]> Git — Sourcephile - sourcephile-nix.git/blob - install/logical/friot/rmilter.nix
shorewall: add packages and services
[sourcephile-nix.git] / install / logical / friot / rmilter.nix
1 {pkgs, lib, config, ...}:
2 let inherit (builtins) attrNames;
3 inherit (lib) types;
4 inherit (config.services) dkim dovecot2 rmilter;
5
6 createDomainDkimCert = domain:
7 let dkim_key = "${dkim.keyDir}/${domain}.${dkim.selector}.key";
8 dkim_txt = "${dkim.keyDir}/${domain}.${dkim.selector}.txt";
9 in ''
10 if [ ! -f "${dkim_key}" ] || [ ! -f "${dkim_txt}" ]
11 then
12 ${pkgs.opendkim}/bin/opendkim-genkey \
13 --domain "${domain}" \
14 --selector "${dkim.selector}" \
15 --directory="${dkim.keyDir}"
16 mv "${dkim.keyDir}/${dkim.selector}.private" "${dkim_key}"
17 mv "${dkim.keyDir}/${dkim.selector}.txt" "${dkim_txt}"
18 fi
19 '';
20 in
21 {
22 options.services.dkim = lib.mkOption {
23 default = {};
24 type = types.submodule {
25 options = {
26 keyDir = lib.mkOption {
27 type = types.path;
28 default = "/var/lib/dkim";
29 description = ''
30 '';
31 };
32 selector = lib.mkOption {
33 type = types.str;
34 default = "mail";
35 description = ''
36 '';
37 };
38 };
39 };
40 };
41 config = {
42 services.rspamd = {
43 enable = true;
44 };
45 /*
46 services.redis = {
47 enable = true;
48 };
49 */
50 services.rmilter = {
51 enable = true;
52 #debug = true;
53 postfix = {
54 enable = true;
55 };
56 rspamd = {
57 enable = true;
58 extraConfig = "extended_spam_headers = yes;";
59 };
60 extraConfig = ''
61 use_redis = true;
62 max_size = 20M;
63 #clamav {
64 # servers = /var/run/clamav/clamd.ctl;
65 #};
66 # NOTE: domain = "*"; causes rmilter to try to search key in the key path
67 # as keypath/domain.selector.key for any domain.
68 dkim {
69 domain {
70 domain = "*";
71 key = "${dkim.keyDir}";
72 selector = "${dkim.selector}";
73 };
74 sign_alg = sha256;
75 auth_only = yes;
76 };
77 '';
78 bindSocket.type = "unix";
79 bindSocket.path = "/run/rmilter.sock";
80 # NOTE: fix default which is in wiped out directory /run/rmilter/rmilter.sock
81 };
82 #systemd.sockets.rmilter.socketConfig.Accept = false;
83 systemd.services.rmilter = {
84 requires = [ "rmilter.socket" ];
85 after = [ "rmilter.socket" ];
86 preStart = ''
87 install -D -d -o rmilter -g rmilter ${dkim.keyDir}
88 ${lib.concatStringsSep "\n" (map createDomainDkimCert (attrNames dovecot2.domains))}
89 chown -R rmilter:rmilter "${dkim.keyDir}"
90 '';
91 };
92 };
93 }