diff options
-rw-r--r-- | ymir.nix | 31 |
1 files changed, 27 insertions, 4 deletions
@@ -13,6 +13,12 @@ let | |||
13 | cert = "/var/lib/acme/yggdrasil.li/fullchain.pem"; | 13 | cert = "/var/lib/acme/yggdrasil.li/fullchain.pem"; |
14 | }; | 14 | }; |
15 | }; | 15 | }; |
16 | myDomains = ["dirty-haskell.org" "www.dirty-haskell.org" "lists.dirty-haskell.org" "l.dirty-haskell.org" | ||
17 | "files.141.li" "f.141.li" "ymir.141.li" "141.li" "www.141.li" "lists.141.li" "l.141.li" | ||
18 | "ymir.xmpp.li" "xmpp.li" "www.xmpp.li" "lists.xmpp.li" "l.xmpp.li" | ||
19 | "files.yggdrasil.li" "f.yggdrasil.li" "ymir.yggdrasil.li" "git.yggdrasil.li" "www.yggdrasil.li" "yggdrasil.li" "lists.yggdrasil.li" "l.yggdrasil.li" | ||
20 | "files.praseodym.org" "f.praseodym.org" "ymir.praseodym.org" "praseodym.org" "www.praseodym.org" "lists.praseodym.org" "l.praseodym.org" | ||
21 | ]; | ||
16 | in rec { | 22 | in rec { |
17 | imports = | 23 | imports = |
18 | [ | 24 | [ |
@@ -406,7 +412,7 @@ in rec { | |||
406 | reject_non_fqdn_recipient, | 412 | reject_non_fqdn_recipient, |
407 | reject_unknown_recipient_domain, | 413 | reject_unknown_recipient_domain, |
408 | check_recipient_access hash:/srv/mail/recipient_access, | 414 | check_recipient_access hash:/srv/mail/recipient_access, |
409 | check_policy_service unix:policy, | 415 | check_policy_service unix:private/policy-quota, |
410 | permit_mynetworks, | 416 | permit_mynetworks, |
411 | permit_sasl_authenticated, | 417 | permit_sasl_authenticated, |
412 | reject_unauth_destination, | 418 | reject_unauth_destination, |
@@ -421,6 +427,11 @@ in rec { | |||
421 | policy-spf_time_limit = 3600s | 427 | policy-spf_time_limit = 3600s |
422 | propagate_unmatched_extensions = virtual | 428 | propagate_unmatched_extensions = virtual |
423 | 429 | ||
430 | milter_default_action = accept | ||
431 | milter_protocol = 2 | ||
432 | smtpd_milters = local:private/dkim | ||
433 | non_smtpd_milters = local:private/dkim | ||
434 | |||
424 | alias_maps = hash:/etc/postfix/aliases texthash:/srv/mail/spm | 435 | alias_maps = hash:/etc/postfix/aliases texthash:/srv/mail/spm |
425 | ''; | 436 | ''; |
426 | extraMasterConf = '' | 437 | extraMasterConf = '' |
@@ -451,6 +462,19 @@ in rec { | |||
451 | }; | 462 | }; |
452 | }; | 463 | }; |
453 | 464 | ||
465 | services.opendkim = { | ||
466 | enable = true; | ||
467 | user = "postfix"; group = "postfix"; | ||
468 | socket = "local:/var/lib/postfix/queue/private/dkim"; | ||
469 | domains = ''csl:${pkgs.lib.concatStringsSep "," myDomains}''; | ||
470 | keyFile = /var/lib/dkim/ymir.private; | ||
471 | selector = "ymir"; | ||
472 | configFile = builtins.toFile "opendkim.conf" '' | ||
473 | Syslog true | ||
474 | MTACommand /var/setuid-wrappers/sendmail | ||
475 | ''; | ||
476 | }; | ||
477 | |||
454 | services.dovecot2 = { | 478 | services.dovecot2 = { |
455 | enable = true; | 479 | enable = true; |
456 | enableImap = true; | 480 | enableImap = true; |
@@ -489,7 +513,7 @@ in rec { | |||
489 | 513 | ||
490 | service quota-status { | 514 | service quota-status { |
491 | executable = quota-status -p postfix | 515 | executable = quota-status -p postfix |
492 | unix_listener /var/lib/postfix/queue/policy { | 516 | unix_listener /var/lib/postfix/queue/private/policy-quota { |
493 | mode = 0660 | 517 | mode = 0660 |
494 | user = postfix | 518 | user = postfix |
495 | group = postfix | 519 | group = postfix |
@@ -522,8 +546,7 @@ in rec { | |||
522 | group = "ssl"; | 546 | group = "ssl"; |
523 | webroot = "/srv/www/acme/yggdrasil.li"; | 547 | webroot = "/srv/www/acme/yggdrasil.li"; |
524 | email = "phikeebaogobaegh@141.li"; | 548 | email = "phikeebaogobaegh@141.li"; |
525 | extraDomains = builtins.listToAttrs (builtins.map (name: { inherit name; value = "/srv/www/acme/${name}"; }) | 549 | extraDomains = builtins.listToAttrs (builtins.map (name: { inherit name; value = "/srv/www/acme/${name}"; }) myDomains); |
526 | ["dirty-haskell.org" "www.dirty-haskell.org" "lists.dirty-haskell.org" "l.dirty-haskell.org" "files.141.li" "f.141.li" "ymir.141.li" "141.li" "www.141.li" "lists.141.li" "l.141.li" "ymir.xmpp.li" "xmpp.li" "www.xmpp.li" "lists.xmpp.li" "l.xmpp.li" "files.yggdrasil.li" "f.yggdrasil.li" "ymir.yggdrasil.li" "git.yggdrasil.li" "www.yggdrasil.li" "yggdrasil.li" "lists.yggdrasil.li" "l.yggdrasil.li" "files.praseodym.org" "f.praseodym.org" "ymir.praseodym.org" "praseodym.org" "www.praseodym.org" "lists.praseodym.org" "l.praseodym.org"]); | ||
527 | postRun = '' | 550 | postRun = '' |
528 | systemctl reload nginx.service | 551 | systemctl reload nginx.service |
529 | prosodyctl reload | 552 | prosodyctl reload |