]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/mermet/rspamd/autogeree.net.nix
creds: avoid restarts by not using inputs.self
[sourcephile-nix.git] / hosts / mermet / rspamd / autogeree.net.nix
1 { config, inputs, hostName, ... }:
2 let
3 inherit (config.services) rspamd;
4 domain = "autogeree.net";
5 selector = "20200101";
6 in
7 {
8 services.rspamd.dkimSelectorMap = ''
9 ${domain} ${selector}
10 '';
11 # rspamadm dkim_keygen -d autogeree.net -s 20200101 -b 4096 -t rsa -k /proc/self/fd/3 3>&1 >>hosts/mermet/rspamd/autogeree.net.nix |
12 # pass insert -m hosts/mermet/rspamd/dkim/autogeree.net/20200101.key
13 services.knot.zones."${domain}".data = ''
14 20200101._domainkey IN TXT ( "v=DKIM1; k=rsa; "
15 "p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAk15FhAquBY4pcb6HsCqyxK6Sm9AnScsyw7yAOPGQc+26mUKUYTBwywsjAR0zG58tZaCVXZ5EzaRAK/MsKShZ5kwGLzyZoBkexjepcJkP0DuB6WhBQeLhLvdXQVeBuosbqnklW7UHJw0EkNMbThxUrpjwd6P6tmLCFI9pNl2LC3VxfPNu7o8EVgHcuHm4+UCFRUAeHisWasEtD0kVj"
16 "vDOoFvLEJ/KNI7jBZYFd8Q6dDL8NF28A3LUpKm/Fk73aW7cLAeigT6wiyuW94gIdU4Co0mXLVbakgiofYNC32L4FsbgFw+UN0XuBJwMZQskD6AkQHhZ0T7wYXCAcPGrbjmrqtPfV9YZSOB6lob3EMcPuZgpikWiT1bgsR7LBAA5KsZpRpuWjnpH4fgay3biEc2kXBvvzh4baozJvhF32vV9bSVc5z0jR9rZjR/qgJKSce8xQa0RfbZLJsVI9TgJ"
17 "+hH+Mr/4V1wnKtdosk/7+3VIQ6clTIfWhD6PlnWd78Uo5lfWnYxTem7EMc2q7j6tzGwj+Q+b4Li9fdhLqxGuD0V64/nVZit90b0HyfiV5srln2lK6Hczrwqr0gOEBGQ4YeLjOF6ldaV01mFWR9ddr9a5/gVCqw8vw7vhqXvU7yK8VHW2rdsvkNZ0bDOa66MCveD7pH2vyljrfZq9k0T/NLHrsu8CAwEAAQ=="
18 )
19 '';
20 systemd.services.rspamd.serviceConfig = {
21 LoadCredentialEncrypted = [
22 "${domain}.${selector}.key:${./. + "/${domain}/${selector}.dkim.key.cred"}"
23 ];
24 };
25 }