summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--systems/izumi/izumi.org256
-rw-r--r--systems/izumi/system-configuration.scm493
-rw-r--r--users/id1000.scm254
3 files changed, 501 insertions, 502 deletions
diff --git a/systems/izumi/izumi.org b/systems/izumi/izumi.org
index 602b621..f9094c5 100644
--- a/systems/izumi/izumi.org
+++ b/systems/izumi/izumi.org
@@ -54,258 +54,6 @@
(define hosts-izumi
(local-file "system-files/hosts"))
- ( define-record-type*
- <dkimproxy-out-signature-configuration>
- dkimproxy-out-signature-configuration
- make-dkimproxy-out-signature-configuration
- dkimproxy-out-signature-configuration?
- ( type
- dkimproxy-out-signature-configuration-type
- ( default 'dkim ) )
- ( key
- dkimproxy-out-signature-configuration-key
- ( default #f ) )
- ( algorithm
- dkimproxy-out-signature-configuration-algorithm
- ( default #f ) )
- ( method
- dkimproxy-out-signature-configuration-method
- ( default #f) )
- ( domain
- dkimproxy-out-signature-configuration-domain
- ( default #f ) )
- ( identity
- dkimproxy-out-signature-configuration-identity
- ( default #f ) )
- ( selector
- dkimproxy-out-signature-configuration-selector
- ( default #f ) ) )
-
- ( define generate-dkimproxy-out-signature-configuration
- ( match-lambda
- ( ( $
- <dkimproxy-out-signature-configuration>
- type
- key
- algorithm
- method
- domain
- identity
- selector )
- ( string-append
- ( match type
- ( 'dkim "dkim" )
- ( 'domainkeys "domainkeys" ) )
- ( if ( or key algorithm method domain identity selector )
- ( string-append
- "("
- ( string-join
- `( ,@ ( if key
- ( list ( string-append "key=" key ) )
- '() )
- ,@ ( if algorithm
- ( list ( string-append "a=" algorithm ) )
- '() )
- ,@ ( if method
- ( list ( string-append "c=" method ) )
- '() )
- ,@ ( if domain
- ( list ( string-append "d=" domain ) )
- '() )
- ,@ ( if identity
- ( list ( string-append "i=" identity ) )
- '() )
- ,@ ( if selector
- ( list ( string-append "s=" selector ) )
- '() ) )
- "," )
- ")" )
- "" ) ) ) ) )
-
- ( define-record-type*
- <dkimproxy-out-configuration>
- dkimproxy-out-configuration
- make-dkimproxy-out-configuration
- dkimproxy-out-configuration?
- ( package
- dkimproxy-out-configuration-package
- ( default dkimproxy ) )
- ( listen
- dkimproxy-out-configuration-listen
- ( default #f ) )
- ( relay
- dkimproxy-out-configuration-relay
- ( default #f ) )
- ( list-id-map
- dkimproxy-out-configuration-list-id-map
- ( default '() ) )
- ( sender-map
- dkimproxy-out-configuration-sender-map
- ( default '() ) )
- ( reject-error?
- dkimproxy-out-configuration-sender-reject-error?
- ( default #f ) )
- ( config-file
- dkimproxy-out-configuration-config-file
- ( default #f ) ) )
-
- ( define ( generate-map-file config filename )
- ( apply
- plain-file
- filename
- ( map ( lambda ( config )
- ( match config
- ( ( selector ( config ... ) )
- ( string-append
- selector " "
- ( string-join
- ( map
- generate-dkimproxy-out-signature-configuration
- config )
- "\n") ) )
- ( ( selector config )
- ( string-append
- selector " "
- ( generate-dkimproxy-out-signature-configuration
- config ) ) ) ) )
- config ) ) )
-
- ( define dkimproxy-out-shepherd-service
- ( match-lambda
- ( ( $
- <dkimproxy-out-configuration>
- package
- listen
- relay
- list-id-map
- sender-map
- reject-error?
