preisi/mailnix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

mailsystem: Add configuration options for dkim signatures

Browse source
This commit is contained in:
Thomas Preisner 2024-12-29 01:27:00 +01:00
parent 88d2b387c7
commit de330a87a4
2 changed files with 92 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

39
mailsystem/default.nix
View file

@ -168,6 +168,45 @@ in {
default = {};
};
dkimSettings = lib.mkOption {
type = with lib.types;
attrsOf (listOf (submodule {
options = {
selector = lib.mkOption {
type = lib.types.str;
example = "mail";
description = "DKIM Selector";
};
keyFile = lib.mkOption {
type = lib.types.path;
example = "/run/secrets/dkim/example.com.mail.key";
description = ''
Path to DKIM private-key-file. A public-private-pair can be generated as follows:
```
nix-shell -p rspamd --run 'rspamadm dkim_keygen -s "selector" -t ed25519 -d example.com
nix-shell -p rspamd --run 'rspamadm dkim_keygen -s "selector" -b 2048 -d example.com
```
'';
};
};
}));
example = {
"example.com" = [
{
selector = "mail";
keyFile = "/run/secrets/dkim/example.com.mail.key";
}
];
};
description = ''
Per-domain DKIM configuration.
This option allows to optionally set one or more DKIM private keys
and their respective selectors for each domain individually.
'';
default = {};
};
certificateScheme = lib.mkOption {
type = lib.types.enum ["acme" "selfsigned"];
default = "acme";