From fa46d01d16aad10b28e2ad25957df7727dfc4854 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Tue, 27 Dec 2022 15:54:58 +0100 Subject: generalize surtr email setup --- hosts/surtr/email/default.nix | 107 +++++++++++++++--------------------------- 1 file changed, 39 insertions(+), 68 deletions(-) (limited to 'hosts') diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix index 22790fbb..a2e93e32 100644 --- a/hosts/surtr/email/default.nix +++ b/hosts/surtr/email/default.nix @@ -42,6 +42,7 @@ let }; spmDomains = ["bouncy.email"]; + emailDomains = spmDomains ++ ["kleen.consulting"]; in { config = { nixpkgs.overlays = [ @@ -107,17 +108,12 @@ in { smtp_tls_connection_reuse = true; - tls_server_sni_maps = ''texthash:${pkgs.writeText "sni" '' - bouncy.email /run/credentials/postfix.service/bouncy.email.full.pem - mailin.bouncy.email /run/credentials/postfix.service/mailin.bouncy.email.full.pem - mailsub.bouncy.email /run/credentials/postfix.service/mailsub.bouncy.email.full.pem - .bouncy.email /run/credentials/postfix.service/bouncy.email.full.pem - - kleen.consulting /run/credentials/postfix.service/kleen.consulting.full.pem - mailin.kleen.consulting /run/credentials/postfix.service/mailin.kleen.consulting.full.pem - mailsub.kleen.consulting /run/credentials/postfix.service/mailsub.kleen.consulting.full.pem - .kleen.consulting /run/credentials/postfix.service/kleen.consulting.full.pem - ''}''; + tls_server_sni_maps = ''texthash:${pkgs.writeText "sni" ( + concatMapStringsSep "\n\n" (domain: + concatMapStringsSep "\n" (subdomain: "${subdomain} /run/credentials/postfix.service/${subdomain}.full.pem") + [domain "mailin.${domain}" "mailsub.${domain}" ".${domain}"] + ) emailDomains + )}''; smtp_tls_policy_maps = "socketmap:unix:${config.services.postfix-mta-sts-resolver.settings.path}:postfix"; @@ -282,16 +278,14 @@ in { domain = "surtr.yggdrasil.li"; separator = "+"; excludeDomains = [ "surtr.yggdrasil.li" - ".bouncy.email" "bouncy.email" - ".kleen.consulting" "kleen.consulting" - ]; + ] ++ concatMap (domain: [".${domain}" domain]) emailDomains; }; services.opendkim = { enable = true; user = "postfix"; group = "postfix"; socket = "local:/run/opendkim/opendkim.sock"; - domains = ''csl:${concatStringsSep "," ["surtr.yggdrasil.li" "bouncy.email" "kleen.consulting"]}''; + domains = ''csl:${concatStringsSep "," (["surtr.yggdrasil.li"] ++ emailDomains)}''; selector = "surtr"; configFile = builtins.toFile "opendkim.conf" '' Syslog true @@ -429,23 +423,14 @@ in { first_valid_gid = ${toString config.users.groups.dovecot2.gid} last_valid_gid = ${toString config.users.groups.dovecot2.gid} - local_name imap.bouncy.email { - ssl_cert =