diff options
author | Marek Paśnikowski <marek@marekpasnikowski.pl> | 2024-09-12 15:40:23 +0200 |
---|---|---|
committer | Marek Paśnikowski <marek@marekpasnikowski.pl> | 2024-09-12 15:40:23 +0200 |
commit | 8e3400b54221499cc03fffcb1993f6f8918848b5 (patch) | |
tree | 404df73f183f7999a372ec779c7aa66d8850b017 /users | |
parent | 37da36721325e8fa94c0efb668edc5d8f98ec538 (diff) |
refactor(id1000): implement dkimproxy in user module
Diffstat (limited to 'users')
-rw-r--r-- | users/id1000.scm | 254 |
1 files changed, 253 insertions, 1 deletions
diff --git a/users/id1000.scm b/users/id1000.scm index 0253061..cfc4827 100644 --- a/users/id1000.scm +++ b/users/id1000.scm @@ -29,7 +29,242 @@ #:use-module (guix gexp) ;; %suweren-home-services - #:use-module (suweren home)) + #:use-module (suweren home) + + #:use-module (guix records) + #:use-module (ice-9 match)) + +(define-record-type* <dkimproxy-out-signature-configuration> + dkimproxy-out-signature-configuration + make-dkimproxy-out-signature-configuration + dkimproxy-out-signature-configuration? + (type dkimproxy-out-signature-configuration-type + (default 'dkim)) + (key dkimproxy-out-signature-configuration-key + (default #f)) + (algorithm dkimproxy-out-signature-configuration-algorithm + (default #f)) + (method dkimproxy-out-signature-configuration-method + (default #f)) + (domain dkimproxy-out-signature-configuration-domain + (default #f)) + (identity dkimproxy-out-signature-configuration-identity + (default #f)) + (selector dkimproxy-out-signature-configuration-selector + (default #f))) + +(define-public generate-dkimproxy-out-signature-configuration + (match-lambda + (($ + <dkimproxy-out-signature-configuration> + type + key + algorithm + method + domain + identity + selector ) + (string-append + (match type + ('dkim "dkim") + ('domainkeys "domainkeys")) + (if (or key algorithm method domain identity selector) + (string-append + "(" + (string-join + `(,@ (if key + (list (string-append "key=" key)) + '()) + ,@ (if algorithm + (list (string-append "a=" algorithm)) + '()) + ,@ (if method + (list (string-append "c=" method)) + '()) + ,@ (if domain + (list (string-append "d=" domain)) + '()) + ,@ (if identity + (list (string-append "i=" identity)) + '()) + ,@ (if selector + (list (string-append "s=" selector)) + '())) + ",") + ")") + ""))))) + +(define-record-type* <dkimproxy-out-configuration> + dkimproxy-out-configuration + make-dkimproxy-out-configuration + dkimproxy-out-configuration? + (package dkimproxy-out-configuration-package + (default (@ (gnu packages mail) dkimproxy))) + (listen dkimproxy-out-configuration-listen + (default #f)) + (relay dkimproxy-out-configuration-relay + (default #f)) + (list-id-map dkimproxy-out-configuration-list-id-map + (default '())) + (sender-map dkimproxy-out-configuration-sender-map + (default '())) + (reject-error? dkimproxy-out-configuration-sender-reject-error? + (default #f)) + (config-file dkimproxy-out-configuration-config-file + (default #f))) + +(define (generate-map-file config filename) + (apply + plain-file + filename + (map (lambda (config) + (match config + ((selector (config ...)) + (string-append + selector " " + (string-join + (map + generate-dkimproxy-out-signature-configuration + config) + "\n"))) + ((selector config) + (string-append + selector " " + (generate-dkimproxy-out-signature-configuration + config))))) + config))) + +(define dkimproxy-out-shepherd-service + (match-lambda + (($ + <dkimproxy-out-configuration> + package + listen + relay + list-id-map + sender-map + reject-error? + config-file) + (list + ((@ (gnu services shepherd) shepherd-service) + (provision '(dkimproxy-out)) + (requirement '(loopback)) + (documentation "Outbound DKIM proxy.") + (start + (let ((proxy (file-append package "/bin/dkimproxy.out"))) + (if config-file + #~ + (make-forkexec-constructor + (list + #$ + proxy + (string-append "--conf_file=" #$ config-file) + "--pidfile=/var/run/dkimproxy.out.pid" + "--user=dkimproxy" "--group=dkimproxy") + #:pid-file "/var/run/dkimproxy.out.pid") + (let* + ((first-signature + (match sender-map + (((sender (signature _ ...)) _ ...) signature) + (((sender signature) _ ...) signature))) + (domains + (apply append + (map + (lambda (sender) + (match sender + (((domains ...) config) domains) + ((domain config) domain))) + sender-map))) + (sender-map + (generate-map-file sender-map "sender.map")) + (listid-map + (if (null? list-id-map) + #f + (generate-map-file list-id-map "listid.map"))) + (keyfile + (dkimproxy-out-signature-configuration-key + first-signature)) + (selector + (dkimproxy-out-signature-configuration-selector + first-signature)) + (method + (dkimproxy-out-signature-configuration-method + first-signature)) + (signature + (match (dkimproxy-out-signature-configuration-type + first-signature) + ('dkim "dkim") + ('domainkeys "domainkeys")))) + #~ + (make-forkexec-constructor + `(,#$ + proxy + "--pidfile=/var/run/dkimproxy.out.pid" + "--user=dkimproxy" "--group=dkimproxy" + ,(string-append "--listen=" #$ listen) + ,(string-append "--relay=" #$ relay) + ,(string-append "--sender_map=" #$ sender-map) + ,@ (if #$ listid-map + (list + (string-append "--listid_map=" #$ listid-map)) + '()) + ,(string-append "--domain=" #$ domains) + ,(string-append "--keyfile=" #$ keyfile) + ,(string-append "--selector=" #$ selector) + ,@ (if #$ method + (list + (string-append "--method=" #$ method)) + '()) + ,@ (if #$ reject-error? + '("--reject_error") + '()) + ,@ (if #$ signature + (list + (string-append "--signature=" #$ signature)) + '()))))))) + (stop #~ (make-kill-destructor))))))) + +(define %dkimproxy-accounts + (list (user-group (name "dkimproxy") + (system? #t)) + (user-account (name "dkimproxy") + (group "dkimproxy") + (system? #t) + (comment "Dkimproxy user") + (home-directory "/var/empty") + (shell (file-append (@ (gnu packages admin) + shadow) + "/sbin/nologin"))))) + +(define dkimproxy-out-service-type + (service-type + (name 'dkimproxy-out) + (description "stub") + (extensions + (list + (service-extension + account-service-type + (const %dkimproxy-accounts)) + (service-extension + (@ (gnu services shepherd) shepherd-root-service-type) + dkimproxy-out-shepherd-service))))) + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +(define dkimproxy-signature-dkim + (dkimproxy-out-signature-configuration + (algorithm "rsa-sha256") + (key "/etc/mail/dkim/marekpasnikowski.pl.key") + (method "relaxed") + (selector "dkim") + (type 'dkim))) + +(define dkimproxy-signature-domainkeys + (dkimproxy-out-signature-configuration + (method "mofws") + (type 'domainkeys))) + +;;;;; (define aliases-file ((@ (guix gexp) mixed-text-file) @@ -45,6 +280,10 @@ "@just-aero.us\n" "@elitetorrent1.com\n")) +(define dkimproxy-signatures-marekpasnikowski + (list dkimproxy-signature-dkim + dkimproxy-signature-domainkeys)) + (define dovecot-imap-login-inet-configuration ((@ (gnu services mail) inet-listener-configuration) (address "192.168.10.2") @@ -105,6 +344,9 @@ ;;; +(define dkimproxy-sender-marekpasnikowski + `("marekpasnikowski.pl" ,dkimproxy-signatures-marekpasnikowski)) + (define dovecot-imap ((@ (gnu services mail) protocol-configuration) (name "imap"))) @@ -229,6 +471,12 @@ ;;; +(define dkimproxy-out-configuration* + (dkimproxy-out-configuration + (listen "127.0.0.1:10027") + (relay "172.0.0.1:10028") + (sender-map `(,dkimproxy-sender-marekpasnikowski)))) + (define dovecot-configuration* ((@ (gnu services mail) dovecot-configuration) (disable-plaintext-auth? #t) @@ -256,6 +504,10 @@ ;;; +(define-public dkim-service + (service dkimproxy-out-service-type + dkimproxy-out-configuration*)) + (define-public dovecot-service (service (@ (gnu services mail) dovecot-service-type) dovecot-configuration*)) |