domains: seperate into domains and relayDomains

This commit is contained in:
Marcel 2024-08-10 19:05:14 +02:00
parent 8c1c4640b8
commit 905be88429
No known key found for this signature in database
GPG Key ID: 446F3B093DF81C6A
3 changed files with 18 additions and 5 deletions

View File

@ -41,7 +41,15 @@ in
type = types.listOf types.str;
example = [ "example.com" ];
default = [];
description = "The domains that this mail server serves.";
description = "The domains that this mail server serves and provides an mailbox.";
};
relayDomains = mkOption {
type = types.listOf types.str;
example = [ "lists.example.com" ];
default = [];
defaultText = lib.literalExpression "config.mailserver.domains";
description = "The domains that this mail server relays.";
};
certificateDomains = mkOption {
@ -1334,4 +1342,8 @@ in
./mail-server/kresd.nix
./mail-server/post-upgrade-check.nix
];
config = {
mailserver.relayDomains = cfg.domains;
};
}

View File

@ -41,13 +41,13 @@ let
echo "Generated key for domain ${dom} selector ${cfg.dkimSelector}"
fi
'';
createAllCerts = lib.concatStringsSep "\n" (map createDomainDkimCert cfg.domains);
createAllCerts = lib.concatStringsSep "\n" (map createDomainDkimCert cfg.relayDomains);
keyTable = pkgs.writeText "opendkim-KeyTable"
(lib.concatStringsSep "\n" (lib.flip map cfg.domains
(lib.concatStringsSep "\n" (lib.flip map cfg.relayDomains
(dom: "${dom} ${dom}:${cfg.dkimSelector}:${cfg.dkimKeyDirectory}/${dom}.${cfg.dkimSelector}.key")));
signingTable = pkgs.writeText "opendkim-SigningTable"
(lib.concatStringsSep "\n" (lib.flip map cfg.domains (dom: "${dom} ${dom}")));
(lib.concatStringsSep "\n" (lib.flip map cfg.relayDomains (dom: "${dom} ${dom}")));
dkim = config.services.opendkim;
args = [ "-f" "-l" ] ++ lib.optionals (dkim.configFile != null) [ "-x" dkim.configFile ];
@ -58,7 +58,7 @@ in
enable = true;
selector = cfg.dkimSelector;
keyPath = cfg.dkimKeyDirectory;
domains = "csl:${builtins.concatStringsSep "," cfg.domains}";
domains = "csl:${builtins.concatStringsSep "," cfg.relayDomains}";
configFile = pkgs.writeText "opendkim.conf" (''
Canonicalization ${cfg.dkimHeaderCanonicalization}/${cfg.dkimBodyCanonicalization}
UMask 0002

View File

@ -157,6 +157,7 @@ let
tls_ca_cert_file = ${cfg.ldap.tlsCAFile}
tls_require_cert = yes
domain = ${lib.concatStringsSep ", " cfg.domains}
search_base = ${cfg.ldap.searchBase}
scope = ${cfg.ldap.searchScope}