]> Git — Sourcephile - sourcephile-nix.git/blob - servers/mermet/rspamd/sourcephile.fr.nix
fail2ban: enable sshd and postgresql on losurdo
[sourcephile-nix.git] / servers / mermet / rspamd / sourcephile.fr.nix
1 { domain, ... }:
2 { pkgs, lib, config, ... }:
3 let
4 inherit (builtins.extraBuiltins) pass;
5 inherit (lib) types;
6 inherit (config.services) rspamd;
7 selector = "20200101";
8 in
9 {
10 systemd.services.rspamd.after =
11 [ "dkim.${domain}.${selector}.key-key.service" ];
12 services.rspamd.dkimSelectorMap = ''
13 mermet ${selector}
14 ${domain} ${selector}
15 '';
16 services.knot.zones."${domain}".data = ''
17 20200101._domainkey IN TXT ( "v=DKIM1; k=rsa; "
18 "p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA7EKzverbG+5JF+yFjH3MrxLyauiHyLqBbV/8LEMunoKXF8sqhBpQtAQXruLqsyUkxR/4CAyPMyzmcdrU43boMj9yFqLrg/kEz2RIvai9jXBqRoWRW1y7F0LbZmdtOTncuDSP8Zzo02XUzsOC4f/C3tEQHS5rc"
19 "hzfhU5FY1CeO6eBMV79qKBOvGMKahQTrrtU6olAAJxOhn6wRuwSf"
20 "+m3on1OqiuXYYIgNHKdRhJ8gDwIm/3LEpYMD0gTgJiyclCLoLGHGtKZy1Wf9xV9/7V6fHE4JW5SDivwslVTL+KPXOlIpo5NDHpMxPYOcIg2K4Rj/j7jhavo+fG43q1LhwaPkEMQMbplgnjeMY8300odRiklTkMMpH0m35ZNeHQJSRpEtV8y5xUNxVaGzfqX5iStwV/mQ1Kn"
21 "ZSe8ORTNq+eTTFnDk6zdUXjagcf0wO6QsSTeAz/G8CqOBbwmrU+q"
22 "F8WbGAeRnhz51mH6fTTfsQ1nwjAiF4ou+eQGTkTMN23KkCKpuozJnxqx4DCEr6J1bL83fhXw7CgcfgKgTOk/HFJpeiGhqodw18r4DWBA6G57z9utm7Mr/9SoVnMq6iK9iEcbCllLR8Sz4viatLSRzhodbk7hfvXS3jmCFjILAjFmA7aMTemDMBDQhpAGF9F8sjFUbEJIZjK"
23 "rWWtSTdO8DilDqN8CAwEAAQ=="
24 )
25 '';
26 services.nsd.zones."${domain}".data = ''
27 20200101._domainkey IN TXT ( "v=DKIM1; k=rsa; "
28 "p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA7EKzverbG+5JF+yFjH3MrxLyauiHyLqBbV/8LEMunoKXF8sqhBpQtAQXruLqsyUkxR/4CAyPMyzmcdrU43boMj9yFqLrg/kEz2RIvai9jXBqRoWRW1y7F0LbZmdtOTncuDSP8Zzo02XUzsOC4f/C3tEQHS5rc"
29 "hzfhU5FY1CeO6eBMV79qKBOvGMKahQTrrtU6olAAJxOhn6wRuwSf"
30 "+m3on1OqiuXYYIgNHKdRhJ8gDwIm/3LEpYMD0gTgJiyclCLoLGHGtKZy1Wf9xV9/7V6fHE4JW5SDivwslVTL+KPXOlIpo5NDHpMxPYOcIg2K4Rj/j7jhavo+fG43q1LhwaPkEMQMbplgnjeMY8300odRiklTkMMpH0m35ZNeHQJSRpEtV8y5xUNxVaGzfqX5iStwV/mQ1Kn"
31 "ZSe8ORTNq+eTTFnDk6zdUXjagcf0wO6QsSTeAz/G8CqOBbwmrU+q"
32 "F8WbGAeRnhz51mH6fTTfsQ1nwjAiF4ou+eQGTkTMN23KkCKpuozJnxqx4DCEr6J1bL83fhXw7CgcfgKgTOk/HFJpeiGhqodw18r4DWBA6G57z9utm7Mr/9SoVnMq6iK9iEcbCllLR8Sz4viatLSRzhodbk7hfvXS3jmCFjILAjFmA7aMTemDMBDQhpAGF9F8sjFUbEJIZjK"
33 "rWWtSTdO8DilDqN8CAwEAAQ=="
34 )
35 '';
36 install.shellHook = ''
37 pass "dkim/${domain}/${selector}.key" |
38 ssh "$target" install -D -m 0400 -o ${rspamd.user} -g root /dev/stdin \
39 /run/keys/"dkim.${domain}.${selector}.key"
40 '';
41 }