diff options
| author | Gregor Kleen <pngwjpgh@users.noreply.github.com> | 2016-06-24 20:14:18 +0200 |
|---|---|---|
| committer | Gregor Kleen <pngwjpgh@users.noreply.github.com> | 2016-06-24 20:14:18 +0200 |
| commit | e068e8d629fe7cf55425117d7f627f9f89d5949d (patch) | |
| tree | 410f2ae36bb0d22aea728fc3f74bff8094d7dfeb | |
| parent | 3158823c7e16e831690406c82d3336a1002b8447 (diff) | |
| download | nixos-e068e8d629fe7cf55425117d7f627f9f89d5949d.tar nixos-e068e8d629fe7cf55425117d7f627f9f89d5949d.tar.gz nixos-e068e8d629fe7cf55425117d7f627f9f89d5949d.tar.bz2 nixos-e068e8d629fe7cf55425117d7f627f9f89d5949d.tar.xz nixos-e068e8d629fe7cf55425117d7f627f9f89d5949d.zip | |
dkim on ymir
| -rw-r--r-- | ymir.nix | 31 |
1 files changed, 27 insertions, 4 deletions
| @@ -13,6 +13,12 @@ let | |||
| 13 | cert = "/var/lib/acme/yggdrasil.li/fullchain.pem"; | 13 | cert = "/var/lib/acme/yggdrasil.li/fullchain.pem"; |
| 14 | }; | 14 | }; |
| 15 | }; | 15 | }; |
| 16 | myDomains = ["dirty-haskell.org" "www.dirty-haskell.org" "lists.dirty-haskell.org" "l.dirty-haskell.org" | ||
| 17 | "files.141.li" "f.141.li" "ymir.141.li" "141.li" "www.141.li" "lists.141.li" "l.141.li" | ||
| 18 | "ymir.xmpp.li" "xmpp.li" "www.xmpp.li" "lists.xmpp.li" "l.xmpp.li" | ||
| 19 | "files.yggdrasil.li" "f.yggdrasil.li" "ymir.yggdrasil.li" "git.yggdrasil.li" "www.yggdrasil.li" "yggdrasil.li" "lists.yggdrasil.li" "l.yggdrasil.li" | ||
| 20 | "files.praseodym.org" "f.praseodym.org" "ymir.praseodym.org" "praseodym.org" "www.praseodym.org" "lists.praseodym.org" "l.praseodym.org" | ||
| 21 | ]; | ||
| 16 | in rec { | 22 | in rec { |
| 17 | imports = | 23 | imports = |
| 18 | [ | 24 | [ |
| @@ -406,7 +412,7 @@ in rec { | |||
| 406 | reject_non_fqdn_recipient, | 412 | reject_non_fqdn_recipient, |
| 407 | reject_unknown_recipient_domain, | 413 | reject_unknown_recipient_domain, |
| 408 | check_recipient_access hash:/srv/mail/recipient_access, | 414 | check_recipient_access hash:/srv/mail/recipient_access, |
| 409 | check_policy_service unix:policy, | 415 | check_policy_service unix:private/policy-quota, |
| 410 | permit_mynetworks, | 416 | permit_mynetworks, |
| 411 | permit_sasl_authenticated, | 417 | permit_sasl_authenticated, |
| 412 | reject_unauth_destination, | 418 | reject_unauth_destination, |
| @@ -421,6 +427,11 @@ in rec { | |||
| 421 | policy-spf_time_limit = 3600s | 427 | policy-spf_time_limit = 3600s |
| 422 | propagate_unmatched_extensions = virtual | 428 | propagate_unmatched_extensions = virtual |
| 423 | 429 | ||
| 430 | milter_default_action = accept | ||
| 431 | milter_protocol = 2 | ||
| 432 | smtpd_milters = local:private/dkim | ||
| 433 | non_smtpd_milters = local:private/dkim | ||
| 434 | |||
| 424 | alias_maps = hash:/etc/postfix/aliases texthash:/srv/mail/spm | 435 | alias_maps = hash:/etc/postfix/aliases texthash:/srv/mail/spm |
| 425 | ''; | 436 | ''; |
| 426 | extraMasterConf = '' | 437 | extraMasterConf = '' |
| @@ -451,6 +462,19 @@ in rec { | |||
| 451 | }; | 462 | }; |
| 452 | }; | 463 | }; |
| 453 | 464 | ||
| 465 | services.opendkim = { | ||
| 466 | enable = true; | ||
| 467 | user = "postfix"; group = "postfix"; | ||
| 468 | socket = "local:/var/lib/postfix/queue/private/dkim"; | ||
| 469 | domains = ''csl:${pkgs.lib.concatStringsSep "," myDomains}''; | ||
| 470 | keyFile = /var/lib/dkim/ymir.private; | ||
| 471 | selector = "ymir"; | ||
| 472 | configFile = builtins.toFile "opendkim.conf" '' | ||
| 473 | Syslog true | ||
| 474 | MTACommand /var/setuid-wrappers/sendmail | ||
| 475 | ''; | ||
| 476 | }; | ||
| 477 | |||
| 454 | services.dovecot2 = { | 478 | services.dovecot2 = { |
| 455 | enable = true; | 479 | enable = true; |
| 456 | enableImap = true; | 480 | enableImap = true; |
| @@ -489,7 +513,7 @@ in rec { | |||
| 489 | 513 | ||
| 490 | service quota-status { | 514 | service quota-status { |
| 491 | executable = quota-status -p postfix | 515 | executable = quota-status -p postfix |
| 492 | unix_listener /var/lib/postfix/queue/policy { | 516 | unix_listener /var/lib/postfix/queue/private/policy-quota { |
| 493 | mode = 0660 | 517 | mode = 0660 |
| 494 | user = postfix | 518 | user = postfix |
| 495 | group = postfix | 519 | group = postfix |
| @@ -522,8 +546,7 @@ in rec { | |||
| 522 | group = "ssl"; | 546 | group = "ssl"; |
| 523 | webroot = "/srv/www/acme/yggdrasil.li"; | 547 | webroot = "/srv/www/acme/yggdrasil.li"; |
| 524 | email = "phikeebaogobaegh@141.li"; | 548 | email = "phikeebaogobaegh@141.li"; |
| 525 | extraDomains = builtins.listToAttrs (builtins.map (name: { inherit name; value = "/srv/www/acme/${name}"; }) | 549 | extraDomains = builtins.listToAttrs (builtins.map (name: { inherit name; value = "/srv/www/acme/${name}"; }) myDomains); |
| 526 | ["dirty-haskell.org" "www.dirty-haskell.org" "lists.dirty-haskell.org" "l.dirty-haskell.org" "files.141.li" "f.141.li" "ymir.141.li" "141.li" "www.141.li" "lists.141.li" "l.141.li" "ymir.xmpp.li" "xmpp.li" "www.xmpp.li" "lists.xmpp.li" "l.xmpp.li" "files.yggdrasil.li" "f.yggdrasil.li" "ymir.yggdrasil.li" "git.yggdrasil.li" "www.yggdrasil.li" "yggdrasil.li" "lists.yggdrasil.li" "l.yggdrasil.li" "files.praseodym.org" "f.praseodym.org" "ymir.praseodym.org" "praseodym.org" "www.praseodym.org" "lists.praseodym.org" "l.praseodym.org"]); | ||
| 527 | postRun = '' | 550 | postRun = '' |
| 528 | systemctl reload nginx.service | 551 | systemctl reload nginx.service |
| 529 | prosodyctl reload | 552 | prosodyctl reload |