summaryrefslogtreecommitdiff
path: root/systems
diff options
context:
space:
mode:
Diffstat (limited to 'systems')
-rw-r--r--systems/izumi/izumi.org97
-rw-r--r--systems/izumi/system-configuration.scm97
2 files changed, 4 insertions, 190 deletions
diff --git a/systems/izumi/izumi.org b/systems/izumi/izumi.org
index 5048634..602b621 100644
--- a/systems/izumi/izumi.org
+++ b/systems/izumi/izumi.org
@@ -11,7 +11,6 @@
(define-module (systems izumi system-configuration)
#:use-module (suweren commons sudoers))
- (define smtpd-keys "/secrets/smtpd")
(define radicale-keys "/secrets/radicale/keys")
(define dovecot-keys "/secrets/dovecot")
@@ -286,93 +285,6 @@
shepherd-root-service-type
dkimproxy-out-shepherd-service ) ) ) ) )
- ( define aliases-file
- ( mixed-text-file "aliases" "@ vmail\n" ) )
-
- ( define relays-file
- ( mixed-text-file
- "other-relays"
- "mx1.forwardemail.net\n"
- "mx2.forwardemail.net\n" ) )
-
- ( define blacklist-file
- ( mixed-text-file
- "blacklist"
- "@yahoo.com.cn\n"
- "@qq.com\n"
- "@fnac.com\n"
- "@just-aero.us\n"
- "@elitetorrent1.com\n" ) )
-
- ( define ( opensmtpd-conf interface domain )
- ( mixed-text-file
- "smtpd.conf"
- "# This is the smtpd server system-wide configuration file.\n"
- "# See smtpd.conf(5) for more information.\n"
- "\n"
- "# My TLS certificate and key\n"
- "pki marekpasnikowski.pl cert \"/etc/letsencrypt/live/" domain "/fullchain.pem\"\n"
- "pki marekpasnikowski.pl key \"/etc/letsencrypt/live/" domain "/privkey.pem\"\n"
- "\n"
- "# Edit this file to add add more virtual users (passwords are read in that file\n"
- "# instead of /etc/passwd\n"
- "table passwd file:" smtpd-keys "\n"
- "\n"
- "table other-relays file:" relays-file "\n"
- "table blacklist file:" blacklist-file "\n"
- "\n"
- "# A simple spam filter\n"
- "# filter spam-filter phase mail-from match mail-from <blacklist> reject \"555\"\n"
- "\n"
- "# port 25 is used only for receiving from external servers, and they may start\n"
- "# a TLS session if they want.\n"
- "listen on " interface " port 25 # tls pki marekpasnikowski.pl filter spam-filter\n"
- "\n"
- "# For sending messages from outside of this server, you need to authenticate and\n"
- "# use TLS.\n"
- "listen on " interface " port 465 smtps pki marekpasnikowski.pl mask-src auth <passwd>\n"
- "\n"
- "# Localhost is used by the .onion, so we use the same configuration for \n"
- "# local connections."
- "listen on lo port 25 tls pki marekpasnikowski.pl filter spam-filter\n"
- "# Since incoming connection uses tor, we don't need tls, but still require\n"
- "# authentication; we're not a relay\n"
- "# listen on lo port 587 tls pki marekpasnikowski.pl mask-src auth <passwd>\n"
- "\n"
- "# DKIMproxy\n"
- "listen on lo port 10028 tag DKIM_OUT\n"
- "\n"
- "# The socket is considered an internal connection\n"
- "listen on socket mask-src\n"
- "\n"
- "# Maybe it'll work better if we connect to gmail only with v4?\n"
- "# limit mta for domain gmail.com inet4\n"
- "\n"
- "# TODO: manage these files directly in the configuration?\n"
- "# If you edit the file, you have to run \"smtpctl update table aliases\"\n"
- "table aliases file:" aliases-file "\n"
- "\n"
- "# We define some actions\n"
- "action receive lmtp \"/var/run/dovecot/lmtp\" rcpt-to virtual <aliases>\n"
- "action outbound relay helo \"" domain "\"\n"
- "action godkim relay host smtp://127.0.0.1:10027\n"
- "\n"
- "# We accept to relay any mail from authenticated users\n"
- "match for any from any auth action godkim\n"
- "match tag DKIM_OUT for any action outbound\n"
- "\n"
- "# Then, we reject on some other conditions:\n"
- "\n"
- "# If the mail tries to impersonate us\n"
- "# match !from src <other-relays> mail-from \"@marekpasnikowski.pl\" for any reject\n"
- "\n"
- "# If it comes from someone on the blacklist\n"
- "match from any mail-from <blacklist> reject\n"
- "\n"
- "# Finally, if we accept incoming messages\n"
- "match from any for domain \"marekpasnikowski.pl\" action receive\n"
- "match for local action receive\n" ) )
-
( define ( wip-dkim-service domain )
( service dkimproxy-out-service-type
( dkimproxy-out-configuration
@@ -390,15 +302,9 @@
( method "mofws" )
( type 'domainkeys ) ) ) ) ) ) ) ) )
- ( define ( wip-smtp-service interface domain )
- ( service opensmtpd-service-type
- ( opensmtpd-configuration
- ( config-file ( opensmtpd-conf interface domain ) ) ) ) )
-
( define* ( wip-mail-services #:key interface domain )
( list
- ( wip-dkim-service domain )
- ( wip-smtp-service interface domain ) ) )
+ ( wip-dkim-service domain ) ) )
( operating-system
( bootloader
@@ -483,6 +389,7 @@
#:domain "marekpasnikowski.pl" )
( list
(@ (users id1000) dovecot-service)
+ (@ (users id1000) smtp-service)
(service (service-type (inherit certbot-service-type)
