system-configuration

Update dkimproxy-out service to use guix packages and guile config wrapper

Julien LepillerWed Jul 31 09:49:23+0200 2019

7107063

Update dkimproxy-out service to use guix packages and guile config wrapper

modules/config/mail.scm

 accept for local alias <aliases> deliver to maildir
 "))
 (define (dkimproxy-conf domain)
   (mixed-text-file "dkimproxy.out.conf" "
 # specify what address/port DKIMproxy should listen on
 listen    127.0.0.1:10027
 # specify what address/port DKIMproxy forwards mail to
 relay     127.0.0.1:10028
 # specify what domains DKIMproxy can sign for (comma-separated, no spaces)
 domain    " domain "
 # specify what signatures to add
 signature dkim(c=relaxed)
 signature domainkeys(c=nofws)
 # specify location of the private key
 keyfile   /etc/mail/dkim/private.key
 # specify the selector (i.e. the name of the key record put in DNS)
 selector  dkim
 "))
 (define (lepiller-imap-service domain)
   (service dovecot-service-type
            (dovecot-configuration
 (define (lepiller-dkim-service domain)
   (service dkimproxy-out-service-type
            (dkimproxy-out-configuration
              (config-file (dkimproxy-conf domain)))))
              (listen "127.0.0.1:10027")
              (relay "127.0.0.1:10028")
              (sender-map
                `((,domain
                   (,(dkimproxy-out-signature-configuration
                       (type 'dkim)
                       (key "/etc/mail/dkim/private.key")
                       (method "relaxed")
                       (selector "dkim"))
                    ,(dkimproxy-out-signature-configuration
                       (type 'domainkeys)
                       (method "nofws")))))))))
 (define* (lepiller-mail-services #:key interface domain)
   (list