- config-file )
- ( list
- ( shepherd-service
- ( provision '( dkimproxy-out ) )
- ( requirement '( loopback ) )
- ( documentation "Outbound DKIM proxy." )
- ( start
- ( let ( ( proxy ( file-append package "/bin/dkimproxy.out" ) ) )
- ( if config-file
- #~
- ( make-forkexec-constructor
- ( list
- #$
- proxy
- ( string-append "--conf_file=" #$ config-file )
- "--pidfile=/var/run/dkimproxy.out.pid"
- "--user=dkimproxy" "--group=dkimproxy" )
- #:pid-file "/var/run/dkimproxy.out.pid" )
- ( let*
- ( ( first-signature
- ( match sender-map
- ( ( ( sender ( signature _ ... ) ) _ ... ) signature )
- ( ( ( sender signature ) _ ... ) signature ) ) )
- ( domains
- ( apply append
- ( map
- ( lambda ( sender )
- ( match sender
- ( ( ( domains ... ) config ) domains )
- ( ( domain config ) domain ) ) )
- sender-map ) ) )
- ( sender-map
- ( generate-map-file sender-map "sender.map" ) )
- ( listid-map
- ( if ( null? list-id-map )
- #f
- ( generate-map-file list-id-map "listid.map" ) ) )
- ( keyfile
- ( dkimproxy-out-signature-configuration-key
- first-signature ) )
- ( selector
- ( dkimproxy-out-signature-configuration-selector
- first-signature ) )
- ( method
- ( dkimproxy-out-signature-configuration-method
- first-signature ) )
- ( signature
- ( match ( dkimproxy-out-signature-configuration-type
- first-signature )
- ( 'dkim "dkim" )
- ( 'domainkeys "domainkeys" ) ) ) )
- #~
- ( make-forkexec-constructor
- `( ,#$
- proxy
- "--pidfile=/var/run/dkimproxy.out.pid"
- "--user=dkimproxy" "--group=dkimproxy"
- ,( string-append "--listen=" #$ listen )
- ,( string-append "--relay=" #$ relay )
- ,( string-append "--sender_map=" #$ sender-map )
- ,@ ( if #$ listid-map
- ( list
- ( string-append "--listid_map=" #$ listid-map ) )
- '() )
- ,( string-append "--domain=" #$ domains )
- ,( string-append "--keyfile=" #$ keyfile )
- ,( string-append "--selector=" #$ selector )
- ,@ ( if #$ method
- ( list
- ( string-append "--method=" #$ method ) )
- '() )
- ,@ ( if #$ reject-error?
- '( "--reject_error" )
- '() )
- ,@ ( if #$ signature
- ( list
- ( string-append "--signature=" #$ signature ) )
- '() ) ) ) ) ) ) )
- ( stop #~ ( make-kill-destructor ) ) ) ) ) ) )
-
- ( define %dkimproxy-accounts
- ( list ( user-group
- ( name "dkimproxy" )
- ( system? #t ) )
- ( user-account
- ( name "dkimproxy" )
- ( group "dkimproxy" )
- ( system? #t )
- ( comment "Dkimproxy user" )
- ( home-directory "/var/empty" )
- ( shell ( file-append shadow "/sbin/nologin" ) ) ) ) )
-
- ( define dkimproxy-out-service-type
- ( service-type
- ( name 'dkimproxy-out )
- ( description "stub" )
- ( extensions
- ( list
- ( service-extension
- account-service-type
- ( const %dkimproxy-accounts ) )
- ( service-extension
- shepherd-root-service-type
- dkimproxy-out-shepherd-service ) ) ) ) )
-
- ( define ( wip-dkim-service domain )
- ( service dkimproxy-out-service-type
- ( dkimproxy-out-configuration
- ( listen "127.0.0.1:10027" )
- ( relay "127.0.0.1:10028" )
- ( sender-map
- `( ( ,domain
- ( ,( dkimproxy-out-signature-configuration
- ( algorithm "rsa-sha256" )
- ( key "/etc/mail/dkim/marekpasnikowski.pl.key" )
- ( method "relaxed" )
- ( selector "dkim" )
- ( type 'dkim ) )
- ,( dkimproxy-out-signature-configuration
- ( method "mofws" )
- ( type 'domainkeys ) ) ) ) ) ) ) ) )
-
- ( define* ( wip-mail-services #:key interface domain )
- ( list
- ( wip-dkim-service domain ) ) )
-
( operating-system
( bootloader
( bootloader-configuration
@@ -384,10 +132,8 @@
( authorized-keys authorized-keys )
( extra-options extra-options )
( substitute-urls substitute-urls ) ) ) ) )
- ( wip-mail-services
- #:interface "enp1s0"
- #:domain "marekpasnikowski.pl" )
( list
+ (@ (users id1000) dkim-service)
(@ (users id1000) dovecot-service)
(@ (users id1000) smtp-service)
(service (service-type (inherit certbot-service-type)
diff --git a/systems/izumi/system-configuration.scm b/systems/izumi/system-configuration.scm
index f8dfd8f..96d10ce 100644
--- a/systems/izumi/system-configuration.scm
+++ b/systems/izumi/system-configuration.scm
@@ -44,257 +44,257 @@
(define hosts-izumi
(local-file "system-files/hosts"))
-( define-record-type*
- <dkimproxy-out-signature-configuration>
- dkimproxy-out-signature-configuration
- make-dkimproxy-out-signature-configuration
- dkimproxy-out-signature-configuration?
- ( type
- dkimproxy-out-signature-configuration-type
- ( default 'dkim ) )
- ( key
- dkimproxy-out-signature-configuration-key
- ( default #f ) )
- ( algorithm
- dkimproxy-out-signature-configuration-algorithm
- ( default #f ) )
- ( method
- dkimproxy-out-signature-configuration-method
- ( default #f) )
- ( domain
- dkimproxy-out-signature-configuration-domain
- ( default #f ) )
- ( identity
- dkimproxy-out-signature-configuration-identity
- ( default #f ) )
- ( selector
- dkimproxy-out-signature-configuration-selector
- ( default #f ) ) )
+;; ( define-record-type*
+;; <dkimproxy-out-signature-configuration>
+;; dkimproxy-out-signature-configuration
+;; make-dkimproxy-out-signature-configuration
+;; dkimproxy-out-signature-configuration?
+;; ( type
+;; dkimproxy-out-signature-configuration-type
+;; ( default 'dkim ) )
+;; ( key
+;; dkimproxy-out-signature-configuration-key
+;; ( default #f ) )
+;; ( algorithm
+;; dkimproxy-out-signature-configuration-algorithm
+;; ( default #f ) )
+;; ( method
+;; dkimproxy-out-signature-configuration-method
+;; ( default #f) )
+;; ( domain
+;; dkimproxy-out-signature-configuration-domain
+;; ( default #f ) )
+;; ( identity
+;; dkimproxy-out-signature-configuration-identity
+;; ( default #f ) )
+;; ( selector
+;; dkimproxy-out-signature-configuration-selector
+;; ( default #f ) ) )
-( define generate-dkimproxy-out-signature-configuration
- ( match-lambda
- ( ( $
- <dkimproxy-out-signature-configuration>
- type
- key
- algorithm
- method
- domain
- identity
- selector )
- ( string-append
- ( match type
- ( 'dkim "dkim" )
- ( 'domainkeys "domainkeys" ) )
- ( if ( or key algorithm method domain identity selector )
- ( string-append
- "("
- ( string-join
- `( ,@ ( if key
- ( list ( string-append "key=" key ) )
- '() )
- ,@ ( if algorithm
- ( list ( string-append "a=" algorithm ) )
- '() )
- ,@ ( if method
- ( list ( string-append "c=" method ) )
- '() )
- ,@ ( if domain
- ( list ( string-append "d=" domain ) )
- '() )
- ,@ ( if identity
- ( list ( string-append "i=" identity ) )
- '() )
- ,@ ( if selector
- ( list ( string-append "s=" selector ) )
- '() ) )
- "," )
- ")" )
- "" ) ) ) ) )
+;; ( define generate-dkimproxy-out-signature-configuration
+;; ( match-lambda
+;; ( ( $
+;; <dkimproxy-out-signature-configuration>
+;; type
+;; key
+;; algorithm
+;; method
+;; domain
+;; identity
+;; selector )
+;; ( string-append
+;; ( match type
+;; ( 'dkim "dkim" )
+;; ( 'domainkeys "domainkeys" ) )
+;; ( if ( or key algorithm method domain identity selector )
+;; ( string-append
+;; "("
+;; ( string-join
+;; `( ,@ ( if key
+;; ( list ( string-append "key=" key ) )
+;; '() )
+;; ,@ ( if algorithm
+;; ( list ( string-append "a=" algorithm ) )
+;; '() )
+;; ,@ ( if method
+;; ( list ( string-append "c=" method ) )
+;; '() )
+;; ,@ ( if domain
+;; ( list ( string-append "d=" domain ) )
+;; '() )
+;; ,@ ( if identity
+;; ( list ( string-append "i=" identity ) )
+;; '() )
+;; ,@ ( if selector
+;; ( list ( string-append "s=" selector ) )
+;; '() ) )
+;; "," )
+;; ")" )
+;; "" ) ) ) ) )
-( define-record-type*
- <dkimproxy-out-configuration>
- dkimproxy-out-configuration
- make-dkimproxy-out-configuration
- dkimproxy-out-configuration?
