mail-server/dkim.nix

{ config, lib, pkgs, ... }:

with lib;
let cfg = config.fudo.mail.dkim;

in {
  options.fudo.mail.dkim = with types; {
    enable = mkEnableOption "Enable DKIM signature verification.";

    debug = mkEnableOption "Enable debug logs.";

    domains = mkOption {
      type = listOf str;
      description =
        "List of domains to be considered local, and signed instead of verified.";
    };

    selector = mkOption {
      type = str;
      description = "Name to use for mail-signing keys.";
      default = "mail";
    };

    port = mkOption {
      type = port;
      description = "Port at which to listen for incoming signing requests.";
      default = 5324;
    };

    state-directory = mkOption {
      type = str;
      description = "Directory at which to store DKIM state (i.e. keys).";
    };
  };

  config = mkIf cfg.enable {
    networking.firewall = {
      enable = true;
      allowedTCPPorts = [ cfg.port ];
    };

    services.opendkim = {
      enable = true;
      selector = cfg.selector;
      socket = "inet:${toString cfg.port}";
      domains = let domainString = concatStringsSep "," cfg.domains;
      in "csl:${domainString}";
      configFile = let
        debugString = ''
          Syslog yes
          SyslogSuccess yes
          LogWhy yes
        '';
      in pkgs.writeText "opendkim.conf" ''
        Canonicalization relaxed/simple
        ${optionalString cfg.debug debugString}
      '';
    };
  };
}
Initial checkin 2023-09-17 09:57:55 -07:00			`{ config, lib, pkgs, ... }:`

			`with lib;`
Fuck domain-specific keys 2023-09-28 22:34:58 -07:00			`let cfg = config.fudo.mail.dkim;`
Need to define key/signing tables earlier 2023-09-28 14:22:47 -07:00
Initial checkin 2023-09-17 09:57:55 -07:00			`in {`
			`options.fudo.mail.dkim = with types; {`
			`enable = mkEnableOption "Enable DKIM signature verification.";`

			`debug = mkEnableOption "Enable debug logs.";`

			`domains = mkOption {`
			`type = listOf str;`
			`description =`
			`"List of domains to be considered local, and signed instead of verified.";`
			`};`

Add selector option 2023-09-24 10:52:57 -07:00			`selector = mkOption {`
			`type = str;`
			`description = "Name to use for mail-signing keys.";`
			`default = "mail";`
			`};`

Initial checkin 2023-09-17 09:57:55 -07:00			`port = mkOption {`
			`type = port;`
			`description = "Port at which to listen for incoming signing requests.";`
			`default = 5324;`
			`};`

			`state-directory = mkOption {`
			`type = str;`
			`description = "Directory at which to store DKIM state (i.e. keys).";`
			`};`
			`};`

			`config = mkIf cfg.enable {`
Open firewall ports 2023-09-28 12:31:03 -07:00			`networking.firewall = {`
			`enable = true;`
			`allowedTCPPorts = [ cfg.port ];`
			`};`

Initial checkin 2023-09-17 09:57:55 -07:00			`services.opendkim = {`
			`enable = true;`
Just forget domain-specefic FFS 2023-09-28 22:10:29 -07:00			`selector = cfg.selector;`
lol 2023-09-29 09:32:01 -07:00			`socket = "inet:${toString cfg.port}";`
Initial checkin 2023-09-17 09:57:55 -07:00			`domains = let domainString = concatStringsSep "," cfg.domains;`
Fix variable typo 2023-09-24 11:27:27 -07:00			`in "csl:${domainString}";`
Initial checkin 2023-09-17 09:57:55 -07:00			`configFile = let`
			`debugString = ''`
			`Syslog yes`
			`SyslogSuccess yes`
			`LogWhy yes`
			`'';`
			`in pkgs.writeText "opendkim.conf" ''`
			`Canonicalization relaxed/simple`
			`${optionalString cfg.debug debugString}`
			`'';`
			`};`
			`};`
			`}`