systemd to module
This commit is contained in:
Robin Raymond
parent
9ac491f87d
commit
3eb363fc71
|
|
@ -252,6 +252,7 @@ in
|
||||||
./mail-server/users.nix
|
./mail-server/users.nix
|
||||||
./mail-server/environment.nix
|
./mail-server/environment.nix
|
||||||
./mail-server/networking.nix
|
./mail-server/networking.nix
|
||||||
|
./mail-server/systemd.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
|
@ -262,11 +263,5 @@ in
|
||||||
certificateScheme certificateFile keyFile certificateDirectory virusScanning;
|
certificateScheme certificateFile keyFile certificateDirectory virusScanning;
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd = import ./mail-server/systemd.nix {
|
|
||||||
inherit pkgs;
|
|
||||||
inherit (cfg) mailDirectory vmailGroupName certificateScheme
|
|
||||||
certificateDirectory
|
|
||||||
hostPrefix domain dkimSelector dkimKeyDirectory;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -14,22 +14,23 @@
|
||||||
# You should have received a copy of the GNU General Public License
|
# You should have received a copy of the GNU General Public License
|
||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>
|
# along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||||
|
|
||||||
{ pkgs, mailDirectory, vmailGroupName, certificateScheme, certificateDirectory, hostPrefix,
|
{ config, pkgs, lib, ... }:
|
||||||
domain, dkimSelector, dkimKeyDirectory}:
|
|
||||||
|
|
||||||
let
|
let
|
||||||
create_certificate = if certificateScheme == 2 then
|
cfg = config.mailserver;
|
||||||
|
|
||||||
|
create_certificate = if cfg.certificateScheme == 2 then
|
||||||
''
|
''
|
||||||
# Create certificates if they do not exist yet
|
# Create certificates if they do not exist yet
|
||||||
dir="${certificateDirectory}"
|
dir="${cfg.certificateDirectory}"
|
||||||
fqdn="${hostPrefix}.${domain}"
|
fqdn="${cfg.hostPrefix}.${cfg.domain}"
|
||||||
case $fqdn in /*) fqdn=$(cat "$fqdn");; esac
|
case $fqdn in /*) fqdn=$(cat "$fqdn");; esac
|
||||||
key="''${dir}/key-${domain}.pem";
|
key="''${dir}/key-${cfg.domain}.pem";
|
||||||
cert="''${dir}/cert-${domain}.pem";
|
cert="''${dir}/cert-${cfg.domain}.pem";
|
||||||
|
|
||||||
if [ ! -f "''${key}" ] || [ ! -f "''${cert}" ]
|
if [ ! -f "''${key}" ] || [ ! -f "''${cert}" ]
|
||||||
then
|
then
|
||||||
mkdir -p "${certificateDirectory}"
|
mkdir -p "${cfg.certificateDirectory}"
|
||||||
(umask 077; "${pkgs.openssl}/bin/openssl" genrsa -out "''${key}" 2048) &&
|
(umask 077; "${pkgs.openssl}/bin/openssl" genrsa -out "''${key}" 2048) &&
|
||||||
"${pkgs.openssl}/bin/openssl" req -new -key "''${key}" -x509 -subj "/CN=''${fqdn}" \
|
"${pkgs.openssl}/bin/openssl" req -new -key "''${key}" -x509 -subj "/CN=''${fqdn}" \
|
||||||
-days 3650 -out "''${cert}"
|
-days 3650 -out "''${cert}"
|
||||||
|
|
@ -37,49 +38,53 @@ let
|
||||||
''
|
''
|
||||||
else "";
|
else "";
|
||||||
|
|
||||||
dkim_key = "${dkimKeyDirectory}/${dkimSelector}.private";
|
dkim_key = "${cfg.dkimKeyDirectory}/${cfg.dkimSelector}.private";
|
||||||
dkim_txt = "${dkimKeyDirectory}/${dkimSelector}.txt";
|
dkim_txt = "${cfg.dkimKeyDirectory}/${cfg.dkimSelector}.txt";
|
||||||
create_dkim_cert =
|
create_dkim_cert =
|
||||||
''
|
''
|
||||||
# Create dkim dir
|
# Create dkim dir
|
||||||
mkdir -p "${dkimKeyDirectory}"
|
mkdir -p "${cfg.dkimKeyDirectory}"
|
||||||
chown rmilter:rmilter "${dkimKeyDirectory}"
|
chown rmilter:rmilter "${cfg.dkimKeyDirectory}"
|
||||||
|
|
||||||
if [ ! -f "${dkim_key}" ] || [ ! -f "${dkim_txt}" ]
|
if [ ! -f "${dkim_key}" ] || [ ! -f "${dkim_txt}" ]
|
||||||
then
|
then
|
||||||
|
|
||||||
${pkgs.opendkim}/bin/opendkim-genkey -s "${dkimSelector}" \
|
${pkgs.opendkim}/bin/opendkim-genkey -s "${cfg.dkimSelector}" \
|
||||||
-d ${domain} \
|
-d ${cfg.domain} \
|
||||||
--directory="${dkimKeyDirectory}"
|
--directory="${cfg.dkimKeyDirectory}"
|
||||||
chown rmilter:rmilter "${dkim_key}"
|
chown rmilter:rmilter "${dkim_key}"
|
||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
# Set the correct permissions for dovecot vmail folder. See
|
|
||||||
# <http://wiki2.dovecot.org/SharedMailboxes/Permissions>. We choose
|
|
||||||
# to use the systemd service to set the folder permissions whenever
|
|
||||||
# dovecot gets started.
|
|
||||||
services.dovecot2.after = [ "postfix.service" ];
|
|
||||||
|
|
||||||
# Check for certificate before both postfix and dovecot to make sure it
|
config = with cfg; lib.mkIf enable {
|
||||||
# exists.
|
# Set the correct permissions for dovecot vmail folder. See
|
||||||
services.postfix = {
|
# <http://wiki2.dovecot.org/SharedMailboxes/Permissions>. We choose
|
||||||
preStart =
|
# to use the systemd service to set the folder permissions whenever
|
||||||
''
|
# dovecot gets started.
|
||||||
|
systemd.services.dovecot2.after = [ "postfix.service" ];
|
||||||
|
|
||||||
|
# Check for certificate before both postfix and dovecot to make sure it
|
||||||
|
# exists.
|
||||||
|
systemd.services.postfix = {
|
||||||
|
preStart =
|
||||||
|
''
|
||||||
# Create mail directory and set permissions
|
# Create mail directory and set permissions
|
||||||
mkdir -p "${mailDirectory}"
|
mkdir -p "${mailDirectory}"
|
||||||
chgrp "${vmailGroupName}" "${mailDirectory}"
|
chgrp "${vmailGroupName}" "${mailDirectory}"
|
||||||
chmod 02770 "${mailDirectory}"
|
chmod 02770 "${mailDirectory}"
|
||||||
|
|
||||||
${create_certificate}
|
${create_certificate}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
services.rmilter = {
|
systemd.services.rmilter = {
|
||||||
preStart =
|
preStart =
|
||||||
''
|
''
|
||||||
${create_dkim_cert}
|
${create_dkim_cert}
|
||||||
'';
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue