From f5efac09aaced787d9fc80c1e192367e6f93d9fb Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Thu, 7 Jan 2016 01:10:56 +0300 Subject: [PATCH] nixos/opendkim: add module --- nixos/modules/misc/ids.nix | 2 + nixos/modules/module-list.nix | 1 + nixos/modules/services/mail/opendkim.nix | 109 +++++++++++++++++++++++ 3 files changed, 112 insertions(+) create mode 100644 nixos/modules/services/mail/opendkim.nix diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index bcd1067b39c..83c5fde829f 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -242,6 +242,7 @@ mathics = 218; ejabberd = 219; postsrsd = 220; + opendkim = 221; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -461,6 +462,7 @@ mathics = 218; ejabberd = 219; postsrsd = 220; + opendkim = 221; # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index dc7bd86b40f..41389c71112 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -187,6 +187,7 @@ ./services/mail/freepops.nix ./services/mail/mail.nix ./services/mail/mlmmj.nix + ./services/mail/opendkim.nix ./services/mail/opensmtpd.nix ./services/mail/postfix.nix ./services/mail/postsrsd.nix diff --git a/nixos/modules/services/mail/opendkim.nix b/nixos/modules/services/mail/opendkim.nix new file mode 100644 index 00000000000..1cdae9cb654 --- /dev/null +++ b/nixos/modules/services/mail/opendkim.nix @@ -0,0 +1,109 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.services.opendkim; + + defaultSock = "local:/run/opendkim/opendkim.sock"; + + args = [ "-f" "-l" + "-p" cfg.socket + "-d" cfg.domains + "-k" cfg.keyFile + "-s" cfg.selector + ] ++ optionals (cfg.configFile != null) [ "-x" cfg.configFile ]; + +in { + + ###### interface + + options = { + + services.opendkim = { + + enable = mkOption { + type = types.bool; + default = false; + description = "Whether to enable the OpenDKIM sender authentication system."; + }; + + socket = mkOption { + type = types.str; + default = defaultSock; + description = "Socket which is used for communication with OpenDKIM."; + }; + + user = mkOption { + type = types.str; + default = "opendkim"; + description = "User for the daemon."; + }; + + group = mkOption { + type = types.str; + default = "opendkim"; + description = "Group for the daemon."; + }; + + domains = mkOption { + type = types.str; + description = "Local domains set; messages from them are signed, not verified."; + }; + + keyFile = mkOption { + type = types.path; + description = "Secret key file used for signing messages."; + }; + + selector = mkOption { + type = types.str; + description = "Selector to use when signing."; + }; + + configFile = mkOption { + type = types.nullOr types.path; + default = null; + description = "Additional opendkim configuration."; + }; + + }; + + }; + + + ###### implementation + + config = mkIf cfg.enable { + + services.opendkim.domains = mkDefault "csl:${config.networking.hostName}"; + + users.extraUsers = optionalAttrs (cfg.user == "opendkim") (singleton + { name = "opendkim"; + group = cfg.group; + uid = config.ids.uids.opendkim; + }); + + users.extraGroups = optionalAttrs (cfg.group == "opendkim") (singleton + { name = "opendkim"; + gid = config.ids.gids.opendkim; + }); + + environment.systemPackages = [ pkgs.opendkim ]; + + systemd.services.opendkim = { + description = "OpenDKIM signing and verification daemon"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + ExecStart = "${pkgs.opendkim}/bin/opendkim ${concatMapStringsSep " " escapeShellArg args}"; + User = cfg.user; + Group = cfg.group; + RuntimeDirectory = optional (cfg.socket == defaultSock) "opendkim"; + }; + }; + + }; +}