(define-module (vkraus modules mail)
  #:use-module (gnu services)
  #:use-module (gnu services mail)
  #:use-module (guix gexp)
  #:use-module (guix modules)
  #:use-module (guix records)
  #:use-module (ice-9 match)
  #:use-module (ice-9 optargs))

(define-public (make-smtp-service domain)
  (let ((cfg
	 (mixed-text-file "opensmtpd-configuration"
			  "
table aliases file:/etc/aliases
table blacklist file:" (plain-file "blacklist" "@toto.com") "

pki " domain " cert \"/etc/letsencrypt/live/" domain "/fullchain.pem\"
pki " domain " key \"/etc/letsencrypt/live/" domain "/privkey.pem\"

include \"/etc/smtpd/srs.conf\"

listen on 0.0.0.0 port 25 tls pki " domain "
listen on :: port 25 tls pki " domain "
listen on 0.0.0.0 port 587 tls-require pki " domain " mask-src auth
listen on :: port 587 tls-require pki " domain " mask-src auth
listen on 0.0.0.0 port 465 smtps pki " domain " mask-src auth
listen on :: port 465 smtps pki " domain " mask-src auth
listen on socket mask-src
listen on 127.0.0.1 port 10028 tag DKIM_SIGNED
listen on :: port 10028 tag DKIM_SIGNED

action receive maildir alias <aliases>
action send relay helo " domain " srs
action sign relay host smtp://localhost:11333

match tag DKIM_SIGNED for any action send
match !from auth mail-from \"@" domain "\" for any reject
match from any mail-from <blacklist> reject
match from any for domain \"" domain "\" action receive
match from auth for local action receive
match from auth for any action sign
")))
    (service opensmtpd-service-type
	     (opensmtpd-configuration
	      (config-file cfg)))))