public
/
mail-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Define key tables

This commit is contained in:
niten 2023-09-24 11:00:56 -07:00
parent 8b87a338e3
commit 8adf30eb96
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
dkim.nix
View File

@ -20,8 +20,8 @@ let
fi fi
''; '';
ensureAllDkimCerts = keyDir: ensureAllDkimCerts = keyDir: domains:
domains concatStringsSep "\n" (map (ensureDomainDkimCert keyDir) domains); concatStringsSep "\n" (map (ensureDomainDkimCert keyDir) domains);
makeKeyTable = keyDir: domains: makeKeyTable = keyDir: domains:
pkgs.writeText "opendkim-key-table" (concatStringsSep "\n" pkgs.writeText "opendkim-key-table" (concatStringsSep "\n"
@ -73,6 +73,8 @@ in {
SyslogSuccess yes SyslogSuccess yes
LogWhy yes LogWhy yes
''; '';
keyTable = makeKeyTable cfg.state-directory cfg.domains;
signingTable = makeSigningTable cfg.domains;
in pkgs.writeText "opendkim.conf" '' in pkgs.writeText "opendkim.conf" ''
Canonicalization relaxed/simple Canonicalization relaxed/simple
Socket inet:${toString cfg.port} Socket inet:${toString cfg.port}
@ -88,7 +90,11 @@ in {
group = config.services.opendkim.group; group = config.services.opendkim.group;
in [ "d ${cfg.state-directory} 0700 ${user} ${group} - -" ]; in [ "d ${cfg.state-directory} 0700 ${user} ${group} - -" ];
services.opendkim = { services.opendkim = {
serviceConfig.ReadWritePaths = [ cfg.state-directory ]; serviceConfig = {
ExecStartPre = pkgs.writeShellScript "ensure-dkim-certs.sh"
(ensureAllDkimCerts cfg.state-directory cfg.domains);
ReadWritePaths = [ cfg.state-directory ];
};
}; };
}; };
}; };