- ( package
- dkimproxy-out-configuration-package
- ( default dkimproxy ) )
- ( listen
- dkimproxy-out-configuration-listen
- ( default #f ) )
- ( relay
- dkimproxy-out-configuration-relay
- ( default #f ) )
- ( list-id-map
- dkimproxy-out-configuration-list-id-map
- ( default '() ) )
- ( sender-map
- dkimproxy-out-configuration-sender-map
- ( default '() ) )
- ( reject-error?
- dkimproxy-out-configuration-sender-reject-error?
- ( default #f ) )
- ( config-file
- dkimproxy-out-configuration-config-file
- ( default #f ) ) )
+;; ( define-record-type*
+;; <dkimproxy-out-configuration>
+;; dkimproxy-out-configuration
+;; make-dkimproxy-out-configuration
+;; dkimproxy-out-configuration?
+;; ( package
+;; dkimproxy-out-configuration-package
+;; ( default dkimproxy ) )
+;; ( listen
+;; dkimproxy-out-configuration-listen
+;; ( default #f ) )
+;; ( relay
+;; dkimproxy-out-configuration-relay
+;; ( default #f ) )
+;; ( list-id-map
+;; dkimproxy-out-configuration-list-id-map
+;; ( default '() ) )
+;; ( sender-map
+;; dkimproxy-out-configuration-sender-map
+;; ( default '() ) )
+;; ( reject-error?
+;; dkimproxy-out-configuration-sender-reject-error?
+;; ( default #f ) )
+;; ( config-file
+;; dkimproxy-out-configuration-config-file
+;; ( default #f ) ) )
-( define ( generate-map-file config filename )
- ( apply
- plain-file
- filename
- ( map ( lambda ( config )
- ( match config
- ( ( selector ( config ... ) )
- ( string-append
- selector " "
- ( string-join
- ( map
- generate-dkimproxy-out-signature-configuration
- config )
- "\n") ) )
- ( ( selector config )
- ( string-append
- selector " "
- ( generate-dkimproxy-out-signature-configuration
- config ) ) ) ) )
- config ) ) )
+;; ( define ( generate-map-file config filename )
+;; ( apply
+;; plain-file
+;; filename
+;; ( map ( lambda ( config )
+;; ( match config
+;; ( ( selector ( config ... ) )
+;; ( string-append
+;; selector " "
+;; ( string-join
+;; ( map
+;; generate-dkimproxy-out-signature-configuration
+;; config )
+;; "\n") ) )
+;; ( ( selector config )
+;; ( string-append
+;; selector " "
+;; ( generate-dkimproxy-out-signature-configuration
+;; config ) ) ) ) )
+;; config ) ) )
-( define dkimproxy-out-shepherd-service
- ( match-lambda
- ( ( $
- <dkimproxy-out-configuration>
- package
- listen
- relay
- list-id-map
- sender-map
- reject-error?
- config-file )
- ( list
- ( shepherd-service
- ( provision '( dkimproxy-out ) )
- ( requirement '( loopback ) )
- ( documentation "Outbound DKIM proxy." )
- ( start
- ( let ( ( proxy ( file-append package "/bin/dkimproxy.out" ) ) )
- ( if config-file
- #~
- ( make-forkexec-constructor
- ( list
- #$
- proxy
- ( string-append "--conf_file=" #$ config-file )
- "--pidfile=/var/run/dkimproxy.out.pid"
- "--user=dkimproxy" "--group=dkimproxy" )
- #:pid-file "/var/run/dkimproxy.out.pid" )
- ( let*
- ( ( first-signature
- ( match sender-map
- ( ( ( sender ( signature _ ... ) ) _ ... ) signature )
- ( ( ( sender signature ) _ ... ) signature ) ) )
- ( domains
- ( apply append
- ( map
- ( lambda ( sender )
- ( match sender
- ( ( ( domains ... ) config ) domains )
- ( ( domain config ) domain ) ) )
- sender-map ) ) )
- ( sender-map
- ( generate-map-file sender-map "sender.map" ) )
- ( listid-map
- ( if ( null? list-id-map )
- #f
- ( generate-map-file list-id-map "listid.map" ) ) )
- ( keyfile
- ( dkimproxy-out-signature-configuration-key
- first-signature ) )
- ( selector
- ( dkimproxy-out-signature-configuration-selector
- first-signature ) )
- ( method
- ( dkimproxy-out-signature-configuration-method
- first-signature ) )
- ( signature
- ( match ( dkimproxy-out-signature-configuration-type
- first-signature )
- ( 'dkim "dkim" )
- ( 'domainkeys "domainkeys" ) ) ) )
- #~
- ( make-forkexec-constructor
- `( ,#$
- proxy
- "--pidfile=/var/run/dkimproxy.out.pid"
- "--user=dkimproxy" "--group=dkimproxy"
- ,( string-append "--listen=" #$ listen )
- ,( string-append "--relay=" #$ relay )
- ,( string-append "--sender_map=" #$ sender-map )
- ,@ ( if #$ listid-map
- ( list
- ( string-append "--listid_map=" #$ listid-map ) )
- '() )
- ,( string-append "--domain=" #$ domains )
- ,( string-append "--keyfile=" #$ keyfile )
- ,( string-append "--selector=" #$ selector )
- ,@ ( if #$ method
- ( list
- ( string-append "--method=" #$ method ) )
- '() )
- ,@ ( if #$ reject-error?