modules/packages/perl.scm unknown status 2

 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright ?? 2019 Julien Lepiller <julien@lepiller.eu>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
 ;;; GNU Guix is free software; you can redistribute it and/or modify it
 ;;; under the terms of the GNU General Public License as published by
 ;;; the Free Software Foundation; either version 3 of the License, or (at
 ;;; your option) any later version.
 ;;;
 ;;; GNU Guix is distributed in the hope that it will be useful, but
 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 ;;; GNU General Public License for more details.
 ;;;
 ;;; You should have received a copy of the GNU General Public License
 ;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
 (define-module (packages perl)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (gnu packages)
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix utils)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system perl)
   #:use-module (gnu packages networking)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages perl-check)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages web))
 (define-public perl-mail-authenticationresults
   (package
     (name "perl-mail-authenticationresults")
     (version "1.20180923")
     (source (origin
               (method url-fetch)
               (uri (string-append
                      "mirror://cpan/authors/id/M/MB/MBRADSHAW/"
                      "Mail-AuthenticationResults-" version ".tar.gz"))
               (sha256
                (base32
                 "1g1wym9vcbhldwvi4w5pl0fhd4jh2icj975awf4wr5xmkli9mxbz"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-test-exception" ,perl-test-exception)))
     (home-page "https://metacpan.org/release/Mail-AuthenticationResults")
     (synopsis "Object Oriented Authentication-Results Headers")
     (description "Mail::AuthenticationResults parses the message header field
 that indicates the message authentication status as per RFC7601.  This module
 is not fully compliant with the RFC but it tries to implement most styles of
 Authentication-Results header seen in the wild.")
     (license license:perl-license)))
 (define-public perl-net-dns-resolver-mock
   (package
     (name "perl-net-dns-resolver-mock")
     (version "1.20171219")
     (source (origin
               (method url-fetch)
               (uri (string-append
                      "mirror://cpan/authors/id/M/MB/MBRADSHAW/"
                      "Net-DNS-Resolver-Mock-" version ".tar.gz"))
               (sha256
                (base32
                 "0m3rxpkv1b9121srvbqkrgzg4m8mnydiydqv34in1i1ixwrl6jn9"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-net-dns" ,perl-net-dns)))
     (home-page "https://metacpan.org/release/Net-DNS-Resolver-Mock")
     (synopsis "Mock a DNS Resolver object for testing")
     (description "Net::DNS::Resolver::Mock is a a subclass of
 @code{Net::DNS::Resolver} which parses a zonefile for it's data source.  It is
 primarily for use in testing.")
     (license license:perl-license)))
 (define-public perl-mail-dkim
   (package
     (name "perl-mail-dkim")
     (version "0.55")
     (source (origin
               (method url-fetch)
               (uri (string-append
                      "mirror://cpan/authors/id/M/MB/MBRADSHAW/Mail-DKIM-"
                      version
                      ".tar.gz"))
               (sha256
                (base32
                 "18nsh1ff6fkns4xk3y2ixmzmadgggydj11qkzj6nlnq2hzqxsafz"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-crypt-openssl-rsa" ,perl-crypt-openssl-rsa)
        ("perl-mail-authenticationresults" ,perl-mail-authenticationresults)
        ("perl-mailtools" ,perl-mailtools)
        ("perl-net-dns" ,perl-net-dns)
        ("perl-net-dns-resolver-mock" ,perl-net-dns-resolver-mock)
        ("perl-test-requiresinternet" ,perl-test-requiresinternet)
        ("perl-yaml-libyaml" ,perl-yaml-libyaml)))
     (home-page "https://metacpan.org/release/Mail-DKIM")
     (synopsis "Signs/verifies Internet mail with DKIM/DomainKey signatures")
     (description "Mail::DKIM is a Perl module that implements the new Domain
 Keys Identified Mail (DKIM) standard, and the older Yahoo! DomainKeys standard,
 both of which sign and verify emails using digital signatures and DNS records.
 Mail-DKIM can be used by any Perl program that wants to provide support for
 DKIM and/or DomainKeys.")
     (license license:gpl3+)))
 (define-public dkimproxy
   (package
     (name "dkimproxy")
     (version "1.4.1")
     (source (origin
               (method url-fetch)
               (uri (string-append
                      "mirror://sourceforge/dkimproxy/dkimproxy/"
                      version "/dkimproxy-" version ".tar.gz"))
               (sha256
                (base32
                 "1gc5c7lg2qrlck7b0lvjfqr824ch6jkrzkpsn0gjvlzg7hfmld75"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
        (modify-phases %standard-phases
          (add-after 'install 'make-wrapper
            (lambda* (#:key inputs outputs #:allow-other-keys)
              (let ((out (assoc-ref outputs "out")))
                (for-each
                  (lambda (prog)
                    (wrap-program (string-append out "/bin/" prog)
                      `("PERL5LIB" ":" prefix
                        (,(string-append (assoc-ref inputs "perl-mail-dkim")
                                         "/lib/perl5/site_perl")
                         ,(string-append (assoc-ref inputs "perl-mailtools")
                                         "/lib/perl5/site_perl")
                         ,(string-append (assoc-ref inputs "perl-crypt-openssl-rsa")
                                         "/lib/perl5/site_perl")
                         ,(string-append (assoc-ref inputs "perl-net-dns")
                                         "/lib/perl5/site_perl")
                         ,(string-append (assoc-ref inputs "perl-net-server")
                                         "/lib/perl5/site_perl")))))
                  '("dkimproxy.in" "dkimproxy.out")))
              #t)))))
     (inputs
      `(("perl" ,perl)
        ("perl-crypt-openssl-rsa" ,perl-crypt-openssl-rsa)
        ("perl-mailtools" ,perl-mailtools)
        ("perl-mail-dkim" ,perl-mail-dkim)
        ("perl-net-dns" ,perl-net-dns)
        ("perl-net-server" ,perl-net-server)))
     (home-page "http://dkimproxy.sourceforge.net/")
     (synopsis "SMTP-proxy for DKIM signing and verifying")
     (description "DKIMproxy is an SMTP-proxy that signs and/or verifies emails,
 using the @code{Mail::DKIM} module.  It is designed for Postfix, but should
 work with any mail server.  It comprises two separate proxies, an outbound
 proxy for signing outgoing email, and an inbound proxy for verifying signatures
 of incoming email.  With Postfix, the proxies can operate as either
 @code{Before-Queue} or @code{After-Queue} content filters.")
     (license license:gpl3+)))

