresd.nix
|
||||
./mail-server/post-upgrade-check.nix
|
||||
];
|
||||
|
||||
config = {
|
||||
mailserver.relayDomains = cfg.domains;
|
||||
};
|
||||
}
|
||||
|
@ -41,13 +41,13 @@ let
|
||||
echo "Generated key for domain ${dom} selector ${cfg.dkimSelector}"
|
||||
fi
|
||||
'';
|
||||
createAllCerts = lib.concatStringsSep "\n" (map createDomainDkimCert cfg.domains);
|
||||
createAllCerts = lib.concatStringsSep "\n" (map createDomainDkimCert cfg.relayDomains);
|
||||
|
||||
keyTable = pkgs.writeText "opendkim-KeyTable"
|
||||
(lib.concatStringsSep "\n" (lib.flip map cfg.domains
|
||||
(lib.concatStringsSep "\n" (lib.flip map cfg.relayDomains
|
||||
(dom: "${dom} ${dom}:${cfg.dkimSelector}:${cfg.dkimKeyDirectory}/${dom}.${cfg.dkimSelector}.key")));
|
||||
signingTable = pkgs.writeText "opendkim-SigningTable"
|
||||
(lib.concatStringsSep "\n" (lib.flip map cfg.domains (dom: "${dom} ${dom}")));
|
||||
(lib.concatStringsSep "\n" (lib.flip map cfg.relayDomains (dom: "${dom} ${dom}")));
|
||||
|
||||
dkim = config.services.opendkim;
|
||||
args = [ "-f" "-l" ] ++ lib.optionals (dkim.configFile != null) [ "-x" dkim.configFile ];
|
||||
@ -58,7 +58,7 @@ in
|
||||
enable = true;
|
||||
selector = cfg.dkimSelector;
|
||||
keyPath = cfg.dkimKeyDirectory;
|
||||
domains = "csl:${builtins.concatStringsSep "," cfg.domains}";
|
||||
domains = "csl:${builtins.concatStringsSep "," cfg.relayDomains}";
|
||||
configFile = pkgs.writeText "opendkim.conf" (''
|
||||
Canonicalization ${cfg.dkimHeaderCanonicalization}/${cfg.dkimBodyCanonicalization}
|
||||
UMask 0002
|
||||
|
@ -157,6 +157,7 @@ let
|
||||
tls_ca_cert_file = ${cfg.ldap.tlsCAFile}
|
||||
tls_require_cert = yes
|
||||
|
||||
domain = ${lib.concatStringsSep ", " cfg.domains}
|
||||
search_base = ${cfg.ldap.searchBase}
|
||||
scope = ${cfg.ldap.searchScope}
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user