machines/mermet/rspamd/autogeree.net.nix

   1 { pkgs, lib, config, ... }:
   2 let
   3   inherit (config.security) gnupg;
   4   inherit (config.services) rspamd;
   5   domain = "autogeree.net";
   6   selector = "20200101";
   7 in
   8 {
   9 services.rspamd.dkimSelectorMap = ''
  10   ${domain} ${selector}
  11 '';
  12 # rspamadm dkim_keygen -d autogeree.net -s 20200101 -b 4096 -t rsa -k /proc/self/fd/3 3>&1 >>machines/mermet/rspamd/autogeree.net.nix |
  13 # pass insert -m machines/mermet/rspamd/dkim/autogeree.net/20200101.key
  14 services.knot.zones."${domain}".data = ''
  15   20200101._domainkey IN TXT ( "v=DKIM1; k=rsa; "
  16     "p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAk15FhAquBY4pcb6HsCqyxK6Sm9AnScsyw7yAOPGQc+26mUKUYTBwywsjAR0zG58tZaCVXZ5EzaRAK/MsKShZ5kwGLzyZoBkexjepcJkP0DuB6WhBQeLhLvdXQVeBuosbqnklW7UHJw0EkNMbThxUrpjwd6P6tmLCFI9pNl2LC3VxfPNu7o8EVgHcuHm4+UCFRUAeHisWasEtD0kVj"
  17     "vDOoFvLEJ/KNI7jBZYFd8Q6dDL8NF28A3LUpKm/Fk73aW7cLAeigT6wiyuW94gIdU4Co0mXLVbakgiofYNC32L4FsbgFw+UN0XuBJwMZQskD6AkQHhZ0T7wYXCAcPGrbjmrqtPfV9YZSOB6lob3EMcPuZgpikWiT1bgsR7LBAA5KsZpRpuWjnpH4fgay3biEc2kXBvvzh4baozJvhF32vV9bSVc5z0jR9rZjR/qgJKSce8xQa0RfbZLJsVI9TgJ"
  18     "+hH+Mr/4V1wnKtdosk/7+3VIQ6clTIfWhD6PlnWd78Uo5lfWnYxTem7EMc2q7j6tzGwj+Q+b4Li9fdhLqxGuD0V64/nVZit90b0HyfiV5srln2lK6Hczrwqr0gOEBGQ4YeLjOF6ldaV01mFWR9ddr9a5/gVCqw8vw7vhqXvU7yK8VHW2rdsvkNZ0bDOa66MCveD7pH2vyljrfZq9k0T/NLHrsu8CAwEAAQ=="
  19   )
  20 '';
  21 security.gnupg.secrets."rspamd/dkim/${domain}/${selector}.key" = {
  22   user = rspamd.user;
  23   systemdConfig.postStart = "systemctl try-restart --no-block rspamd";
  24 };
  25 systemd.services.rspamd = {
  26   wants = [ gnupg.secrets."rspamd/dkim/${domain}/${selector}.key".service ];
  27   after = [ gnupg.secrets."rspamd/dkim/${domain}/${selector}.key".service ];
  28 };
  29 }