summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2016-03-05 20:28:08 +0100
committertv <tv@krebsco.de>2016-03-05 20:33:19 +0100
commit421f346257ac19612822b1f0fde9f21d3b5e7955 (patch)
treeecdf9f166b30616aeb784ae319e65dff7cb136ea
parent0106f4ff07174592bab7bdc14679a9654b92dfab (diff)
krebs.exim-smarthost.dkim: support multiple domains
-rw-r--r--krebs/3modules/exim-smarthost.nix41
-rw-r--r--tv/2configs/exim-smarthost.nix6
2 files changed, 26 insertions, 21 deletions
diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix
index 45219885f..6c48f1225 100644
--- a/krebs/3modules/exim-smarthost.nix
+++ b/krebs/3modules/exim-smarthost.nix
@@ -12,15 +12,9 @@ let
api = {
enable = mkEnableOption "krebs.exim-smarthost";
- # TODO DKIM for multiple domains
dkim = mkOption {
- default = null;
- type = types.nullOr (types.submodule ({ config, ... }: {
+ type = types.listOf (types.submodule ({ config, ... }: {
options = {
- canon = mkOption {
- type = types.enum ["relaxed"];
- default = "relaxed";
- };
domain = mkOption {
type = types.str;
};
@@ -38,6 +32,7 @@ let
};
};
}));
+ default = [];
};
internet-aliases = mkOption {
@@ -100,10 +95,11 @@ let
};
imp = {
- krebs.secret.files = mkIf (cfg.dkim != null) {
- exim-dkim_private_key = cfg.dkim.private_key;
- };
- systemd.services = mkIf (cfg.dkim != null) {
+ krebs.secret.files = listToAttrs (flip map cfg.dkim (dkim: {
+ name = "exim.dkim_private_key/${dkim.domain}";
+ value = dkim.private_key;
+ }));
+ systemd.services = mkIf (cfg.dkim != []) {
exim = {
after = [ "secret.service" ];
requires = [ "secret.service" ];
@@ -230,11 +226,11 @@ let
remote_smtp:
driver = smtp
- ${optionalString (cfg.dkim != null) ''
- dkim_domain = ${cfg.dkim.domain}
- dkim_selector = ${cfg.dkim.selector}
- dkim_private_key = ${cfg.dkim.private_key.path}
- dkim_canon = ${cfg.dkim.canon}
+ ${optionalString (cfg.dkim != []) ''
+ dkim_canon = relaxed
+ dkim_domain = $sender_address_domain
+ dkim_private_key = ''${lookup{$sender_address_domain}lsearch{${lsearch.dkim_private_key}}}
+ dkim_selector = ''${lookup{$sender_address_domain}lsearch{${lsearch.dkim_selector}}}
''}
helo_data = ''${if eq{$acl_m_special_dom}{} \
{$primary_hostname} \
@@ -264,10 +260,19 @@ let
};
- lsearch = mapAttrs (name: set: toFile name (to-lsearch set)) {
+ lsearch = mapAttrs (name: set: toFile name (to-lsearch set)) ({
inherit (cfg) internet-aliases;
inherit (cfg) system-aliases;
- };
+ } // optionalAttrs (cfg.dkim != []) {
+ dkim_private_key = flip map cfg.dkim (dkim: {
+ from = dkim.domain;
+ to = dkim.private_key.path;
+ });
+ dkim_selector = flip map cfg.dkim (dkim: {
+ from = dkim.domain;
+ to = dkim.selector;
+ });
+ });
to-lsearch = concatMapStringsSep "\n" ({ from, to, ... }: "${from}: ${to}");
diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix
index 2beaa28ef..280d8572b 100644
--- a/tv/2configs/exim-smarthost.nix
+++ b/tv/2configs/exim-smarthost.nix
@@ -5,9 +5,9 @@ with config.krebs.lib;
{
krebs.exim-smarthost = {
enable = true;
- dkim = {
- domain = "viljetic.de";
- };
+ dkim = [
+ { domain = "viljetic.de"; }
+ ];
sender_domains = [
"krebsco.de"
"shackspace.de"