Make sure dkim has access to key path

2023-07-30 09:17:16 -07:00 · 2023-07-30 09:17:16 -07:00 · cb039ceabd
parent 8b3f771c23
commit cb039ceabd
1 changed files with 12 additions and 10 deletions
--- a/lib/fudo/mail/dkim.nix
+++ b/lib/fudo/mail/dkim.nix
@ -99,17 +99,19 @@ in {
      };
    };

-    systemd.services.opendkim = {
-      preStart = lib.mkForce createAllCerts;
-      serviceConfig = {
-        ExecStart = lib.mkForce
-          "${cfg.dkim.package}/bin/opendkim ${escapeShellArgs args}";
-        PermissionsStartOnly = lib.mkForce false;
+    systemd = {
+      tmpfiles.rules = [
+        "d '${cfg.dkim.key-directory}' - ${config.services.opendkim.user} ${config.services.opendkim.group} - -"
+      ];
+      services.opendkim = {
+        preStart = lib.mkForce createAllCerts;
+        serviceConfig = {
+          ExecStart = lib.mkForce
+            "${cfg.dkim.package}/bin/opendkim ${escapeShellArgs args}";
+          PermissionsStartOnly = lib.mkForce false;
+          ReadWritePaths = [ cfg.dkim.key-directory ];
+        };
      };
    };
-
-    systemd.tmpfiles.rules = [
-      "d '${cfg.dkim.key-directory}' - ${config.services.opendkim.user} ${config.services.opendkim.group} - -"
-    ];
  };
 }