summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <pngwjpgh@users.noreply.github.com>2016-06-24 20:14:18 +0200
committerGregor Kleen <pngwjpgh@users.noreply.github.com>2016-06-24 20:14:18 +0200
commite068e8d629fe7cf55425117d7f627f9f89d5949d (patch)
tree410f2ae36bb0d22aea728fc3f74bff8094d7dfeb
parent3158823c7e16e831690406c82d3336a1002b8447 (diff)
downloadnixos-e068e8d629fe7cf55425117d7f627f9f89d5949d.tar
nixos-e068e8d629fe7cf55425117d7f627f9f89d5949d.tar.gz
nixos-e068e8d629fe7cf55425117d7f627f9f89d5949d.tar.bz2
nixos-e068e8d629fe7cf55425117d7f627f9f89d5949d.tar.xz
nixos-e068e8d629fe7cf55425117d7f627f9f89d5949d.zip
dkim on ymir
-rw-r--r--ymir.nix31
1 files changed, 27 insertions, 4 deletions
diff --git a/ymir.nix b/ymir.nix
index faed3c30..4f7dbb5c 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -13,6 +13,12 @@ let
13 cert = "/var/lib/acme/yggdrasil.li/fullchain.pem"; 13 cert = "/var/lib/acme/yggdrasil.li/fullchain.pem";
14 }; 14 };
15 }; 15 };
16 myDomains = ["dirty-haskell.org" "www.dirty-haskell.org" "lists.dirty-haskell.org" "l.dirty-haskell.org"
17 "files.141.li" "f.141.li" "ymir.141.li" "141.li" "www.141.li" "lists.141.li" "l.141.li"
18 "ymir.xmpp.li" "xmpp.li" "www.xmpp.li" "lists.xmpp.li" "l.xmpp.li"
19 "files.yggdrasil.li" "f.yggdrasil.li" "ymir.yggdrasil.li" "git.yggdrasil.li" "www.yggdrasil.li" "yggdrasil.li" "lists.yggdrasil.li" "l.yggdrasil.li"
20 "files.praseodym.org" "f.praseodym.org" "ymir.praseodym.org" "praseodym.org" "www.praseodym.org" "lists.praseodym.org" "l.praseodym.org"
21 ];
16in rec { 22in rec {
17 imports = 23 imports =
18 [ 24 [
@@ -406,7 +412,7 @@ in rec {
406 reject_non_fqdn_recipient, 412 reject_non_fqdn_recipient,
407 reject_unknown_recipient_domain, 413 reject_unknown_recipient_domain,
408 check_recipient_access hash:/srv/mail/recipient_access, 414 check_recipient_access hash:/srv/mail/recipient_access,
409 check_policy_service unix:policy, 415 check_policy_service unix:private/policy-quota,
410 permit_mynetworks, 416 permit_mynetworks,
411 permit_sasl_authenticated, 417 permit_sasl_authenticated,
412 reject_unauth_destination, 418 reject_unauth_destination,
@@ -421,6 +427,11 @@ in rec {
421 policy-spf_time_limit = 3600s 427 policy-spf_time_limit = 3600s
422 propagate_unmatched_extensions = virtual 428 propagate_unmatched_extensions = virtual
423 429
430 milter_default_action = accept
431 milter_protocol = 2
432 smtpd_milters = local:private/dkim
433 non_smtpd_milters = local:private/dkim
434
424 alias_maps = hash:/etc/postfix/aliases texthash:/srv/mail/spm 435 alias_maps = hash:/etc/postfix/aliases texthash:/srv/mail/spm
425 ''; 436 '';
426 extraMasterConf = '' 437 extraMasterConf = ''
@@ -451,6 +462,19 @@ in rec {
451 }; 462 };
452 }; 463 };
453 464
465 services.opendkim = {
466 enable = true;
467 user = "postfix"; group = "postfix";
468 socket = "local:/var/lib/postfix/queue/private/dkim";
469 domains = ''csl:${pkgs.lib.concatStringsSep "," myDomains}'';
470 keyFile = /var/lib/dkim/ymir.private;
471 selector = "ymir";
472 configFile = builtins.toFile "opendkim.conf" ''
473 Syslog true
474 MTACommand /var/setuid-wrappers/sendmail
475 '';
476 };
477
454 services.dovecot2 = { 478 services.dovecot2 = {
455 enable = true; 479 enable = true;
456 enableImap = true; 480 enableImap = true;
@@ -489,7 +513,7 @@ in rec {
489 513
490 service quota-status { 514 service quota-status {
491 executable = quota-status -p postfix 515 executable = quota-status -p postfix
492 unix_listener /var/lib/postfix/queue/policy { 516 unix_listener /var/lib/postfix/queue/private/policy-quota {
493 mode = 0660 517 mode = 0660
494 user = postfix 518 user = postfix
495 group = postfix 519 group = postfix
@@ -522,8 +546,7 @@ in rec {
522 group = "ssl"; 546 group = "ssl";
523 webroot = "/srv/www/acme/yggdrasil.li"; 547 webroot = "/srv/www/acme/yggdrasil.li";
524 email = "phikeebaogobaegh@141.li"; 548 email = "phikeebaogobaegh@141.li";
525 extraDomains = builtins.listToAttrs (builtins.map (name: { inherit name; value = "/srv/www/acme/${name}"; }) 549 extraDomains = builtins.listToAttrs (builtins.map (name: { inherit name; value = "/srv/www/acme/${name}"; }) myDomains);
526 ["dirty-haskell.org" "www.dirty-haskell.org" "lists.dirty-haskell.org" "l.dirty-haskell.org" "files.141.li" "f.141.li" "ymir.141.li" "141.li" "www.141.li" "lists.141.li" "l.141.li" "ymir.xmpp.li" "xmpp.li" "www.xmpp.li" "lists.xmpp.li" "l.xmpp.li" "files.yggdrasil.li" "f.yggdrasil.li" "ymir.yggdrasil.li" "git.yggdrasil.li" "www.yggdrasil.li" "yggdrasil.li" "lists.yggdrasil.li" "l.yggdrasil.li" "files.praseodym.org" "f.praseodym.org" "ymir.praseodym.org" "praseodym.org" "www.praseodym.org" "lists.praseodym.org" "l.praseodym.org"]);
527 postRun = '' 550 postRun = ''
528 systemctl reload nginx.service 551 systemctl reload nginx.service
529 prosodyctl reload 552 prosodyctl reload