modules/services/mail.scm

   #:use-module (gnu system pam)
   #:use-module (gnu system shadow)
   #:use-module (gnu packages admin)
   #:use-module (gnu packages mail)
   #:use-module (guix gexp)
   #:use-module (guix records)
   #:use-module (ice-9 match)
   #:use-module (packages perl)
   #:export (dkimproxy-out-service-type
             dkimproxy-out-signature-configuration
             dkimproxy-out-signature-configuration-type
             dkimproxy-out-signature-configuration-key
             dkimproxy-out-signature-configuration-algorithm
             dkimproxy-out-signature-configuration-method
             dkimproxy-out-signature-configuration-domain
             dkimproxy-out-signature-configuration-identity
             dkimproxy-out-signature-configuration-selector
             dkimproxy-out-configuration
             dkimproxy-out-configuration-package
             dkimproxy-out-configuration-listen
             dkimproxy-out-configuration-relay
             dkimproxy-out-configuration-list-id-map
             dkimproxy-out-configuration-sender-map
             dkimproxy-out-configuration-reject-error?
             dkimproxy-out-configuration-config-file))
 (define-record-type* <dkimproxy-out-signature-configuration>
   dkimproxy-out-signature-configuration make-dkimproxy-out-signature-configuration
   dkimproxy-out-signature-configuration?
   (type      dkimproxy-out-signature-configuration-type
              (default 'dkim))
   (key       dkimproxy-out-signature-configuration-key
              (default #f))
   (algorithm dkimproxy-out-signature-configuration-algorithm
              (default #f))
   (method    dkimproxy-out-signature-configuration-method
              (default #f))
   (domain    dkimproxy-out-signature-configuration-domain
              (default #f))
   (identity  dkimproxy-out-signature-configuration-identity
              (default #f))
   (selector  dkimproxy-out-signature-configuration-selector
              (default #f)))
 (define generate-dkimproxy-out-signature-configuration
   (match-lambda
     (($ <dkimproxy-out-signature-configuration>
         type key algorithm method domain identity selector)
      (string-append
        (match type
          ('dkim "dkim")
          ('domainkeys "domainkeys"))
        (if (or key algorithm method domain identity selector)
            (string-append
              "("
              (string-join
               `(
                 ,@(if key
                     (list (string-append "key=" key))
                     '())
                ,@(if algorithm
                    (list (string-append "a=" algorithm))
                    '())
                ,@(if method
                    (list (string-append "c=" method))
                    '())
                ,@(if domain
                    (list (string-append "d=" domain))
                    '())
                ,@(if identity
                    (list (string-append "i=" identity))
                    '())
                ,@(if selector
                    (list (string-append "s=" selector))
                    '()))
               ",")
              ")")
            "")))))
 (define-record-type* <dkimproxy-out-configuration>
   dkimproxy-out-configuration make-dkimproxy-out-configuration
   dkimproxy-out-configuration?
   (package     dkimproxy-out-configuration-package
                (default dkimproxy))
   (listen      dkimproxy-out-configuration-listen
                (default #f))
   (relay       dkimproxy-out-configuration-relay
                (default #f))
   (list-id-map dkimproxy-out-configuration-list-id-map
                (default '()))
   (sender-map  dkimproxy-out-configuration-sender-map
                (default '()))
   (reject-error? dkimproxy-out-configuration-sender-reject-error?
                  (default #f))
   (config-file dkimproxy-out-configuration-config-file
                (default %default-dkimproxy-out-configuration-config-file)))
                (default #f)))
 (define %default-dkimproxy-out-configuration-config-file
   (plain-file "dkimproxy_out.conf" "
 # specify what address/port DKIMproxy should listen on
 listen    127.0.0.1:10027
 # specify what address/port DKIMproxy forwards mail to
 relay     127.0.0.1:10028
 # specify what domains DKIMproxy can sign for (comma-separated, no spaces)
 domain    mail.example.com
 # specify what signatures to add
 signature dkim(c=relaxed)
 signature domainkeys(c=nofws)
 # specify location of the private key
 # It can be generated with for instance:
 # mkdir /etc/mail/dkim
 # openssl genrsa -out /etc/mail/dkim/private.key 1024
 # openssl rsa -in /etc/mail/dkim/private.key -pubout -out /etc/mail/dkim/public.key
 keyfile   /etc/mail/dkim/private.key
 # specify the selector (i.e. the name of the key record put in DNS)
 selector  selector1
 "))
 (define (generate-map-file config filename)
   (apply plain-file filename
          (map (lambda (config)
                 (match config
                   ((selector (config ...))
                    (string-append
                      selector " "
                      (string-join
