ForkMaster/nixos-mailserver
1
0
Fork 0
mirror of https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git synced 2025-04-02 05:44:33 +05:00
Code Issues Packages Projects Releases Wiki Activity

domains: seperate into domains and relayDomains

Browse Source
This commit is contained in:
Marcel 2024-08-10 19:05:14 +02:00
parent 8c1c4640b8
commit 905be88429
No known key found for this signature in database
GPG Key ID: 446F3B093DF81C6A
3 changed files with 18 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
default.nix
View File

@ -41,7 +41,15 @@ in
type = types.listOf types.str; type = types.listOf types.str;
example = [ "example.com" ]; example = [ "example.com" ];
default = []; default = [];
description = "The domains that this mail server serves."; description = "The domains that this mail server serves and provides an mailbox.";
};
relayDomains = mkOption {
type = types.listOf types.str;
example = [ "lists.example.com" ];
default = [];
defaultText = lib.literalExpression "config.mailserver.domains";
description = "The domains that this mail server relays.";
}; };
certificateDomains = mkOption { certificateDomains = mkOption {
@ -1334,4 +1342,8 @@ in
./mail-server/kresd.nix ./mail-server/kresd.nix
./mail-server/post-upgrade-check.nix ./mail-server/post-upgrade-check.nix
]; ];
config = {
mailserver.relayDomains = cfg.domains;
};
} }

8
mail-server/opendkim.nix
View File

@ -41,13 +41,13 @@ let
echo "Generated key for domain ${dom} selector ${cfg.dkimSelector}" echo "Generated key for domain ${dom} selector ${cfg.dkimSelector}"
fi fi
''; '';
createAllCerts = lib.concatStringsSep "\n" (map createDomainDkimCert cfg.domains); createAllCerts = lib.concatStringsSep "\n" (map createDomainDkimCert cfg.relayDomains);
keyTable = pkgs.writeText "opendkim-KeyTable" keyTable = pkgs.writeText "opendkim-KeyTable"
(lib.concatStringsSep "\n" (lib.flip map cfg.domains (lib.concatStringsSep "\n" (lib.flip map cfg.relayDomains
(dom: "${dom} ${dom}:${cfg.dkimSelector}:${cfg.dkimKeyDirectory}/${dom}.${cfg.dkimSelector}.key"))); (dom: "${dom} ${dom}:${cfg.dkimSelector}:${cfg.dkimKeyDirectory}/${dom}.${cfg.dkimSelector}.key")));
signingTable = pkgs.writeText "opendkim-SigningTable" signingTable = pkgs.writeText "opendkim-SigningTable"
(lib.concatStringsSep "\n" (lib.flip map cfg.domains (dom: "${dom} ${dom}"))); (lib.concatStringsSep "\n" (lib.flip map cfg.relayDomains (dom: "${dom} ${dom}")));
dkim = config.services.opendkim; dkim = config.services.opendkim;
args = [ "-f" "-l" ] ++ lib.optionals (dkim.configFile != null) [ "-x" dkim.configFile ]; args = [ "-f" "-l" ] ++ lib.optionals (dkim.configFile != null) [ "-x" dkim.configFile ];
@ -58,7 +58,7 @@ in
enable = true; enable = true;
selector = cfg.dkimSelector; selector = cfg.dkimSelector;
keyPath = cfg.dkimKeyDirectory; keyPath = cfg.dkimKeyDirectory;
domains = "csl:${builtins.concatStringsSep "," cfg.domains}"; domains = "csl:${builtins.concatStringsSep "," cfg.relayDomains}";
configFile = pkgs.writeText "opendkim.conf" ('' configFile = pkgs.writeText "opendkim.conf" (''
Canonicalization ${cfg.dkimHeaderCanonicalization}/${cfg.dkimBodyCanonicalization} Canonicalization ${cfg.dkimHeaderCanonicalization}/${cfg.dkimBodyCanonicalization}
UMask 0002 UMask 0002

1
mail-server/postfix.nix
View File

@ -157,6 +157,7 @@ let
tls_ca_cert_file = ${cfg.ldap.tlsCAFile} tls_ca_cert_file = ${cfg.ldap.tlsCAFile}
tls_require_cert = yes tls_require_cert = yes
domain = ${lib.concatStringsSep ", " cfg.domains}
search_base = ${cfg.ldap.searchBase} search_base = ${cfg.ldap.searchBase}
scope = ${cfg.ldap.searchScope} scope = ${cfg.ldap.searchScope}