]> Git — Sourcephile - sourcephile-nix.git/blob - servers/mermet/rspamd/autogeree.net.nix
direnv: use flock
[sourcephile-nix.git] / servers / mermet / rspamd / autogeree.net.nix
1 { pkgs, lib, config, ... }:
2 let
3 inherit (builtins.extraBuiltins) pass;
4 inherit (config.services) rspamd;
5 domain = "autogeree.net";
6 selector = "20200101";
7 in
8 {
9 deployment.keys."dkim.${domain}.${selector}.key" = {
10 text = pass "dkim/${domain}/${selector}.key";
11 user = rspamd.user;
12 group = "root";
13 destDir = "/run/keys/";
14 permissions = "0400";
15 };
16 systemd.services.rspamd.after =
17 [ "dkim.${domain}.${selector}.key-key.service" ];
18 services.rspamd.dkimSelectorMap = ''
19 ${domain} ${selector}
20 '';
21 # rspamadm dkim_keygen -d autogeree.net -s 20200101 -b 4096 -t rsa -k /proc/self/fd/3 3>&1 >>servers/mermet/rspamd/autogeree.net.nix |
22 # pass insert -m dkim/autogeree.net/20200101.key
23 services.nsd.zones."${domain}".data = ''
24 20200101._domainkey IN TXT ( "v=DKIM1; k=rsa; "
25 "p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAk15FhAquBY4pcb6HsCqyxK6Sm9AnScsyw7yAOPGQc+26mUKUYTBwywsjAR0zG58tZaCVXZ5EzaRAK/MsKShZ5kwGLzyZoBkexjepcJkP0DuB6WhBQeLhLvdXQVeBuosbqnklW7UHJw0EkNMbThxUrpjwd6P6tmLCFI9pNl2LC3VxfPNu7o8EVgHcuHm4+UCFRUAeHisWasEtD0kVj"
26 "vDOoFvLEJ/KNI7jBZYFd8Q6dDL8NF28A3LUpKm/Fk73aW7cLAeigT6wiyuW94gIdU4Co0mXLVbakgiofYNC32L4FsbgFw+UN0XuBJwMZQskD6AkQHhZ0T7wYXCAcPGrbjmrqtPfV9YZSOB6lob3EMcPuZgpikWiT1bgsR7LBAA5KsZpRpuWjnpH4fgay3biEc2kXBvvzh4baozJvhF32vV9bSVc5z0jR9rZjR/qgJKSce8xQa0RfbZLJsVI9TgJ"
27 "+hH+Mr/4V1wnKtdosk/7+3VIQ6clTIfWhD6PlnWd78Uo5lfWnYxTem7EMc2q7j6tzGwj+Q+b4Li9fdhLqxGuD0V64/nVZit90b0HyfiV5srln2lK6Hczrwqr0gOEBGQ4YeLjOF6ldaV01mFWR9ddr9a5/gVCqw8vw7vhqXvU7yK8VHW2rdsvkNZ0bDOa66MCveD7pH2vyljrfZq9k0T/NLHrsu8CAwEAAQ=="
28 )
29 '';
30 }