add rmilter and certificate files

This commit is contained in:
Robin Raymond 2017-08-12 18:27:22 +02:00
parent 9cbd131ffc
commit be5d8c09d8
5 changed files with 97 additions and 10 deletions

View file

@ -89,6 +89,9 @@ let
cert_file = "/root/mail-server.crt"; cert_file = "/root/mail-server.crt";
key_file = "/root/mail-server.key"; key_file = "/root/mail-server.key";
# Sceme 2)
cert_folder = "/root/certs";
# #
# Whether to enable imap / pop3. Both variants are only supported in the # Whether to enable imap / pop3. Both variants are only supported in the
# (sane) startTLS configuration. (TODO: Allow SSL ports). The ports are # (sane) startTLS configuration. (TODO: Allow SSL ports). The ports are
@ -119,7 +122,8 @@ in
{ {
services = import ./mail-server/services.nix { services = import ./mail-server/services.nix {
inherit mail_dir vmail_user_name vmail_group_name valiases domain inherit mail_dir vmail_user_name vmail_group_name valiases domain
enable_imap enable_pop3; enable_imap enable_pop3 virus_scanning dkim_signing
certificate_scheme cert_file key_file;
}; };
environment = import ./mail-server/environment.nix { environment = import ./mail-server/environment.nix {

View file

@ -15,10 +15,22 @@
# along with this program. If not, see <http://www.gnu.org/licenses/> # along with this program. If not, see <http://www.gnu.org/licenses/>
{ vmail_group_name, vmail_user_name, mail_dir, enable_imap, enable_pop3, { vmail_group_name, vmail_user_name, mail_dir, enable_imap, enable_pop3,
... }: certificate_scheme, cert_file, key_file }:
let let
# maildir in format "/${domain}/${user}/" # maildir in format "/${domain}/${user}/"
dovecot_maildir = "maildir:${mail_dir}/%d/%n/"; dovecot_maildir = "maildir:${mail_dir}/%d/%n/";
# cert :: PATH
cert = if certificate_scheme == 1
then cert_file
else "";
# key :: PATH
key = if certificate_scheme == 1
then key_file
else "";
in in
{ {
enable = true; enable = true;
@ -27,8 +39,8 @@ in
mailGroup = vmail_group_name; mailGroup = vmail_group_name;
mailUser = vmail_user_name; mailUser = vmail_user_name;
mailLocation = dovecot_maildir; mailLocation = dovecot_maildir;
#sslServerCert = "/etc/nixos/cert/${cert_file}"; // TODO: Define sslServerCert = cert;
#sslServerKey = "/etc/nixos/cert/${key_file}"; // TODO: Define sslServerKey = key;
enableLmtp = true; enableLmtp = true;
extraConfig = '' extraConfig = ''
#Extra Config #Extra Config

View file

@ -14,7 +14,7 @@
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/> # along with this program. If not, see <http://www.gnu.org/licenses/>
{ mail_dir, domain, valiases }: { mail_dir, domain, valiases, certificate_scheme, cert_file, key_file }:
let let
# valiasToString :: { from = "..."; to = "..." } -> String # valiasToString :: { from = "..."; to = "..." } -> String
@ -33,14 +33,25 @@ let
# vhosts_file :: Path # vhosts_file :: Path
vhosts_file = builtins.toFile "vhosts" domain; vhosts_file = builtins.toFile "vhosts" domain;
# cert :: PATH
cert = if certificate_scheme == 1
then cert_file
else "";
# key :: PATH
key = if certificate_scheme == 1
then key_file
else "";
in in
{ {
enable = true; enable = true;
networksStyle = "host"; networksStyle = "host";
mapFiles."valias" = valiases_file; mapFiles."valias" = valiases_file;
# mapFiles."vaccounts" = vaccounts_file; # mapFiles."vaccounts" = vaccounts_file;
# sslCert = "/etc/nixos/cert/${cert_file}"; sslCert = cert;
# sslKey = "/etc/nixos/cert/${key_file}"; sslKey = key;
extraConfig = extraConfig =
'' ''

55
mail-server/rmilter.nix Normal file
View file

@ -0,0 +1,55 @@
# nixos-mailserver: a simple mail server
# Copyright (C) 2016-2017 Robin Raymond
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>
{ domain, virus_scanning, dkim_signing }:
let
clamav = if virus_scanning
then
''
clamav {
servers = /var/run/clamav/clam.ctl;
};
''
else "";
dkim = if dkim_signing
then
''
dkim {
domain {
key = /etc/nixos/dkim/${domain}.pem;
domain = "${domain}";
selector = "dkim";
};
sign_alg = sha256;
auth_only = yes;
}
''
else "";
in
{
enable = true;
# debug = true;
postfix.enable = true;
rspamd.enable = true;
extraConfig =
''
${clamav}
${dkim}
'';
}

View file

@ -15,7 +15,8 @@
# along with this program. If not, see <http://www.gnu.org/licenses/> # along with this program. If not, see <http://www.gnu.org/licenses/>
{ mail_dir, vmail_user_name, vmail_group_name, valiases, domain, enable_imap, { mail_dir, vmail_user_name, vmail_group_name, valiases, domain, enable_imap,
enable_pop3 }: enable_pop3, virus_scanning, dkim_signing, certificate_scheme, cert_file,
key_file }:
{ {
# rspamd # rspamd
@ -23,12 +24,16 @@ enable_pop3 }:
enable = true; enable = true;
}; };
rmilter = import ./rmilter.nix {
inherit domain virus_scanning dkim_signing;
};
postfix = import ./postfix.nix { postfix = import ./postfix.nix {
inherit mail_dir domain valiases; inherit mail_dir domain valiases certificate_scheme cert_file key_file;
}; };
dovecot2 = import ./dovecot.nix { dovecot2 = import ./dovecot.nix {
inherit vmail_group_name vmail_user_name mail_dir enable_imap inherit vmail_group_name vmail_user_name mail_dir enable_imap
enable_pop3; enable_pop3 certificate_scheme cert_file key_file;
}; };
} }