2022-04-27 08:48:40 +00:00
|
|
|
{ config, pkgs, lib, ... }:
|
|
|
|
|
|
|
|
{
|
2022-04-28 07:22:03 +00:00
|
|
|
services.postfix.enable = true;
|
2022-04-27 08:48:40 +00:00
|
|
|
services.postfix.hostname = "mx.uninsane.org";
|
2022-04-28 07:22:03 +00:00
|
|
|
services.postfix.origin = "uninsane.org";
|
|
|
|
services.postfix.destination = ["localhost" "uninsane.org"];
|
|
|
|
|
|
|
|
services.postfix.virtual = ''
|
|
|
|
@uninsane.org colin
|
|
|
|
'';
|
|
|
|
|
|
|
|
services.postfix.extraConfig = ''
|
|
|
|
# smtpd_milters = local:/run/opendkim/opendkim.sock
|
2022-05-06 11:43:17 +00:00
|
|
|
# milter docs: http://www.postfix.org/MILTER_README.html
|
|
|
|
# mail filters for receiving email and authorized SMTP clients
|
|
|
|
# smtpd_milters = inet:185.157.162.190:8891
|
|
|
|
smtpd_milters = unix:/run/opendkim/opendkim.sock
|
|
|
|
# mail filters for sendmail
|
2022-04-28 07:22:03 +00:00
|
|
|
non_smtpd_milters = $smtpd_milters
|
|
|
|
milter_default_action = accept
|
2022-05-06 11:43:17 +00:00
|
|
|
inet_protocols = ipv4
|
2022-04-28 07:22:03 +00:00
|
|
|
'';
|
|
|
|
|
2022-05-06 11:43:17 +00:00
|
|
|
systemd.services.postfix.after = ["wg0veth.service"];
|
|
|
|
systemd.services.postfix.serviceConfig = {
|
|
|
|
# run this behind the OVPN static VPN
|
|
|
|
NetworkNamespacePath = "/run/netns/ovpns";
|
|
|
|
};
|
|
|
|
|
|
|
|
|
2022-04-28 07:22:03 +00:00
|
|
|
services.opendkim.enable = true;
|
2022-05-06 11:43:17 +00:00
|
|
|
# services.opendkim.domains = "csl:uninsane.org";
|
|
|
|
services.opendkim.domains = "uninsane.org";
|
2022-04-28 07:22:03 +00:00
|
|
|
|
|
|
|
# we use a custom (inet) socket, because the default perms
|
2022-05-06 11:43:17 +00:00
|
|
|
# of the unix socket don't allow postfix to connect.
|
|
|
|
# this sits on the machine-local 10.0.1 interface because it's the closest
|
|
|
|
# thing to a loopback interface shared by postfix and opendkim netns.
|
|
|
|
# services.opendkim.socket = "inet:8891@185.157.162.190";
|
|
|
|
# services.opendkim.socket = "local:/run/opendkim.sock";
|
2022-04-28 07:22:03 +00:00
|
|
|
# selectors can be used to disambiguate sender machines.
|
|
|
|
# keeping this the same as the hostname seems simplest
|
|
|
|
services.opendkim.selector = "mx";
|
2022-05-03 00:44:15 +00:00
|
|
|
|
2022-05-06 11:43:17 +00:00
|
|
|
systemd.services.opendkim.after = ["wg0veth.service"];
|
|
|
|
systemd.services.opendkim.serviceConfig = {
|
2022-05-03 00:44:15 +00:00
|
|
|
# run this behind the OVPN static VPN
|
|
|
|
NetworkNamespacePath = "/run/netns/ovpns";
|
2022-05-06 11:43:17 +00:00
|
|
|
# /run/opendkim/opendkim.sock needs to be rw by postfix
|
|
|
|
UMask = lib.mkForce "0011";
|
2022-05-03 00:44:15 +00:00
|
|
|
};
|
2022-04-27 08:48:40 +00:00
|
|
|
}
|