From 1730fc8bd5e87ea5a7b0f44db3ad283e228db368 Mon Sep 17 00:00:00 2001
From: niten <niten@fudo.org>
Date: Sun, 24 Sep 2023 12:07:48 -0700
Subject: [PATCH] Make option for dkim key bits

---
 dkim.nix | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/dkim.nix b/dkim.nix
index fb4e4f9..f549bc0 100644
--- a/dkim.nix
+++ b/dkim.nix
@@ -49,6 +49,19 @@ in {
       default = "mail";
     };
 
+    key-bits = mkOption {
+      type = int;
+      description = ''
+        How many bits in generated DKIM keys. RFC6376 advises minimum 1024-bit keys.
+
+        If you have already deployed a key with a different number of bits than specified
+        here, then you should use a different selector (dkimSelector). In order to get
+        this package to generate a key with the new number of bits, you will either have to
+        change the selector or delete the old key file.
+      '';
+      default = 2048;
+    };
+
     port = mkOption {
       type = port;
       description = "Port at which to listen for incoming signing requests.";