summaryrefslogtreecommitdiff
path: root/src/Propellor
diff options
context:
space:
mode:
authorJoey Hess2015-01-08 21:41:55 -0400
committerJoey Hess2015-01-08 21:41:55 -0400
commit660b5d7f9330c80682c57e1fb614c34eb7e96b22 (patch)
treef40e89e278dd82b89a8ee9f98b45270d125b6102 /src/Propellor
parentcde0dd97e03dfdfece1538beba7cbb2ad4dfb2cb (diff)
propellor spin
Diffstat (limited to 'src/Propellor')
-rw-r--r--src/Propellor/Property/SiteSpecific/JoeySites.hs45
1 files changed, 29 insertions, 16 deletions
diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs
index 92362b99..abea9bf8 100644
--- a/src/Propellor/Property/SiteSpecific/JoeySites.hs
+++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs
@@ -445,20 +445,7 @@ kiteMailServer = propertyList "kitenet.net mail server"
`describe` "amavisd-milter configured for postfix"
, Apt.serviceInstalledRunning "clamav-freshclam"
- , Apt.serviceInstalledRunning "opendkim"
- , propertyList "opendkim configured"
- [ "/etc/default/opendkim" `File.containsLine`
- "SOCKET=\"inet:8891@localhost\""
- , "/etc/opendkim.conf" `File.containsLines`
- [ "KeyFile /etc/mail/dkim.key"
- , "SubDomains yes"
- , "Domain *"
- , "Selector mail"
- ]
- , File.hasPrivContent "/etc/mail/dkim.key" ctx
- , File.ownerGroup "/etc/mail/dkim.key" "opendkim" "opendkim"
- ]
- `onChange` Service.restarted "opendkum"
+ , dkimInstalled
, Apt.installed ["maildrop"]
, "/etc/maildroprc" `File.hasContent`
@@ -528,9 +515,13 @@ kiteMailServer = propertyList "kitenet.net mail server"
, "# Enable postgrey."
, "smtpd_recipient_restrictions = permit_tls_clientcerts,permit_mynetworks,reject_unauth_destination,check_policy_service inet:127.0.0.1:10023"
- , "# Enable spamass-milter and amavis-milter."
- , "smtpd_milters = unix:/spamass/spamass.sock unix:amavis/amavis.sock"
+ , "# Enable spamass-milter, amavis-milter, opendkim"
+ , "smtpd_milters = unix:/spamass/spamass.sock unix:amavis/amavis.sock inet:localhost:8891"
+ , "# opendkim is used for outgoing mail"
+ , "non_smtpd_milters = inet:localhost:8891"
, "milter_connect_macros = j {daemon_name} v {if_name} _"
+ , "# If a milter is broken, fall back to just accepting mail."
+ , "milter_default_action = accept"
, "# TLS setup -- server"
, "smtpd_tls_CAfile = /etc/ssl/certs/joeyca.pem"
@@ -598,6 +589,28 @@ kiteMailServer = propertyList "kitenet.net mail server"
pinescript = "/usr/local/bin/pine"
dovecotusers = "/etc/dovecot/users"
+dkimInstalled :: Property
+dkimInstalled = propertyList "opendkim installed"
+ [ Apt.serviceInstalledRunning "opendkim"
+ , "/etc/default/opendkim" `File.containsLine`
+ "SOCKET=\"inet:8891@localhost\""
+ , "/etc/opendkim.conf" `File.containsLines`
+ [ "KeyFile /etc/mail/dkim.key"
+ , "SubDomains yes"
+ , "Domain *"
+ , "Selector mail"
+ ]
+ , File.hasPrivContent "/etc/mail/dkim.key" (Context "kitenet.net")
+ , File.ownerGroup "/etc/mail/dkim.key" "opendkim" "opendkim"
+ ]
+ `onChange` Service.restarted "opendkum"
+
+-- This is the dkim public key, corresponding with /etc/mail/dkim.key
+-- This value can be included in a domain's additional records to make
+-- it use this domainkey.
+domainKey :: (BindDomain, Record)
+domainKey = (RelDomain "mail._domainkey", TXT "v=DKIM1; k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCc+/rfzNdt5DseBBmfB3C6sVM7FgVvf4h1FeCfyfwPpVcmPdW6M2I+NtJsbRkNbEICxiP6QY2UM0uoo9TmPqLgiCCG2vtuiG6XMsS0Y/gGwqKM7ntg/7vT1Go9vcquOFFuLa5PnzpVf8hB9+PMFdS4NPTvWL2c5xxshl/RJzICnQIDAQAB")
+
hasJoeyCAChain :: Property
hasJoeyCAChain = "/etc/ssl/certs/joeyca.pem" `File.hasPrivContentExposed`
Context "joeyca.pem"