nixos/modules/services/mail/opendkim.nix at 16.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / mail / opendkim.nix
at 16.09-beta 2.7 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4
  5let
  6
  7  cfg = config.services.opendkim;
  8
  9  defaultSock = "local:/run/opendkim/opendkim.sock";
 10
 11  args = [ "-f" "-l"
 12           "-p" cfg.socket
 13           "-d" cfg.domains
 14           "-k" cfg.keyFile
 15           "-s" cfg.selector
 16         ] ++ optionals (cfg.configFile != null) [ "-x" cfg.configFile ];
 17
 18in {
 19
 20  ###### interface
 21
 22  options = {
 23
 24    services.opendkim = {
 25
 26      enable = mkOption {
 27        type = types.bool;
 28        default = false;
 29        description = "Whether to enable the OpenDKIM sender authentication system.";
 30      };
 31
 32      socket = mkOption {
 33        type = types.str;
 34        default = defaultSock;
 35        description = "Socket which is used for communication with OpenDKIM.";
 36      };
 37
 38      user = mkOption {
 39        type = types.str;
 40        default = "opendkim";
 41        description = "User for the daemon.";
 42      };
 43
 44      group = mkOption {
 45        type = types.str;
 46        default = "opendkim";
 47        description = "Group for the daemon.";
 48      };
 49
 50      domains = mkOption {
 51        type = types.str;
 52        default = "csl:${config.networking.hostName}";
 53        example = "csl:example.com,mydomain.net";
 54        description = ''
 55          Local domains set (see <literal>opendkim(8)</literal> for more information on datasets).
 56          Messages from them are signed, not verified.
 57        '';
 58      };
 59
 60      keyFile = mkOption {
 61        type = types.path;
 62        description = "Secret key file used for signing messages.";
 63      };
 64
 65      selector = mkOption {
 66        type = types.str;
 67        description = "Selector to use when signing.";
 68      };
 69
 70      configFile = mkOption {
 71        type = types.nullOr types.path;
 72        default = null;
 73        description = "Additional opendkim configuration.";
 74      };
 75
 76    };
 77
 78  };
 79
 80
 81  ###### implementation
 82
 83  config = mkIf cfg.enable {
 84
 85    users.extraUsers = optionalAttrs (cfg.user == "opendkim") (singleton
 86      { name = "opendkim";
 87        group = cfg.group;
 88        uid = config.ids.uids.opendkim;
 89      });
 90
 91    users.extraGroups = optionalAttrs (cfg.group == "opendkim") (singleton
 92      { name = "opendkim";
 93        gid = config.ids.gids.opendkim;
 94      });
 95
 96    environment.systemPackages = [ pkgs.opendkim ];
 97
 98    systemd.services.opendkim = {
 99      description = "OpenDKIM signing and verification daemon";
100      after = [ "network.target" ];
101      wantedBy = [ "multi-user.target" ];
102
103      serviceConfig = {
104        ExecStart = "${pkgs.opendkim}/bin/opendkim ${escapeShellArgs args}";
105        User = cfg.user;
106        Group = cfg.group;
107        RuntimeDirectory = optional (cfg.socket == defaultSock) "opendkim";
108      };
109    };
110
111  };
112}