by Joshua Branson — November 01, 2021
The main thing that I have been working on this month is an
opensmtpd-service
that uses (guix records)
. The code is here.
It has been a real pleasure creating the various records to turn this:
(service opensmtpd-service-type
(opensmtpd-configuration
(queue
(opensmtpd-queue-configuration
(compression #t)))
(smtp
(opensmtpd-smtp-configuration
(max-message-size "10M")))
(srs
(opensmtpd-srs-configuration
(ttl-delay "5d")))
(pkis (list
(opensmtpd-pki
(domain "smtpd.gnucode.me")
(cert "/etc/letsencrypt/live/gnucode.me/fullchain.pem")
(key "/etc/letsencrypt/live/gnucode.me/privkey.pem"))))
(tables (list
(opensmtpd-table
(name "aliases")
(values
(list
(cons "webmaster" "root")
(cons "postmaster" "root")
(cons "abuse" "root"))))
(opensmtpd-table
(name "creds")
(values
(list
(cons "joshua"
"$6$Ec4m8FgKjT2F/03Y$k66ABdse9TzCX6qaALB3WBL9GC1rmAWJmaoSjFMpbhzat7DOpFqpnOwpbZ34wwsQYIK8RQlqwM1I/v6vsRq86."))))
(opensmtpd-table
(name "vdoms")
(values (list "gnucode.me"
"gnu-hurd.com")))
(opensmtpd-table
(name "vusers")
(values (list (cons "joshua@gnucode.me" "joshua")
(cons "jbranso@gnucode.me" "joshua")
(cons "postmaster@gnucode.me" "joshua"))))))
(listen-ons
(list
;; this forum help suggests that I listen on 0.0.0.0 and NOT eth0
;; https://serverfault.com/questions/726795/opensmtpd-wont-work-at-reboot
;; this listens for email from the outside world
(opensmtpd-listen-on
(interface "eth0")
(port 25)
(secure-connection "tls")
(pki "smtp.gnucode.me"))
;; this lets local users logged into the system via ssh send email
(opensmtpd-listen-on
(interface "lo")
(port 25)
(secure-connection "tls")
(pki "smtp.gnucode.me"))
(opensmtpd-listen-on
(interface "eth0")
(port 465)
(secure-connection "smtps")
(pki "smtp.gnucode.me")
(auth "<creds>"))
(opensmtpd-listen-on
(interface "eth0")
(port 587)
(secure-connection "tls-require")
(pki "smtp.gnucode.me")
(auth "<creds>"))
))
(actions
(list
(opensmtpd-action
(name "receive")
(method
(opensmtpd-local-delivery-configuration
(method (opensmtpd-maildir-configuration
(pathname "/home/%{rcpt.user}/Maildir")
(junk #t)))
(virtual "vusers"))))
(opensmtpd-action
(name "send")
(method (opensmtpd-relay-configuration)))))
(matches (list
(opensmtpd-match
(name "send")
(for "for any")
(from "from any")
(auth "auth"))
(opensmtpd-match
(name "receive")
(from "from any")
(for "for domain <vdoms>"))
(opensmtpd-match
(name "receive")
(for "for local"))))
(filter-chains
(list
(opensmtpd-filter-chain
(name "dropDumbEmails")
(filter-names (list "nofcrdnsDisconnect"
"nordnsDisconnect")))))
(filter-phases
(list (opensmtpd-filter-phase
(name "nofcrdnsDisconnect")
(phase-name "connect")
(conditions (list "!fcrdns"))
(decision "disconnect")
(message "You have not set up forward confirmed DNS."))
(opensmtpd-filter-phase
(name "nordnsDisconnect")
(phase-name "connect")
(conditions (list "!rdns"))
(decision "reject")
(message "You have not set up reverse DNS."))))))
into this:
smtp max-message-size 10M
srs ttl 5d
queue compression
table aliases { "webmaster" = "root", "postmaster" = "root", "abuse" = "root" }
table creds { "joshua" = "$6$Ec4m8FgKjT2F/03Y$k66ABdse9TzCX6qaALB3WBL9GC1rmAWJmaoSjFMpbhzat7DOpFqpnOwpbZ34wwsQYIK8RQlqwM1I/v6vsRq86." }
table vdoms { "gnucode.me", "gnu-hurd.com" }
table vusers { "joshua@gnucode.me" = "joshua", "jbranso@gnucode.me" = "joshua", "postmaster@gnucode.me" = "joshua" }
pki smtpd.gnucode.me cert "/etc/letsencrypt/live/gnucode.me/fullchain.pem"
pki smtpd.gnucode.me key "/etc/letsencrypt/live/gnucode.me/privkey.pem"
filter "nofcrdnsDisconnect" phase connect match !fcrdns disconnect "You have not set up forward confirmed DNS."
filter "nordnsDisconnect" phase connect match !rdns reject "You have not set up reverse DNS."
filter "dropDumbEmails" chain {nofcrdnsDisconnect, nordnsDisconnect}
listen on eth0 tls port 25 pki smtp.gnucode.me
listen on lo tls port 25 pki smtp.gnucode.me
listen on eth0 smtps port 465 pki smtp.gnucode.me auth <<creds>>
listen on eth0 tls-require port 587 pki smtp.gnucode.me auth <<creds>>
action "receive" maildir "/home/%{rcpt.user}/Maildir" junk
action "send" relay
match from any for any auth tls action "send"
match from any for domain <vdoms> tls action "receive"
match for local tls action "receive"
Looking at it now, one might almost prefer just to use the opensmtpd configuration syntax. Still it is nice to be able to use a schemey syntax and translate in into something that opensmtpd can parse. Perhaps someone could potentially configure a webserver via something like this:
(service email-service-type
(email-service-configuration
(domains (list "gnucode.me"
"gnu-hurd.com"))
(use-letsencrypt-certs #t)))
Perhaps the above would set up a DNS server at smtp.domain.name. And serve the emails via dovecot. Though that would be a task for someone else.
Future work for my opensmtpd-service via (guix records)
includes
writing figure out how to let opensmtpd-filter-proc-exec
accept a
list of strings and gexps. I currently could use my opensmtpd-service
for my linode server via the includes
directive, but I'd rather use
the opensmtpd-filter-proc-exec
. My current opensmtpd configuration
can be found
here.
If you can think of anyway that I can improve the code, please reach
out: jbranso AT dismail DOT de.
I made a cookbook submission about auto logging into tty3
http://issues.guix.gnu.org/48974#13
This was a while ago, but I did write an entry in the cookbook about how to autologin to a specific tty. So if you want to learn how to auto login to sway via guix system, this is part of that solution.
I am now hosting an xmpp account on gnucode.me.
My jmp.chat account delivers SMS text messages to my XMPP account at via dismail.de. Perhaps one day soon, I'll be able to host my own chats via gnucode.me. That would be pretty awesome!
Guix's official libreboot cookbook guide
I also need to finish Raghav's libreboot cookbook guide for inclusion to the guix cookbook.