                        (map generate-dkimproxy-out-signature-configuration config)
                        "\n")))
                   ((selector config)
                    (string-append
                      selector " "
                      (generate-dkimproxy-out-signature-configuration config)))))
               config)))
 (define dkimproxy-out-shepherd-service
   (match-lambda
     (($ <dkimproxy-out-configuration> package config-file)
     (($ <dkimproxy-out-configuration> package listen relay list-id-map sender-map
         reject-error? config-file)
      (list (shepherd-service
              (provision '(dkimproxy-out))
              (requirement '(loopback))
              (documentation "Outbound DKIM proxy.")
              (start (let ((proxy (file-append package "/bin/dkimproxy.out")))
                       #~(make-forkexec-constructor
                           (list #$proxy (string-append "--conf_file=" #$config-file)
                                 "--pidfile=/var/run/dkimproxy.out.pid"
                                 "--user=dkimproxy" "--group=dkimproxy")
                           #:pid-file "/var/run/dkimproxy.out.pid")))
                       (if config-file
                         #~(make-forkexec-constructor
                             (list #$proxy (string-append "--conf_file=" #$config-file)
                                   "--pidfile=/var/run/dkimproxy.out.pid"
                                   "--user=dkimproxy" "--group=dkimproxy")
                             #:pid-file "/var/run/dkimproxy.out.pid")
                         (let* ((first-signature (match sender-map
                                                  (((sender (signature _ ...)) _ ...)
                                                    signature)
                                                  (((sender signature) _ ...)
                                                    signature)))
                                (domains
                                  (apply append
                                    (map
                                      (lambda (sender)
                                        (match sender
                                          (((domains ...) config)
                                           domains)
                                          ((domain config)
                                           domain)))
                                      sender-map)))
                                (sender-map (generate-map-file sender-map
                                                               "sender.map"))
                                (listid-map
                                  (if (null? list-id-map)
                                      #f
                                      (generate-map-file list-id-map "listid.map")))
                                (keyfile
                                  (dkimproxy-out-signature-configuration-key
                                    first-signature))
                                (selector
                                  (dkimproxy-out-signature-configuration-selector
                                    first-signature))
                                (method
                                  (dkimproxy-out-signature-configuration-method
                                    first-signature))
                                (signature
                                  (match (dkimproxy-out-signature-configuration-type
                                           first-signature)
 				   ('dkim "dkim")
 				   ('domainkeys "domainkeys"))))
                           #~(make-forkexec-constructor
                               `(,#$proxy "--pidfile=/var/run/dkimproxy.out.pid"
                                 "--user=dkimproxy" "--group=dkimproxy"
                                 ,(string-append "--listen=" #$listen)
                                 ,(string-append "--relay=" #$relay)
                                 ,(string-append "--sender_map=" #$sender-map)
                                 ,@(if #$listid-map
                                     (list
                                       (string-append "--listid_map=" #$listid-map))
                                     '())
                                 ,(string-append "--domain=" #$domains)
                                 ,(string-append "--keyfile=" #$keyfile)
                                 ,(string-append "--selector=" #$selector)
                                 ,@(if #$method
                                       (list
                                         (string-append "--method=" #$method))
                                       '())
                                 ,@(if #$reject-error?
                                       '("--reject_error")
                                       '())
                                 ,@(if #$signature
                                       (list
                                         (string-append "--signature=" #$signature))
                                       '())))))))
              (stop #~(make-kill-destructor)))))))
 (define %dkimproxy-accounts