diff options
| author | Marek Paśnikowski <marek@marekpasnikowski.pl> | 2024-09-12 15:40:23 +0200 |
|---|---|---|
| committer | Marek Paśnikowski <marek@marekpasnikowski.pl> | 2024-09-12 15:40:23 +0200 |
| commit | 8e3400b54221499cc03fffcb1993f6f8918848b5 (patch) | |
| tree | 404df73f183f7999a372ec779c7aa66d8850b017 /systems/izumi/izumi.org | |
| parent | 37da36721325e8fa94c0efb668edc5d8f98ec538 (diff) | |
refactor(id1000): implement dkimproxy in user module
Diffstat (limited to 'systems/izumi/izumi.org')
| -rw-r--r-- | systems/izumi/izumi.org | 256 |
1 files changed, 1 insertions, 255 deletions
diff --git a/systems/izumi/izumi.org b/systems/izumi/izumi.org index 602b621..f9094c5 100644 --- a/systems/izumi/izumi.org +++ b/systems/izumi/izumi.org @@ -54,258 +54,6 @@ (define hosts-izumi (local-file "system-files/hosts")) - ( define-record-type* - <dkimproxy-out-signature-configuration> - dkimproxy-out-signature-configuration - make-dkimproxy-out-signature-configuration - dkimproxy-out-signature-configuration? - ( type - dkimproxy-out-signature-configuration-type - ( default 'dkim ) ) - ( key - dkimproxy-out-signature-configuration-key - ( default #f ) ) - ( algorithm - dkimproxy-out-signature-configuration-algorithm - ( default #f ) ) - ( method - dkimproxy-out-signature-configuration-method - ( default #f) ) - ( domain - dkimproxy-out-signature-configuration-domain - ( default #f ) ) - ( identity - dkimproxy-out-signature-configuration-identity - ( default #f ) ) - ( selector - dkimproxy-out-signature-configuration-selector - ( default #f ) ) ) - - ( define generate-dkimproxy-out-signature-configuration - ( match-lambda - ( ( $ - <dkimproxy-out-signature-configuration> - type - key - algorithm - method - domain - identity - selector ) - ( string-append - ( match type - ( 'dkim "dkim" ) - ( 'domainkeys "domainkeys" ) ) - ( if ( or key algorithm method domain identity selector ) - ( string-append - "(" - ( string-join - `( ,@ ( if key - ( list ( string-append "key=" key ) ) - '() ) - ,@ ( if algorithm - ( list ( string-append "a=" algorithm ) ) - '() ) - ,@ ( if method - ( list ( string-append "c=" method ) ) - '() ) - ,@ ( if domain - ( list ( string-append "d=" domain ) ) - '() ) - ,@ ( if identity - ( list ( string-append "i=" identity ) ) - '() ) - ,@ ( if selector - ( list ( string-append "s=" selector ) ) - '() ) ) - "," ) - ")" ) - "" ) ) ) ) ) - - ( define-record-type* - <dkimproxy-out-configuration> - dkimproxy-out-configuration - make-dkimproxy-out-configuration - dkimproxy-out-configuration? - ( package - dkimproxy-out-configuration-package - ( default dkimproxy ) ) - ( listen - dkimproxy-out-configuration-listen - ( default #f ) ) - ( relay - dkimproxy-out-configuration-relay - ( default #f ) ) - ( list-id-map - dkimproxy-out-configuration-list-id-map - ( default '() ) ) - ( sender-map - dkimproxy-out-configuration-sender-map - ( default '() ) ) - ( reject-error? - dkimproxy-out-configuration-sender-reject-error? - ( default #f ) ) - ( config-file - dkimproxy-out-configuration-config-file - ( default #f ) ) ) - - ( define ( generate-map-file config filename ) - ( apply - plain-file - filename - ( map ( lambda ( config ) - ( match config - ( ( selector ( config ... ) ) - ( string-append - selector " " - ( string-join - ( map - generate-dkimproxy-out-signature-configuration - config ) - "\n") ) ) - ( ( selector config ) - ( string-append - selector " " - ( generate-dkimproxy-out-signature-configuration - config ) ) ) ) ) - config ) ) ) - - ( define dkimproxy-out-shepherd-service - ( match-lambda - ( ( $ - <dkimproxy-out-configuration> - package - listen - relay - list-id-map - sender-map - reject-error? - config-file ) - ( list - ( shepherd-service - ( provision '( dkimproxy-out ) ) - ( requirement '( loopback ) ) - ( documentation "Outbound DKIM proxy." ) - ( start - ( let ( ( proxy ( file-append package "/bin/dkimproxy.out" ) ) ) - ( if config-file - #~ - ( make-forkexec-constructor - ( list - #$ - proxy - ( string-append "--conf_file=" #$ config-file ) - "--pidfile=/var/run/dkimproxy.out.pid" - "--user=dkimproxy" "--group=dkimproxy" ) - #:pid-file "/var/run/dkimproxy.out.pid" ) - ( let* - ( ( first-signature - ( match sender-map - ( ( ( sender ( signature _ ... ) ) _ ... ) signature ) - ( ( ( sender signature ) _ ... ) signature ) ) ) - ( domains - ( apply append - ( map - ( lambda ( sender ) - ( match sender - ( ( ( domains ... ) config ) domains ) - ( ( domain config ) domain ) ) ) - sender-map ) ) ) - ( sender-map - ( generate-map-file sender-map "sender.map" ) ) - ( listid-map - ( if ( null? list-id-map ) - #f - ( generate-map-file list-id-map "listid.map" ) ) ) - ( keyfile - ( dkimproxy-out-signature-configuration-key - first-signature ) ) - ( selector - ( dkimproxy-out-signature-configuration-selector - first-signature ) ) - ( method - ( dkimproxy-out-signature-configuration-method - first-signature ) ) - ( signature - ( match ( dkimproxy-out-signature-configuration-type - first-signature ) - ( 'dkim "dkim" ) - ( 'domainkeys "domainkeys" ) ) ) ) - #~ - ( make-forkexec-constructor - `( ,#$ - proxy - "--pidfile=/var/run/dkimproxy.out.pid" - "--user=dkimproxy" "--group=dkimproxy" - ,( string-append "--listen=" #$ listen ) - ,( string-append "--relay=" #$ relay ) - ,( string-append "--sender_map=" #$ sender-map ) - ,@ ( if #$ listid-map - ( list - ( string-append "--listid_map=" #$ listid-map ) ) - '() ) - ,( string-append "--domain=" #$ domains ) - ,( string-append "--keyfile=" #$ keyfile ) - ,( string-append "--selector=" #$ selector ) - ,@ ( if #$ method - ( list - ( string-append "--method=" #$ method ) ) - '() ) - ,@ ( if #$ reject-error? - '( "--reject_error" ) - '() ) - ,@ ( if #$ signature - ( list - ( string-append "--signature=" #$ signature ) ) - '() ) ) ) ) ) ) ) - ( stop #~ ( make-kill-destructor ) ) ) ) ) ) ) - - ( define %dkimproxy-accounts - ( list ( user-group - ( name "dkimproxy" ) - ( system? #t ) ) - ( user-account - ( name "dkimproxy" ) - ( group "dkimproxy" ) - ( system? #t ) - ( comment "Dkimproxy user" ) - ( home-directory "/var/empty" ) - ( shell ( file-append shadow "/sbin/nologin" ) ) ) ) ) - - ( define dkimproxy-out-service-type - ( service-type - ( name 'dkimproxy-out ) - ( description "stub" ) - ( extensions - ( list - ( service-extension - account-service-type - ( const %dkimproxy-accounts ) ) - ( service-extension - shepherd-root-service-type - dkimproxy-out-shepherd-service ) ) ) ) ) - - ( define ( wip-dkim-service domain ) - ( service dkimproxy-out-service-type - ( dkimproxy-out-configuration - ( listen "127.0.0.1:10027" ) - ( relay "127.0.0.1:10028" ) - ( sender-map - `( ( ,domain - ( ,( dkimproxy-out-signature-configuration - ( algorithm "rsa-sha256" ) - ( key "/etc/mail/dkim/marekpasnikowski.pl.key" ) - ( method "relaxed" ) - ( selector "dkim" ) - ( type 'dkim ) ) - ,( dkimproxy-out-signature-configuration - ( method "mofws" ) - ( type 'domainkeys ) ) ) ) ) ) ) ) ) - - ( define* ( wip-mail-services #:key interface domain ) - ( list - ( wip-dkim-service domain ) ) ) - ( operating-system ( bootloader ( bootloader-configuration @@ -384,10 +132,8 @@ ( authorized-keys authorized-keys ) ( extra-options extra-options ) ( substitute-urls substitute-urls ) ) ) ) ) - ( wip-mail-services - #:interface "enp1s0" - #:domain "marekpasnikowski.pl" ) ( list + (@ (users id1000) dkim-service) (@ (users id1000) dovecot-service) (@ (users id1000) smtp-service) (service (service-type (inherit certbot-service-type) |