- '( "--reject_error" )
- '() )
- ,@ ( if #$ signature
- ( list
- ( string-append "--signature=" #$ signature ) )
- '() ) ) ) ) ) ) )
- ( stop #~ ( make-kill-destructor ) ) ) ) ) ) )
+;; ( define dkimproxy-out-shepherd-service
+;; ( match-lambda
+;; ( ( $
+;; <dkimproxy-out-configuration>
+;; package
+;; listen
+;; relay
+;; list-id-map
+;; sender-map
+;; reject-error?
+;; config-file )
+;; ( list
+;; ( shepherd-service
+;; ( provision '( dkimproxy-out ) )
+;; ( requirement '( loopback ) )
+;; ( documentation "Outbound DKIM proxy." )
+;; ( start
+;; ( let ( ( proxy ( file-append package "/bin/dkimproxy.out" ) ) )
+;; ( if config-file
+;; #~
+;; ( make-forkexec-constructor
+;; ( list
+;; #$
+;; proxy
+;; ( string-append "--conf_file=" #$ config-file )
+;; "--pidfile=/var/run/dkimproxy.out.pid"
+;; "--user=dkimproxy" "--group=dkimproxy" )
+;; #:pid-file "/var/run/dkimproxy.out.pid" )
+;; ( let*
+;; ( ( first-signature
+;; ( match sender-map
+;; ( ( ( sender ( signature _ ... ) ) _ ... ) signature )
+;; ( ( ( sender signature ) _ ... ) signature ) ) )
+;; ( domains
+;; ( apply append
+;; ( map
+;; ( lambda ( sender )
+;; ( match sender
+;; ( ( ( domains ... ) config ) domains )
+;; ( ( domain config ) domain ) ) )
+;; sender-map ) ) )
+;; ( sender-map
+;; ( generate-map-file sender-map "sender.map" ) )
+;; ( listid-map
+;; ( if ( null? list-id-map )
+;; #f
+;; ( generate-map-file list-id-map "listid.map" ) ) )
+;; ( keyfile
+;; ( dkimproxy-out-signature-configuration-key
+;; first-signature ) )
+;; ( selector
+;; ( dkimproxy-out-signature-configuration-selector
+;; first-signature ) )
+;; ( method
+;; ( dkimproxy-out-signature-configuration-method
+;; first-signature ) )
+;; ( signature
+;; ( match ( dkimproxy-out-signature-configuration-type
+;; first-signature )
+;; ( 'dkim "dkim" )
+;; ( 'domainkeys "domainkeys" ) ) ) )
+;; #~
+;; ( make-forkexec-constructor
+;; `( ,#$
+;; proxy
+;; "--pidfile=/var/run/dkimproxy.out.pid"
+;; "--user=dkimproxy" "--group=dkimproxy"
+;; ,( string-append "--listen=" #$ listen )
+;; ,( string-append "--relay=" #$ relay )
+;; ,( string-append "--sender_map=" #$ sender-map )
+;; ,@ ( if #$ listid-map
+;; ( list
+;; ( string-append "--listid_map=" #$ listid-map ) )
+;; '() )
+;; ,( string-append "--domain=" #$ domains )
+;; ,( string-append "--keyfile=" #$ keyfile )
+;; ,( string-append "--selector=" #$ selector )
+;; ,@ ( if #$ method
+;; ( list
+;; ( string-append "--method=" #$ method ) )
+;; '() )
+;; ,@ ( if #$ reject-error?
