mailsystem: Add configuration options for dkim signatures
This commit is contained in:
parent
88d2b387c7
commit
de330a87a4
2 changed files with 92 additions and 6 deletions
|
|
@ -39,12 +39,27 @@ in {
|
|||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
assertions = [
|
||||
{
|
||||
assertion = !cfg.rspamd.webUi.enable || cfg.rspamd.webUi.basicAuthFile != null;
|
||||
message = "Setting basicAuthFile is required if rspamd's web interface is enabled";
|
||||
}
|
||||
];
|
||||
assertions =
|
||||
[
|
||||
{
|
||||
assertion = !cfg.rspamd.webUi.enable || cfg.rspamd.webUi.basicAuthFile != null;
|
||||
message = "Setting basicAuthFile is required if rspamd's web interface is enabled";
|
||||
}
|
||||
]
|
||||
++ lib.mapAttrsToList (
|
||||
domain: dkimList: {
|
||||
assertion = builtins.elem domain cfg.domains;
|
||||
message = "Domain ${domain} as per `config.mailsystem.dkimSettings` needs to be managed by the mailserver.";
|
||||
}
|
||||
)
|
||||
cfg.dkimSettings
|
||||
++ lib.mapAttrsToList (
|
||||
domain: dkimList: {
|
||||
assertion = dkimList != [];
|
||||
message = "Entry ${domain} as per `config.mailsystem.dkimSettings` must not be an empty list.";
|
||||
}
|
||||
)
|
||||
cfg.dkimSettings;
|
||||
|
||||
services.rspamd = {
|
||||
enable = true;
|
||||
|
|
@ -57,6 +72,38 @@ in {
|
|||
}
|
||||
'';
|
||||
};
|
||||
"dkim_signing.conf" = let
|
||||
genDkimSelectorList = entry: ''
|
||||
{
|
||||
path: "${entry.keyFile}";
|
||||
selector: "${entry.selector}";
|
||||
}
|
||||
'';
|
||||
genDkimDomainCfg = domain: domainSettings: ''
|
||||
${domain} {
|
||||
selectors [
|
||||
${lib.concatStringsSep "\n" (map genDkimSelectorList domainSettings)}
|
||||
]
|
||||
}
|
||||
'';
|
||||
in {
|
||||
text =
|
||||
''
|
||||
sign_authenticated = true;
|
||||
use_esld = true;
|
||||
use_domain = "header";
|
||||
check_pubkey = true;
|
||||
allow_username_mismatch = true;
|
||||
allow_hdrfrom_mismatch = true;
|
||||
allow_hdrfrom_mismatch_sign_networks = true;
|
||||
|
||||
''
|
||||
+ lib.optionalString (cfg.dkimSettings != {}) ''
|
||||
domain {
|
||||
${lib.concatStringsSep "\n" (lib.mapAttrsToList genDkimDomainCfg cfg.dkimSettings)}
|
||||
}
|
||||
'';
|
||||
};
|
||||
"milter_headers.conf" = {
|
||||
text = ''
|
||||
# Add headers related to spam-detection
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue