From d62c0a32ec31e0a970382e2a306e1b3d07fb33af Mon Sep 17 00:00:00 2001
From: Kaare Hoff Skovgaard <kaare@kaareskovgaard.net>
Date: Tue, 29 Jul 2025 11:55:55 +0200
Subject: [PATCH] Fix some postfix startup issues after reboot

And enable ARC signing of emails
---
 .../nixos/infrastructure/mailserver/dkim.nix  | 14 +++++++----
 .../nixos/infrastructure/mailserver/ldap.nix  | 23 ++++++++++++-------
 2 files changed, 24 insertions(+), 13 deletions(-)

diff --git a/nix/modules/nixos/infrastructure/mailserver/dkim.nix b/nix/modules/nixos/infrastructure/mailserver/dkim.nix
index 1d1834c..2bef981 100644
--- a/nix/modules/nixos/infrastructure/mailserver/dkim.nix
+++ b/nix/modules/nixos/infrastructure/mailserver/dkim.nix
@@ -170,6 +170,15 @@ in
         }
       '';
     };
+    services.rspamd.locals."arc.conf" = lib.mkForce {
+      text = ''
+        enabled = true;
+        allow_username_mismatch = true;
+        domain {
+          ${lib.strings.concatStringsSep "\n " (lib.lists.map dkimSigningForDomain cfg.domains)}
+        }
+      '';
+    };
     services.postfix.config = {
       # Need to include this as I disabled the in built support for dkim signing
       # without this postfix won't forward the mails to rspamd to be signed.
@@ -183,10 +192,5 @@ in
         ReadOnlyPaths = domainKeyPaths;
       };
     };
-    systemd.services.postfix = {
-      unitConfig = {
-        ConditionPathExists = domainKeyPaths;
-      };
-    };
   };
 }
diff --git a/nix/modules/nixos/infrastructure/mailserver/ldap.nix b/nix/modules/nixos/infrastructure/mailserver/ldap.nix
index aa7d802..8699fbc 100644
--- a/nix/modules/nixos/infrastructure/mailserver/ldap.nix
+++ b/nix/modules/nixos/infrastructure/mailserver/ldap.nix
@@ -40,17 +40,24 @@ in
         uidAttribute = "uid";
       };
     };
-    systemd.services.dovecot2 = {
-      unitConfig = {
-        ConditionPathExists = [ secretFile ];
+    systemd.services = {
+      dovecot2 = {
+        unitConfig = {
+          ConditionPathExists = [ secretFile ];
+        };
+      };
+      postfix = {
+        unitConfig = {
+          ConditionPathExists = [ secretFile ];
+        };
+      };
+      postfix-setup = {
+        unitConfig = {
+          ConditionPathExists = [ secretFile ];
+        };
       };
     };
 
-    systemd.services.postfix = {
-      unitConfig = {
-        ConditionPathExists = [ secretFile ];
-      };
-    };
     khscodes.services.vault-agent.templates = [
       {
         contents = ''