+;; '( "--reject_error" )
+;; '() )
+;; ,@ ( if #$ signature
+;; ( list
+;; ( string-append "--signature=" #$ signature ) )
+;; '() ) ) ) ) ) ) )
+;; ( stop #~ ( make-kill-destructor ) ) ) ) ) ) )
-( define %dkimproxy-accounts
- ( list ( user-group
- ( name "dkimproxy" )
- ( system? #t ) )
- ( user-account
- ( name "dkimproxy" )
- ( group "dkimproxy" )
- ( system? #t )
- ( comment "Dkimproxy user" )
- ( home-directory "/var/empty" )
- ( shell ( file-append shadow "/sbin/nologin" ) ) ) ) )
+;; ( define %dkimproxy-accounts
+;; ( list ( user-group
+;; ( name "dkimproxy" )
+;; ( system? #t ) )
+;; ( user-account
+;; ( name "dkimproxy" )
+;; ( group "dkimproxy" )
+;; ( system? #t )
+;; ( comment "Dkimproxy user" )
+;; ( home-directory "/var/empty" )
+;; ( shell ( file-append shadow "/sbin/nologin" ) ) ) ) )
-( define dkimproxy-out-service-type
- ( service-type
- ( name 'dkimproxy-out )
- ( description "stub" )
- ( extensions
- ( list
- ( service-extension
- account-service-type
- ( const %dkimproxy-accounts ) )
- ( service-extension
- shepherd-root-service-type
- dkimproxy-out-shepherd-service ) ) ) ) )
+;; ( define dkimproxy-out-service-type
+;; ( service-type
+;; ( name 'dkimproxy-out )
+;; ( description "stub" )
+;; ( extensions
+;; ( list
+;; ( service-extension
+;; account-service-type
+;; ( const %dkimproxy-accounts ) )
+;; ( service-extension
+;; shepherd-root-service-type
+;; dkimproxy-out-shepherd-service ) ) ) ) )
-( define ( wip-dkim-service domain )
- ( service dkimproxy-out-service-type
- ( dkimproxy-out-configuration
- ( listen "127.0.0.1:10027" )
- ( relay "127.0.0.1:10028" )
- ( sender-map
- `( ( ,domain
- ( ,( dkimproxy-out-signature-configuration
- ( algorithm "rsa-sha256" )
- ( key "/etc/mail/dkim/marekpasnikowski.pl.key" )
- ( method "relaxed" )
- ( selector "dkim" )
- ( type 'dkim ) )
- ,( dkimproxy-out-signature-configuration
- ( method "mofws" )
- ( type 'domainkeys ) ) ) ) ) ) ) ) )
+;; ( define ( wip-dkim-service domain )
+;; ( service dkimproxy-out-service-type
+;; ( dkimproxy-out-configuration
+;; ( listen "127.0.0.1:10027" )
+;; ( relay "127.0.0.1:10028" )
+;; ( sender-map
+;; `( ( ,domain
+;; ( ,( (@ (users id1000) dkimproxy-out-signature-configuration)
+;; ( algorithm "rsa-sha256" )
+;; ( key "/etc/mail/dkim/marekpasnikowski.pl.key" )
+;; ( method "relaxed" )
+;; ( selector "dkim" )
+;; ( type 'dkim ) )
+;; ,( (@ (users id1000) dkimproxy-out-signature-configuration)
+;; ( method "mofws" )
+;; ( type 'domainkeys ) ) ) ) ) ) ) ) )
-( define* ( wip-mail-services #:key interface domain )
- ( list
- ( wip-dkim-service domain ) ) )
+;; ( define* ( wip-mail-services #:key interface domain )
+;; ( list
+;; ( wip-dkim-service domain ) ) )
( operating-system
( bootloader
@@ -374,10 +374,11 @@
( authorized-keys authorized-keys )
( extra-options extra-options )
( substitute-urls substitute-urls ) ) ) ) )
- ( wip-mail-services
- #:interface "enp1s0"
- #:domain "marekpasnikowski.pl" )
+ ;; ( wip-mail-services
+ ;; #:interface "enp1s0"
+ ;; #:domain "marekpasnikowski.pl" )
( list
+ (@ (users id1000) dkim-service)
(@ (users id1000) dovecot-service)
(@ (users id1000) smtp-service)
(service (service-type (inherit certbot-service-type)
diff --git a/users/id1000.scm b/users/id1000.scm
index 0253061..cfc4827 100644
--- a/users/id1000.scm
+++ b/users/id1000.scm
@@ -29,7 +29,242 @@
#:use-module (guix gexp)
;; %suweren-home-services
- #:use-module (suweren home))
+ #:use-module (suweren home)
+
+ #:use-module (guix records)
+ #:use-module (ice-9 match))
+
+(define-record-type* <dkimproxy-out-signature-configuration>
+ dkimproxy-out-signature-configuration
+ make-dkimproxy-out-signature-configuration
+ dkimproxy-out-signature-configuration?