(extensions (map (lambda (extension)
(if (eq? (service-extension-target extension)
diff --git a/systems/izumi/system-configuration.scm b/systems/izumi/system-configuration.scm
index 8388bf4..f8dfd8f 100644
--- a/systems/izumi/system-configuration.scm
+++ b/systems/izumi/system-configuration.scm
@@ -1,7 +1,6 @@
(define-module (systems izumi system-configuration)
#:use-module (suweren commons sudoers))
-(define smtpd-keys "/secrets/smtpd")
(define radicale-keys "/secrets/radicale/keys")
(define dovecot-keys "/secrets/dovecot")
@@ -276,93 +275,6 @@
shepherd-root-service-type
dkimproxy-out-shepherd-service ) ) ) ) )
-( define aliases-file
- ( mixed-text-file "aliases" "@ vmail\n" ) )
-
-( define relays-file
- ( mixed-text-file
- "other-relays"
- "mx1.forwardemail.net\n"
- "mx2.forwardemail.net\n" ) )
-
-( define blacklist-file
- ( mixed-text-file
- "blacklist"
- "@yahoo.com.cn\n"
- "@qq.com\n"
- "@fnac.com\n"
- "@just-aero.us\n"
- "@elitetorrent1.com\n" ) )
-
-( define ( opensmtpd-conf interface domain )
- ( mixed-text-file
- "smtpd.conf"
- "# This is the smtpd server system-wide configuration file.\n"
- "# See smtpd.conf(5) for more information.\n"
- "\n"
- "# My TLS certificate and key\n"
- "pki marekpasnikowski.pl cert \"/etc/letsencrypt/live/" domain "/fullchain.pem\"\n"
- "pki marekpasnikowski.pl key \"/etc/letsencrypt/live/" domain "/privkey.pem\"\n"
- "\n"
- "# Edit this file to add add more virtual users (passwords are read in that file\n"
- "# instead of /etc/passwd\n"
- "table passwd file:" smtpd-keys "\n"
- "\n"
- "table other-relays file:" relays-file "\n"
- "table blacklist file:" blacklist-file "\n"
- "\n"
- "# A simple spam filter\n"
- "# filter spam-filter phase mail-from match mail-from <blacklist> reject \"555\"\n"
- "\n"
- "# port 25 is used only for receiving from external servers, and they may start\n"
- "# a TLS session if they want.\n"
- "listen on " interface " port 25 # tls pki marekpasnikowski.pl filter spam-filter\n"
- "\n"
- "# For sending messages from outside of this server, you need to authenticate and\n"
- "# use TLS.\n"
- "listen on " interface " port 465 smtps pki marekpasnikowski.pl mask-src auth <passwd>\n"
- "\n"
- "# Localhost is used by the .onion, so we use the same configuration for \n"
- "# local connections."
- "listen on lo port 25 tls pki marekpasnikowski.pl filter spam-filter\n"
- "# Since incoming connection uses tor, we don't need tls, but still require\n"
- "# authentication; we're not a relay\n"
- "# listen on lo port 587 tls pki marekpasnikowski.pl mask-src auth <passwd>\n"
- "\n"
- "# DKIMproxy\n"
- "listen on lo port 10028 tag DKIM_OUT\n"
- "\n"
- "# The socket is considered an internal connection\n"
- "listen on socket mask-src\n"
- "\n"
- "# Maybe it'll work better if we connect to gmail only with v4?\n"
- "# limit mta for domain gmail.com inet4\n"
- "\n"
- "# TODO: manage these files directly in the configuration?\n"
- "# If you edit the file, you have to run \"smtpctl update table aliases\"\n"
- "table aliases file:" aliases-file "\n"
- "\n"
- "# We define some actions\n"
- "action receive lmtp \"/var/run/dovecot/lmtp\" rcpt-to virtual <aliases>\n"
- "action outbound relay helo \"" domain "\"\n"
- "action godkim relay host smtp://127.0.0.1:10027\n"
- "\n"
- "# We accept to relay any mail from authenticated users\n"
- "match for any from any auth action godkim\n"
- "match tag DKIM_OUT for any action outbound\n"
- "\n"
- "# Then, we reject on some other conditions:\n"
- "\n"
- "# If the mail tries to impersonate us\n"
- "# match !from src <other-relays> mail-from \"@marekpasnikowski.pl\" for any reject\n"
- "\n"
- "# If it comes from someone on the blacklist\n"
- "match from any mail-from <blacklist> reject\n"
- "\n"
- "# Finally, if we accept incoming messages\n"
- "match from any for domain \"marekpasnikowski.pl\" action receive\n"
- "match for local action receive\n" ) )
-
( define ( wip-dkim-service domain )
( service dkimproxy-out-service-type
( dkimproxy-out-configuration
@@ -380,15 +292,9 @@
( method "mofws" )
( type 'domainkeys ) ) ) ) ) ) ) ) )
-( define ( wip-smtp-service interface domain )
- ( service opensmtpd-service-type
- ( opensmtpd-configuration
- ( config-file ( opensmtpd-conf interface domain ) ) ) ) )
-
( define* ( wip-mail-services #:key interface domain )
( list
- ( wip-dkim-service domain )
- ( wip-smtp-service interface domain ) ) )
+ ( wip-dkim-service domain ) ) )
( operating-system
( bootloader
@@ -473,6 +379,7 @@
#:domain "marekpasnikowski.pl" )
( list
(@ (users id1000) dovecot-service)
+ (@ (users id1000) smtp-service)
(service (service-type (inherit certbot-service-type)
(extensions (map (lambda (extension)
(if (eq? (service-extension-target extension)
generated by cgit v1.2.3 (git 2.50.1) at 2025-11-04 13:21:13 +0000