config/mail: tweak opensmtpd config

2023-07-15 09:53:40 +02:00 · 2023-07-15 09:53:40 +02:00 · 55d084bcfc
commit 55d084bcfc
parent a7aae03612
2 changed files with 14 additions and 10 deletions
--- a/config/mail.scm
+++ b/config/mail.scm
@ -6,7 +6,12 @@
  #:use-module (services dkim-key)
  #:export (mail-services))

-(define* (opensmtpd-config #:key interface domain aliases dkim-selector)
+(define (key-file domain)
+  (string-append "/etc/letsencrypt/live/" domain "/privkey.pem"))
+(define (cert-file domain)
+  (string-append "/etc/letsencrypt/live/" domain "/fullchain.pem"))
+
+(define* (opensmtpd-config #:key domain aliases dkim-selector)
  (define (format-aliases aliases)
    (format #f "~:{~a: ~a\n~}\n"
            (cons* '("MAILER-DAEMON" "postmaster")
@ -21,25 +26,25 @@
 smtp max-message-size \"1G\"
 table aliases file:" (mixed-text-file "aliases" (format-aliases aliases)) "

-pki " domain " cert \"/etc/letsencrypt/live/" domain "/fullchain.pem\"
-pki " domain " key \"/etc/letsencrypt/live/" domain "/privkey.pem\"
+pki " domain " cert \"" (cert-file domain) "\"
+pki " domain " key \"" (key-file domain) "\"

 filter \"dkimsign\" proc-exec \""
    (file-append opensmtpd-filter-dkimsign "/libexec/opensmtpd/filter-dkimsign")
    " -d " domain " -s " dkim-selector " -k /etc/dkim/" domain ".key\"

 listen on lo port submission mask-src filter \"dkimsign\"
-listen on " interface " tls pki " domain "
-listen on " interface " port submission tls-require pki " domain " auth mask-src filter \"dkimsign\"
+listen on " domain " tls hostname " domain " pki " domain "
+listen on " domain " port submission tls-require hostname " domain " pki " domain " auth mask-src filter \"dkimsign\"

 action \"deliver\" maildir \"%{user.directory}/mail\" alias <aliases>
 action \"relay\" relay

-match from any for domain \"" domain "\" action \"deliver\"
+match from any for domain " domain " action \"deliver\"
 match from any auth for any action \"relay\"
 "))

-(define* (mail-services #:key interface domain aliases dkim-selector)
+(define* (mail-services #:key domain aliases dkim-selector)
  (list (service dkim-key-service-type
                 (dkim-key-configuration
                   (domain domain)
@ -47,8 +52,8 @@ match from any auth for any action \"relay\"

        (service opensmtpd-service-type
                 (opensmtpd-configuration
+                   (shepherd-requirement '(networking))
                   (config-file
-                     (opensmtpd-config #:interface interface
-                                       #:domain domain
+                     (opensmtpd-config #:domain domain
                                       #:aliases aliases
                                       #:dkim-selector dkim-selector))))))