+ (type dkimproxy-out-signature-configuration-type
+ (default 'dkim))
+ (key dkimproxy-out-signature-configuration-key
+ (default #f))
+ (algorithm dkimproxy-out-signature-configuration-algorithm
+ (default #f))
+ (method dkimproxy-out-signature-configuration-method
+ (default #f))
+ (domain dkimproxy-out-signature-configuration-domain
+ (default #f))
+ (identity dkimproxy-out-signature-configuration-identity
+ (default #f))
+ (selector dkimproxy-out-signature-configuration-selector
+ (default #f)))
+
+(define-public generate-dkimproxy-out-signature-configuration
+ (match-lambda
+ (($
+ <dkimproxy-out-signature-configuration>
+ type
+ key
+ algorithm
+ method
+ domain
+ identity
+ selector )
+ (string-append
+ (match type
+ ('dkim "dkim")
+ ('domainkeys "domainkeys"))
+ (if (or key algorithm method domain identity selector)
+ (string-append
+ "("
+ (string-join
+ `(,@ (if key
+ (list (string-append "key=" key))
+ '())
+ ,@ (if algorithm
+ (list (string-append "a=" algorithm))
+ '())
+ ,@ (if method
+ (list (string-append "c=" method))
+ '())
+ ,@ (if domain
+ (list (string-append "d=" domain))
+ '())
+ ,@ (if identity
+ (list (string-append "i=" identity))
+ '())
+ ,@ (if selector
+ (list (string-append "s=" selector))
+ '()))
+ ",")
+ ")")
+ "")))))
+
+(define-record-type* <dkimproxy-out-configuration>
+ dkimproxy-out-configuration
+ make-dkimproxy-out-configuration
+ dkimproxy-out-configuration?
+ (package dkimproxy-out-configuration-package
+ (default (@ (gnu packages mail) dkimproxy)))
+ (listen dkimproxy-out-configuration-listen
+ (default #f))
+ (relay dkimproxy-out-configuration-relay
+ (default #f))
+ (list-id-map dkimproxy-out-configuration-list-id-map
+ (default '()))
+ (sender-map dkimproxy-out-configuration-sender-map
+ (default '()))
+ (reject-error? dkimproxy-out-configuration-sender-reject-error?
+ (default #f))
+ (config-file dkimproxy-out-configuration-config-file
+ (default #f)))
+
+(define (generate-map-file config filename)
+ (apply
+ plain-file
+ filename
+ (map (lambda (config)
+ (match config
+ ((selector (config ...))
+ (string-append
+ selector " "
+ (string-join
+ (map
+ generate-dkimproxy-out-signature-configuration
+ config)
+ "\n")))
+ ((selector config)
+ (string-append
+ selector " "
+ (generate-dkimproxy-out-signature-configuration
+ config)))))
+ config)))
+
+(define dkimproxy-out-shepherd-service
+ (match-lambda
+ (($
+ <dkimproxy-out-configuration>
+ package
+ listen
+ relay
+ list-id-map
+ sender-map
+ reject-error?
+ config-file)
+ (list
+ ((@ (gnu services shepherd) shepherd-service)
+ (provision '(dkimproxy-out))
+ (requirement '(loopback))
+ (documentation "Outbound DKIM proxy.")
