commit 488497679ff644a2fa7b3cd0fd327f8c4eacb803 · ryan.freumh.org/eilean-nix

-7

modules/mailserver.nix

···

       75
       75
        
               data = ''"v=spf1 a:mail.${config.networking.domain} -all"'';

     

       76
       76
        
             }

     

       77
       77
        
             {

     

       78
       78
       -
               name = "mail._domainkey";

     

       79
       79
       -
               ttl = 10800;

     

       80
       80
       -
               type = "TXT";

     

       81
       81
       -
               data = ''

     

       82
       82
       -
                 "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6YmYYvoFF7VqtGcozpVQa78aaGgZdvc5ZIHqzmkKdCBEyDF2FRbCEK4s2AlC8hhc8O4mSSe3S4AzEhlRgHXbU22GBaUZ3s2WHS8JJwZvWeTjsbXQwjN/U7xpkqXPHLH9IVfOJbHlp4HQmCAXw4NaypgkkxIGK0jaZHm2j6/1izQIDAQAB"'';

     

       83
       83
       -
             }

     

       84
       84
       -
             {

     

       85
       78
        
               name = "_dmarc";

     

       86
       79
        
               ttl = 10800;

     

       87
       80
        
               type = "TXT";

modules/services/dns/bind.nix

···

       17
       17
        
           in builtins.mapAttrs mapZones cfg.zones;

     

       18
       18
        
         };

     

       19
       19
        
       

     

       20
       20
       +
         users.users = {

     

       21
       21
       +
           named.extraGroups = [ config.services.opendkim.group ];

     

       22
       22
       +
         };

     

       23
       23
       +
       

     

       20
       24
        
         ### bind prestart copy zonefiles

     

       21
       25
        
         systemd.services.bind.preStart = let

     

       22
       26
        
           ops = let

     
···

       29
       33
        
               in ''

     

       30
       34
        
                 if ! diff ${zonefile} ${path} > /dev/null; then

     

       31
       35
        
                   cp ${zonefile} ${path}

     

       36
       36
       +
                   cat ${config.mailserver.dkimKeyDirectory}/*.txt >> ${path}

     

       32
       37
        
                   # remove journal file to avoid 'journal out of sync with zone'

     

       33
       38
        
                   # NB this will reset dynamic updates

     

       34
       39
        
                   rm -f ${path}.signed.jnl