From 8e3400b54221499cc03fffcb1993f6f8918848b5 Mon Sep 17 00:00:00 2001 From: Marek Paśnikowski Date: Thu, 12 Sep 2024 15:40:23 +0200 Subject: refactor(id1000): implement dkimproxy in user module --- systems/izumi/izumi.org | 256 +---------------- systems/izumi/system-configuration.scm | 493 +++++++++++++++++---------------- users/id1000.scm | 254 ++++++++++++++++- 3 files changed, 501 insertions(+), 502 deletions(-) diff --git a/systems/izumi/izumi.org b/systems/izumi/izumi.org index 602b621..f9094c5 100644 --- a/systems/izumi/izumi.org +++ b/systems/izumi/izumi.org @@ -54,258 +54,6 @@ (define hosts-izumi (local-file "system-files/hosts")) - ( define-record-type* - - dkimproxy-out-signature-configuration - make-dkimproxy-out-signature-configuration - dkimproxy-out-signature-configuration? - ( type - dkimproxy-out-signature-configuration-type - ( default 'dkim ) ) - ( key - dkimproxy-out-signature-configuration-key - ( default #f ) ) - ( algorithm - dkimproxy-out-signature-configuration-algorithm - ( default #f ) ) - ( method - dkimproxy-out-signature-configuration-method - ( default #f) ) - ( domain - dkimproxy-out-signature-configuration-domain - ( default #f ) ) - ( identity - dkimproxy-out-signature-configuration-identity - ( default #f ) ) - ( selector - dkimproxy-out-signature-configuration-selector - ( default #f ) ) ) - - ( define generate-dkimproxy-out-signature-configuration - ( match-lambda - ( ( $ - - type - key - algorithm - method - domain - identity - selector ) - ( string-append - ( match type - ( 'dkim "dkim" ) - ( 'domainkeys "domainkeys" ) ) - ( if ( or key algorithm method domain identity selector ) - ( string-append - "(" - ( string-join - `( ,@ ( if key - ( list ( string-append "key=" key ) ) - '() ) - ,@ ( if algorithm - ( list ( string-append "a=" algorithm ) ) - '() ) - ,@ ( if method - ( list ( string-append "c=" method ) ) - '() ) - ,@ ( if domain - ( list ( string-append "d=" domain ) ) - '() ) - ,@ ( if identity - ( list ( string-append "i=" identity ) ) - '() ) - ,@ ( if selector - ( list ( string-append "s=" selector ) ) - '() ) ) - "," ) - ")" ) - "" ) ) ) ) ) - - ( define-record-type* - - dkimproxy-out-configuration - make-dkimproxy-out-configuration - dkimproxy-out-configuration? - ( package - dkimproxy-out-configuration-package - ( default dkimproxy ) ) - ( listen - dkimproxy-out-configuration-listen - ( default #f ) ) - ( relay - dkimproxy-out-configuration-relay - ( default #f ) ) - ( list-id-map - dkimproxy-out-configuration-list-id-map - ( default '() ) ) - ( sender-map - dkimproxy-out-configuration-sender-map - ( default '() ) ) - ( reject-error? - dkimproxy-out-configuration-sender-reject-error? - ( default #f ) ) - ( config-file - dkimproxy-out-configuration-config-file - ( default #f ) ) ) - - ( define ( generate-map-file config filename ) - ( apply - plain-file - filename - ( map ( lambda ( config ) - ( match config - ( ( selector ( config ... ) ) - ( string-append - selector " " - ( string-join - ( map - generate-dkimproxy-out-signature-configuration - config ) - "\n") ) ) - ( ( selector config ) - ( string-append - selector " " - ( generate-dkimproxy-out-signature-configuration - config ) ) ) ) ) - config ) ) ) - - ( define dkimproxy-out-shepherd-service - ( match-lambda - ( ( $ - - package - listen - relay - list-id-map - sender-map - reject-error? - config-file ) - ( list - ( shepherd-service - ( provision '( dkimproxy-out ) ) - ( requirement '( loopback ) ) - ( documentation "Outbound DKIM proxy." ) - ( start - ( let ( ( proxy ( file-append package "/bin/dkimproxy.out" ) ) ) - ( if config-file - #~ - ( make-forkexec-constructor - ( list - #$ - proxy - ( string-append "--conf_file=" #$ config-file ) - "--pidfile=/var/run/dkimproxy.out.pid" - "--user=dkimproxy" "--group=dkimproxy" ) - #:pid-file "/var/run/dkimproxy.out.pid" ) - ( let* - ( ( first-signature - ( match sender-map - ( ( ( sender ( signature _ ... ) ) _ ... ) signature ) - ( ( ( sender signature ) _ ... ) signature ) ) ) - ( domains - ( apply append - ( map - ( lambda ( sender ) - ( match sender - ( ( ( domains ... ) config ) domains ) - ( ( domain config ) domain ) ) ) - sender-map ) ) ) - ( sender-map - ( generate-map-file sender-map "sender.map" ) ) - ( listid-map - ( if ( null? list-id-map ) - #f - ( generate-map-file list-id-map "listid.map" ) ) ) - ( keyfile - ( dkimproxy-out-signature-configuration-key - first-signature ) ) - ( selector - ( dkimproxy-out-signature-configuration-selector - first-signature ) ) - ( method - ( dkimproxy-out-signature-configuration-method - first-signature ) ) - ( signature - ( match ( dkimproxy-out-signature-configuration-type - first-signature ) - ( 'dkim "dkim" ) - ( 'domainkeys "domainkeys" ) ) ) ) - #~ - ( make-forkexec-constructor - `( ,#$ - proxy - "--pidfile=/var/run/dkimproxy.out.pid" - "--user=dkimproxy" "--group=dkimproxy" - ,( string-append "--listen=" #$ listen ) - ,( string-append "--relay=" #$ relay ) - ,( string-append "--sender_map=" #$ sender-map ) - ,@ ( if #$ listid-map - ( list - ( string-append "--listid_map=" #$ listid-map ) ) - '() ) - ,( string-append "--domain=" #$ domains ) - ,( string-append "--keyfile=" #$ keyfile ) - ,( string-append "--selector=" #$ selector ) - ,@ ( if #$ method - ( list - ( string-append "--method=" #$ method ) ) - '() ) - ,@ ( if #$ reject-error? - '( "--reject_error" ) - '() ) - ,@ ( if #$ signature - ( list - ( string-append "--signature=" #$ signature ) ) - '() ) ) ) ) ) ) ) - ( stop #~ ( make-kill-destructor ) ) ) ) ) ) ) - - ( define %dkimproxy-accounts - ( list ( user-group - ( name "dkimproxy" ) - ( system? #t ) ) - ( user-account - ( name "dkimproxy" ) - ( group "dkimproxy" ) - ( system? #t ) - ( comment "Dkimproxy user" ) - ( home-directory "/var/empty" ) - ( shell ( file-append shadow "/sbin/nologin" ) ) ) ) ) - - ( define dkimproxy-out-service-type - ( service-type - ( name 'dkimproxy-out ) - ( description "stub" ) - ( extensions - ( list - ( service-extension - account-service-type - ( const %dkimproxy-accounts ) ) - ( service-extension - shepherd-root-service-type - dkimproxy-out-shepherd-service ) ) ) ) ) - - ( define ( wip-dkim-service domain ) - ( service dkimproxy-out-service-type - ( dkimproxy-out-configuration - ( listen "127.0.0.1:10027" ) - ( relay "127.0.0.1:10028" ) - ( sender-map - `( ( ,domain - ( ,( dkimproxy-out-signature-configuration - ( algorithm "rsa-sha256" ) - ( key "/etc/mail/dkim/marekpasnikowski.pl.key" ) - ( method "relaxed" ) - ( selector "dkim" ) - ( type 'dkim ) ) - ,( dkimproxy-out-signature-configuration - ( method "mofws" ) - ( type 'domainkeys ) ) ) ) ) ) ) ) ) - - ( define* ( wip-mail-services #:key interface domain ) - ( list - ( wip-dkim-service domain ) ) ) - ( operating-system ( bootloader ( bootloader-configuration @@ -384,10 +132,8 @@ ( authorized-keys authorized-keys ) ( extra-options extra-options ) ( substitute-urls substitute-urls ) ) ) ) ) - ( wip-mail-services - #:interface "enp1s0" - #:domain "marekpasnikowski.pl" ) ( list + (@ (users id1000) dkim-service) (@ (users id1000) dovecot-service) (@ (users id1000) smtp-service) (service (service-type (inherit certbot-service-type) diff --git a/systems/izumi/system-configuration.scm b/systems/izumi/system-configuration.scm index f8dfd8f..96d10ce 100644 --- a/systems/izumi/system-configuration.scm +++ b/systems/izumi/system-configuration.scm @@ -44,257 +44,257 @@ (define hosts-izumi (local-file "system-files/hosts")) -( define-record-type* - - dkimproxy-out-signature-configuration - make-dkimproxy-out-signature-configuration - dkimproxy-out-signature-configuration? - ( type - dkimproxy-out-signature-configuration-type - ( default 'dkim ) ) - ( key - dkimproxy-out-signature-configuration-key - ( default #f ) ) - ( algorithm - dkimproxy-out-signature-configuration-algorithm - ( default #f ) ) - ( method - dkimproxy-out-signature-configuration-method - ( default #f) ) - ( domain - dkimproxy-out-signature-configuration-domain - ( default #f ) ) - ( identity - dkimproxy-out-signature-configuration-identity - ( default #f ) ) - ( selector - dkimproxy-out-signature-configuration-selector - ( default #f ) ) ) +;; ( define-record-type* +;; +;; dkimproxy-out-signature-configuration +;; make-dkimproxy-out-signature-configuration +;; dkimproxy-out-signature-configuration? +;; ( type +;; dkimproxy-out-signature-configuration-type +;; ( default 'dkim ) ) +;; ( key +;; dkimproxy-out-signature-configuration-key +;; ( default #f ) ) +;; ( algorithm +;; dkimproxy-out-signature-configuration-algorithm +;; ( default #f ) ) +;; ( method +;; dkimproxy-out-signature-configuration-method +;; ( default #f) ) +;; ( domain +;; dkimproxy-out-signature-configuration-domain +;; ( default #f ) ) +;; ( identity +;; dkimproxy-out-signature-configuration-identity +;; ( default #f ) ) +;; ( selector +;; dkimproxy-out-signature-configuration-selector +;; ( default #f ) ) ) -( define generate-dkimproxy-out-signature-configuration - ( match-lambda - ( ( $ - - type - key - algorithm - method - domain - identity - selector ) - ( string-append - ( match type - ( 'dkim "dkim" ) - ( 'domainkeys "domainkeys" ) ) - ( if ( or key algorithm method domain identity selector ) - ( string-append - "(" - ( string-join - `( ,@ ( if key - ( list ( string-append "key=" key ) ) - '() ) - ,@ ( if algorithm - ( list ( string-append "a=" algorithm ) ) - '() ) - ,@ ( if method - ( list ( string-append "c=" method ) ) - '() ) - ,@ ( if domain - ( list ( string-append "d=" domain ) ) - '() ) - ,@ ( if identity - ( list ( string-append "i=" identity ) ) - '() ) - ,@ ( if selector - ( list ( string-append "s=" selector ) ) - '() ) ) - "," ) - ")" ) - "" ) ) ) ) ) +;; ( define generate-dkimproxy-out-signature-configuration +;; ( match-lambda +;; ( ( $ +;; +;; type +;; key +;; algorithm +;; method +;; domain +;; identity +;; selector ) +;; ( string-append +;; ( match type +;; ( 'dkim "dkim" ) +;; ( 'domainkeys "domainkeys" ) ) +;; ( if ( or key algorithm method domain identity selector ) +;; ( string-append +;; "(" +;; ( string-join +;; `( ,@ ( if key +;; ( list ( string-append "key=" key ) ) +;; '() ) +;; ,@ ( if algorithm +;; ( list ( string-append "a=" algorithm ) ) +;; '() ) +;; ,@ ( if method +;; ( list ( string-append "c=" method ) ) +;; '() ) +;; ,@ ( if domain +;; ( list ( string-append "d=" domain ) ) +;; '() ) +;; ,@ ( if identity +;; ( list ( string-append "i=" identity ) ) +;; '() ) +;; ,@ ( if selector +;; ( list ( string-append "s=" selector ) ) +;; '() ) ) +;; "," ) +;; ")" ) +;; "" ) ) ) ) ) -( define-record-type* - - dkimproxy-out-configuration - make-dkimproxy-out-configuration - dkimproxy-out-configuration? - ( package - dkimproxy-out-configuration-package - ( default dkimproxy ) ) - ( listen - dkimproxy-out-configuration-listen - ( default #f ) ) - ( relay - dkimproxy-out-configuration-relay - ( default #f ) ) - ( list-id-map - dkimproxy-out-configuration-list-id-map - ( default '() ) ) - ( sender-map - dkimproxy-out-configuration-sender-map - ( default '() ) ) - ( reject-error? - dkimproxy-out-configuration-sender-reject-error? - ( default #f ) ) - ( config-file - dkimproxy-out-configuration-config-file - ( default #f ) ) ) +;; ( define-record-type* +;; +;; dkimproxy-out-configuration +;; make-dkimproxy-out-configuration +;; dkimproxy-out-configuration? +;; ( package +;; dkimproxy-out-configuration-package +;; ( default dkimproxy ) ) +;; ( listen +;; dkimproxy-out-configuration-listen +;; ( default #f ) ) +;; ( relay +;; dkimproxy-out-configuration-relay +;; ( default #f ) ) +;; ( list-id-map +;; dkimproxy-out-configuration-list-id-map +;; ( default '() ) ) +;; ( sender-map +;; dkimproxy-out-configuration-sender-map +;; ( default '() ) ) +;; ( reject-error? +;; dkimproxy-out-configuration-sender-reject-error? +;; ( default #f ) ) +;; ( config-file +;; dkimproxy-out-configuration-config-file +;; ( default #f ) ) ) -( define ( generate-map-file config filename ) - ( apply - plain-file - filename - ( map ( lambda ( config ) - ( match config - ( ( selector ( config ... ) ) - ( string-append - selector " " - ( string-join - ( map - generate-dkimproxy-out-signature-configuration - config ) - "\n") ) ) - ( ( selector config ) - ( string-append - selector " " - ( generate-dkimproxy-out-signature-configuration - config ) ) ) ) ) - config ) ) ) +;; ( define ( generate-map-file config filename ) +;; ( apply +;; plain-file +;; filename +;; ( map ( lambda ( config ) +;; ( match config +;; ( ( selector ( config ... ) ) +;; ( string-append +;; selector " " +;; ( string-join +;; ( map +;; generate-dkimproxy-out-signature-configuration +;; config ) +;; "\n") ) ) +;; ( ( selector config ) +;; ( string-append +;; selector " " +;; ( generate-dkimproxy-out-signature-configuration +;; config ) ) ) ) ) +;; config ) ) ) -( define dkimproxy-out-shepherd-service - ( match-lambda - ( ( $ - - package - listen - relay - list-id-map - sender-map - reject-error? - config-file ) - ( list - ( shepherd-service - ( provision '( dkimproxy-out ) ) - ( requirement '( loopback ) ) - ( documentation "Outbound DKIM proxy." ) - ( start - ( let ( ( proxy ( file-append package "/bin/dkimproxy.out" ) ) ) - ( if config-file - #~ - ( make-forkexec-constructor - ( list - #$ - proxy - ( string-append "--conf_file=" #$ config-file ) - "--pidfile=/var/run/dkimproxy.out.pid" - "--user=dkimproxy" "--group=dkimproxy" ) - #:pid-file "/var/run/dkimproxy.out.pid" ) - ( let* - ( ( first-signature - ( match sender-map - ( ( ( sender ( signature _ ... ) ) _ ... ) signature ) - ( ( ( sender signature ) _ ... ) signature ) ) ) - ( domains - ( apply append - ( map - ( lambda ( sender ) - ( match sender - ( ( ( domains ... ) config ) domains ) - ( ( domain config ) domain ) ) ) - sender-map ) ) ) - ( sender-map - ( generate-map-file sender-map "sender.map" ) ) - ( listid-map - ( if ( null? list-id-map ) - #f - ( generate-map-file list-id-map "listid.map" ) ) ) - ( keyfile - ( dkimproxy-out-signature-configuration-key - first-signature ) ) - ( selector - ( dkimproxy-out-signature-configuration-selector - first-signature ) ) - ( method - ( dkimproxy-out-signature-configuration-method - first-signature ) ) - ( signature - ( match ( dkimproxy-out-signature-configuration-type - first-signature ) - ( 'dkim "dkim" ) - ( 'domainkeys "domainkeys" ) ) ) ) - #~ - ( make-forkexec-constructor - `( ,#$ - proxy - "--pidfile=/var/run/dkimproxy.out.pid" - "--user=dkimproxy" "--group=dkimproxy" - ,( string-append "--listen=" #$ listen ) - ,( string-append "--relay=" #$ relay ) - ,( string-append "--sender_map=" #$ sender-map ) - ,@ ( if #$ listid-map - ( list - ( string-append "--listid_map=" #$ listid-map ) ) - '() ) - ,( string-append "--domain=" #$ domains ) - ,( string-append "--keyfile=" #$ keyfile ) - ,( string-append "--selector=" #$ selector ) - ,@ ( if #$ method - ( list - ( string-append "--method=" #$ method ) ) - '() ) - ,@ ( if #$ reject-error? - '( "--reject_error" ) - '() ) - ,@ ( if #$ signature - ( list - ( string-append "--signature=" #$ signature ) ) - '() ) ) ) ) ) ) ) - ( stop #~ ( make-kill-destructor ) ) ) ) ) ) ) +;; ( define dkimproxy-out-shepherd-service +;; ( match-lambda +;; ( ( $ +;; +;; package +;; listen +;; relay +;; list-id-map +;; sender-map +;; reject-error? +;; config-file ) +;; ( list +;; ( shepherd-service +;; ( provision '( dkimproxy-out ) ) +;; ( requirement '( loopback ) ) +;; ( documentation "Outbound DKIM proxy." ) +;; ( start +;; ( let ( ( proxy ( file-append package "/bin/dkimproxy.out" ) ) ) +;; ( if config-file +;; #~ +;; ( make-forkexec-constructor +;; ( list +;; #$ +;; proxy +;; ( string-append "--conf_file=" #$ config-file ) +;; "--pidfile=/var/run/dkimproxy.out.pid" +;; "--user=dkimproxy" "--group=dkimproxy" ) +;; #:pid-file "/var/run/dkimproxy.out.pid" ) +;; ( let* +;; ( ( first-signature +;; ( match sender-map +;; ( ( ( sender ( signature _ ... ) ) _ ... ) signature ) +;; ( ( ( sender signature ) _ ... ) signature ) ) ) +;; ( domains +;; ( apply append +;; ( map +;; ( lambda ( sender ) +;; ( match sender +;; ( ( ( domains ... ) config ) domains ) +;; ( ( domain config ) domain ) ) ) +;; sender-map ) ) ) +;; ( sender-map +;; ( generate-map-file sender-map "sender.map" ) ) +;; ( listid-map +;; ( if ( null? list-id-map ) +;; #f +;; ( generate-map-file list-id-map "listid.map" ) ) ) +;; ( keyfile +;; ( dkimproxy-out-signature-configuration-key +;; first-signature ) ) +;; ( selector +;; ( dkimproxy-out-signature-configuration-selector +;; first-signature ) ) +;; ( method +;; ( dkimproxy-out-signature-configuration-method +;; first-signature ) ) +;; ( signature +;; ( match ( dkimproxy-out-signature-configuration-type +;; first-signature ) +;; ( 'dkim "dkim" ) +;; ( 'domainkeys "domainkeys" ) ) ) ) +;; #~ +;; ( make-forkexec-constructor +;; `( ,#$ +;; proxy +;; "--pidfile=/var/run/dkimproxy.out.pid" +;; "--user=dkimproxy" "--group=dkimproxy" +;; ,( string-append "--listen=" #$ listen ) +;; ,( string-append "--relay=" #$ relay ) +;; ,( string-append "--sender_map=" #$ sender-map ) +;; ,@ ( if #$ listid-map +;; ( list +;; ( string-append "--listid_map=" #$ listid-map ) ) +;; '() ) +;; ,( string-append "--domain=" #$ domains ) +;; ,( string-append "--keyfile=" #$ keyfile ) +;; ,( string-append "--selector=" #$ selector ) +;; ,@ ( if #$ method +;; ( list +;; ( string-append "--method=" #$ method ) ) +;; '() ) +;; ,@ ( if #$ reject-error? +;; '( "--reject_error" ) +;; '() ) +;; ,@ ( if #$ signature +;; ( list +;; ( string-append "--signature=" #$ signature ) ) +;; '() ) ) ) ) ) ) ) +;; ( stop #~ ( make-kill-destructor ) ) ) ) ) ) ) -( define %dkimproxy-accounts - ( list ( user-group - ( name "dkimproxy" ) - ( system? #t ) ) - ( user-account - ( name "dkimproxy" ) - ( group "dkimproxy" ) - ( system? #t ) - ( comment "Dkimproxy user" ) - ( home-directory "/var/empty" ) - ( shell ( file-append shadow "/sbin/nologin" ) ) ) ) ) +;; ( define %dkimproxy-accounts +;; ( list ( user-group +;; ( name "dkimproxy" ) +;; ( system? #t ) ) +;; ( user-account +;; ( name "dkimproxy" ) +;; ( group "dkimproxy" ) +;; ( system? #t ) +;; ( comment "Dkimproxy user" ) +;; ( home-directory "/var/empty" ) +;; ( shell ( file-append shadow "/sbin/nologin" ) ) ) ) ) -( define dkimproxy-out-service-type - ( service-type - ( name 'dkimproxy-out ) - ( description "stub" ) - ( extensions - ( list - ( service-extension - account-service-type - ( const %dkimproxy-accounts ) ) - ( service-extension - shepherd-root-service-type - dkimproxy-out-shepherd-service ) ) ) ) ) +;; ( define dkimproxy-out-service-type +;; ( service-type +;; ( name 'dkimproxy-out ) +;; ( description "stub" ) +;; ( extensions +;; ( list +;; ( service-extension +;; account-service-type +;; ( const %dkimproxy-accounts ) ) +;; ( service-extension +;; shepherd-root-service-type +;; dkimproxy-out-shepherd-service ) ) ) ) ) -( define ( wip-dkim-service domain ) - ( service dkimproxy-out-service-type - ( dkimproxy-out-configuration - ( listen "127.0.0.1:10027" ) - ( relay "127.0.0.1:10028" ) - ( sender-map - `( ( ,domain - ( ,( dkimproxy-out-signature-configuration - ( algorithm "rsa-sha256" ) - ( key "/etc/mail/dkim/marekpasnikowski.pl.key" ) - ( method "relaxed" ) - ( selector "dkim" ) - ( type 'dkim ) ) - ,( dkimproxy-out-signature-configuration - ( method "mofws" ) - ( type 'domainkeys ) ) ) ) ) ) ) ) ) +;; ( define ( wip-dkim-service domain ) +;; ( service dkimproxy-out-service-type +;; ( dkimproxy-out-configuration +;; ( listen "127.0.0.1:10027" ) +;; ( relay "127.0.0.1:10028" ) +;; ( sender-map +;; `( ( ,domain +;; ( ,( (@ (users id1000) dkimproxy-out-signature-configuration) +;; ( algorithm "rsa-sha256" ) +;; ( key "/etc/mail/dkim/marekpasnikowski.pl.key" ) +;; ( method "relaxed" ) +;; ( selector "dkim" ) +;; ( type 'dkim ) ) +;; ,( (@ (users id1000) dkimproxy-out-signature-configuration) +;; ( method "mofws" ) +;; ( type 'domainkeys ) ) ) ) ) ) ) ) ) -( define* ( wip-mail-services #:key interface domain ) - ( list - ( wip-dkim-service domain ) ) ) +;; ( define* ( wip-mail-services #:key interface domain ) +;; ( list +;; ( wip-dkim-service domain ) ) ) ( operating-system ( bootloader @@ -374,10 +374,11 @@ ( authorized-keys authorized-keys ) ( extra-options extra-options ) ( substitute-urls substitute-urls ) ) ) ) ) - ( wip-mail-services - #:interface "enp1s0" - #:domain "marekpasnikowski.pl" ) + ;; ( wip-mail-services + ;; #:interface "enp1s0" + ;; #:domain "marekpasnikowski.pl" ) ( list + (@ (users id1000) dkim-service) (@ (users id1000) dovecot-service) (@ (users id1000) smtp-service) (service (service-type (inherit certbot-service-type) diff --git a/users/id1000.scm b/users/id1000.scm index 0253061..cfc4827 100644 --- a/users/id1000.scm +++ b/users/id1000.scm @@ -29,7 +29,242 @@ #:use-module (guix gexp) ;; %suweren-home-services - #:use-module (suweren home)) + #:use-module (suweren home) + + #:use-module (guix records) + #:use-module (ice-9 match)) + +(define-record-type* + dkimproxy-out-signature-configuration + make-dkimproxy-out-signature-configuration + dkimproxy-out-signature-configuration? + (type dkimproxy-out-signature-configuration-type + (default 'dkim)) + (key dkimproxy-out-signature-configuration-key + (default #f)) + (algorithm dkimproxy-out-signature-configuration-algorithm + (default #f)) + (method dkimproxy-out-signature-configuration-method + (default #f)) + (domain dkimproxy-out-signature-configuration-domain + (default #f)) + (identity dkimproxy-out-signature-configuration-identity + (default #f)) + (selector dkimproxy-out-signature-configuration-selector + (default #f))) + +(define-public generate-dkimproxy-out-signature-configuration + (match-lambda + (($ + + type + key + algorithm + method + domain + identity + selector ) + (string-append + (match type + ('dkim "dkim") + ('domainkeys "domainkeys")) + (if (or key algorithm method domain identity selector) + (string-append + "(" + (string-join + `(,@ (if key + (list (string-append "key=" key)) + '()) + ,@ (if algorithm + (list (string-append "a=" algorithm)) + '()) + ,@ (if method + (list (string-append "c=" method)) + '()) + ,@ (if domain + (list (string-append "d=" domain)) + '()) + ,@ (if identity + (list (string-append "i=" identity)) + '()) + ,@ (if selector + (list (string-append "s=" selector)) + '())) + ",") + ")") + ""))))) + +(define-record-type* + dkimproxy-out-configuration + make-dkimproxy-out-configuration + dkimproxy-out-configuration? + (package dkimproxy-out-configuration-package + (default (@ (gnu packages mail) dkimproxy))) + (listen dkimproxy-out-configuration-listen + (default #f)) + (relay dkimproxy-out-configuration-relay + (default #f)) + (list-id-map dkimproxy-out-configuration-list-id-map + (default '())) + (sender-map dkimproxy-out-configuration-sender-map + (default '())) + (reject-error? dkimproxy-out-configuration-sender-reject-error? + (default #f)) + (config-file dkimproxy-out-configuration-config-file + (default #f))) + +(define (generate-map-file config filename) + (apply + plain-file + filename + (map (lambda (config) + (match config + ((selector (config ...)) + (string-append + selector " " + (string-join + (map + generate-dkimproxy-out-signature-configuration + config) + "\n"))) + ((selector config) + (string-append + selector " " + (generate-dkimproxy-out-signature-configuration + config))))) + config))) + +(define dkimproxy-out-shepherd-service + (match-lambda + (($ + + package + listen + relay + list-id-map + sender-map + reject-error? + config-file) + (list + ((@ (gnu services shepherd) shepherd-service) + (provision '(dkimproxy-out)) + (requirement '(loopback)) + (documentation "Outbound DKIM proxy.") + (start + (let ((proxy (file-append package "/bin/dkimproxy.out"))) + (if config-file + #~ + (make-forkexec-constructor + (list + #$ + proxy + (string-append "--conf_file=" #$ config-file) + "--pidfile=/var/run/dkimproxy.out.pid" + "--user=dkimproxy" "--group=dkimproxy") + #:pid-file "/var/run/dkimproxy.out.pid") + (let* + ((first-signature + (match sender-map + (((sender (signature _ ...)) _ ...) signature) + (((sender signature) _ ...) signature))) + (domains + (apply append + (map + (lambda (sender) + (match sender + (((domains ...) config) domains) + ((domain config) domain))) + sender-map))) + (sender-map + (generate-map-file sender-map "sender.map")) + (listid-map + (if (null? list-id-map) + #f + (generate-map-file list-id-map "listid.map"))) + (keyfile + (dkimproxy-out-signature-configuration-key + first-signature)) + (selector + (dkimproxy-out-signature-configuration-selector + first-signature)) + (method + (dkimproxy-out-signature-configuration-method + first-signature)) + (signature + (match (dkimproxy-out-signature-configuration-type + first-signature) + ('dkim "dkim") + ('domainkeys "domainkeys")))) + #~ + (make-forkexec-constructor + `(,#$ + proxy + "--pidfile=/var/run/dkimproxy.out.pid" + "--user=dkimproxy" "--group=dkimproxy" + ,(string-append "--listen=" #$ listen) + ,(string-append "--relay=" #$ relay) + ,(string-append "--sender_map=" #$ sender-map) + ,@ (if #$ listid-map + (list + (string-append "--listid_map=" #$ listid-map)) + '()) + ,(string-append "--domain=" #$ domains) + ,(string-append "--keyfile=" #$ keyfile) + ,(string-append "--selector=" #$ selector) + ,@ (if #$ method + (list + (string-append "--method=" #$ method)) + '()) + ,@ (if #$ reject-error? + '("--reject_error") + '()) + ,@ (if #$ signature + (list + (string-append "--signature=" #$ signature)) + '()))))))) + (stop #~ (make-kill-destructor))))))) + +(define %dkimproxy-accounts + (list (user-group (name "dkimproxy") + (system? #t)) + (user-account (name "dkimproxy") + (group "dkimproxy") + (system? #t) + (comment "Dkimproxy user") + (home-directory "/var/empty") + (shell (file-append (@ (gnu packages admin) + shadow) + "/sbin/nologin"))))) + +(define dkimproxy-out-service-type + (service-type + (name 'dkimproxy-out) + (description "stub") + (extensions + (list + (service-extension + account-service-type + (const %dkimproxy-accounts)) + (service-extension + (@ (gnu services shepherd) shepherd-root-service-type) + dkimproxy-out-shepherd-service))))) + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +(define dkimproxy-signature-dkim + (dkimproxy-out-signature-configuration + (algorithm "rsa-sha256") + (key "/etc/mail/dkim/marekpasnikowski.pl.key") + (method "relaxed") + (selector "dkim") + (type 'dkim))) + +(define dkimproxy-signature-domainkeys + (dkimproxy-out-signature-configuration + (method "mofws") + (type 'domainkeys))) + +;;;;; (define aliases-file ((@ (guix gexp) mixed-text-file) @@ -45,6 +280,10 @@ "@just-aero.us\n" "@elitetorrent1.com\n")) +(define dkimproxy-signatures-marekpasnikowski + (list dkimproxy-signature-dkim + dkimproxy-signature-domainkeys)) + (define dovecot-imap-login-inet-configuration ((@ (gnu services mail) inet-listener-configuration) (address "192.168.10.2") @@ -105,6 +344,9 @@ ;;; +(define dkimproxy-sender-marekpasnikowski + `("marekpasnikowski.pl" ,dkimproxy-signatures-marekpasnikowski)) + (define dovecot-imap ((@ (gnu services mail) protocol-configuration) (name "imap"))) @@ -229,6 +471,12 @@ ;;; +(define dkimproxy-out-configuration* + (dkimproxy-out-configuration + (listen "127.0.0.1:10027") + (relay "172.0.0.1:10028") + (sender-map `(,dkimproxy-sender-marekpasnikowski)))) + (define dovecot-configuration* ((@ (gnu services mail) dovecot-configuration) (disable-plaintext-auth? #t) @@ -256,6 +504,10 @@ ;;; +(define-public dkim-service + (service dkimproxy-out-service-type + dkimproxy-out-configuration*)) + (define-public dovecot-service (service (@ (gnu services mail) dovecot-service-type) dovecot-configuration*)) -- cgit v1.2.3