+ (start
+ (let ((proxy (file-append package "/bin/dkimproxy.out")))
+ (if config-file
+ #~
+ (make-forkexec-constructor
+ (list
+ #$
+ proxy
+ (string-append "--conf_file=" #$ config-file)
+ "--pidfile=/var/run/dkimproxy.out.pid"
+ "--user=dkimproxy" "--group=dkimproxy")
+ #:pid-file "/var/run/dkimproxy.out.pid")
+ (let*
+ ((first-signature
+ (match sender-map
+ (((sender (signature _ ...)) _ ...) signature)
+ (((sender signature) _ ...) signature)))
+ (domains
+ (apply append
+ (map
+ (lambda (sender)
+ (match sender
+ (((domains ...) config) domains)
+ ((domain config) domain)))
+ sender-map)))
+ (sender-map
+ (generate-map-file sender-map "sender.map"))
+ (listid-map
+ (if (null? list-id-map)
+ #f
+ (generate-map-file list-id-map "listid.map")))
+ (keyfile
+ (dkimproxy-out-signature-configuration-key
+ first-signature))
+ (selector
+ (dkimproxy-out-signature-configuration-selector
+ first-signature))
+ (method
+ (dkimproxy-out-signature-configuration-method
+ first-signature))
+ (signature
+ (match (dkimproxy-out-signature-configuration-type
+ first-signature)
+ ('dkim "dkim")
+ ('domainkeys "domainkeys"))))
+ #~
+ (make-forkexec-constructor
+ `(,#$
+ proxy
+ "--pidfile=/var/run/dkimproxy.out.pid"
+ "--user=dkimproxy" "--group=dkimproxy"
+ ,(string-append "--listen=" #$ listen)
+ ,(string-append "--relay=" #$ relay)
+ ,(string-append "--sender_map=" #$ sender-map)
+ ,@ (if #$ listid-map
+ (list
+ (string-append "--listid_map=" #$ listid-map))
+ '())
+ ,(string-append "--domain=" #$ domains)
+ ,(string-append "--keyfile=" #$ keyfile)
+ ,(string-append "--selector=" #$ selector)
+ ,@ (if #$ method
+ (list
+ (string-append "--method=" #$ method))
+ '())
+ ,@ (if #$ reject-error?
+ '("--reject_error")
+ '())
+ ,@ (if #$ signature
+ (list
+ (string-append "--signature=" #$ signature))
+ '())))))))
+ (stop #~ (make-kill-destructor)))))))
+
+(define %dkimproxy-accounts
+ (list (user-group (name "dkimproxy")
+ (system? #t))
+ (user-account (name "dkimproxy")
+ (group "dkimproxy")
+ (system? #t)
+ (comment "Dkimproxy user")
+ (home-directory "/var/empty")
+ (shell (file-append (@ (gnu packages admin)
+ shadow)
+ "/sbin/nologin")))))
+
+(define dkimproxy-out-service-type
+ (service-type
+ (name 'dkimproxy-out)
+ (description "stub")
+ (extensions
+ (list
+ (service-extension
+ account-service-type
+ (const %dkimproxy-accounts))
+ (service-extension
+ (@ (gnu services shepherd) shepherd-root-service-type)
+ dkimproxy-out-shepherd-service)))))
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+(define dkimproxy-signature-dkim
+ (dkimproxy-out-signature-configuration
+ (algorithm "rsa-sha256")
+ (key "/etc/mail/dkim/marekpasnikowski.pl.key")
+ (method "relaxed")
+ (selector "dkim")
+ (type 'dkim)))
+
+(define dkimproxy-signature-domainkeys
+ (dkimproxy-out-signature-configuration
+ (method "mofws")
+ (type 'domainkeys)))
+
+;;;;;
(define aliases-file
((@ (guix gexp) mixed-text-file)
@@ -45,6 +280,10 @@
"@just-aero.us\n"
"@elitetorrent1.com\n"))
+(define dkimproxy-signatures-marekpasnikowski
+ (list dkimproxy-signature-dkim
+ dkimproxy-signature-domainkeys))
+
(define dovecot-imap-login-inet-configuration
((@ (gnu services mail) inet-listener-configuration)
(address "192.168.10.2")
@@ -105,6 +344,9 @@
;;;
+(define dkimproxy-sender-marekpasnikowski
+ `("marekpasnikowski.pl" ,dkimproxy-signatures-marekpasnikowski))
+
(define dovecot-imap
((@ (gnu services mail) protocol-configuration)
(name "imap")))
@@ -229,6 +471,12 @@
;;;
+(define dkimproxy-out-configuration*
+ (dkimproxy-out-configuration
+ (listen "127.0.0.1:10027")
+ (relay "172.0.0.1:10028")
+ (sender-map `(,dkimproxy-sender-marekpasnikowski))))
+
(define dovecot-configuration*
((@ (gnu services mail) dovecot-configuration)
(disable-plaintext-auth? #t)
@@ -256,6 +504,10 @@
;;;
+(define-public dkim-service
+ (service dkimproxy-out-service-type
+ dkimproxy-out-configuration*))
+
(define-public dovecot-service
(service (@ (gnu services mail) dovecot-service-type)
dovecot-configuration*))
generated by cgit v1.2.3 (git 2.46.0) at 2024-09-19 16:46:22 +0000