{ pkgs, lib, config, ... }:
let
  inherit (config.security) gnupg;
  inherit (config.services) rspamd;
  domain = "autogeree.net";
  selector = "20200101";
in
{
services.rspamd.dkimSelectorMap = ''
  ${domain} ${selector}
'';
# rspamadm dkim_keygen -d autogeree.net -s 20200101 -b 4096 -t rsa -k /proc/self/fd/3 3>&1 >>hosts/mermet/rspamd/autogeree.net.nix |
# pass insert -m hosts/mermet/rspamd/dkim/autogeree.net/20200101.key
services.knot.zones."${domain}".data = ''
  20200101._domainkey IN TXT ( "v=DKIM1; k=rsa; "
    "p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAk15FhAquBY4pcb6HsCqyxK6Sm9AnScsyw7yAOPGQc+26mUKUYTBwywsjAR0zG58tZaCVXZ5EzaRAK/MsKShZ5kwGLzyZoBkexjepcJkP0DuB6WhBQeLhLvdXQVeBuosbqnklW7UHJw0EkNMbThxUrpjwd6P6tmLCFI9pNl2LC3VxfPNu7o8EVgHcuHm4+UCFRUAeHisWasEtD0kVj"
    "vDOoFvLEJ/KNI7jBZYFd8Q6dDL8NF28A3LUpKm/Fk73aW7cLAeigT6wiyuW94gIdU4Co0mXLVbakgiofYNC32L4FsbgFw+UN0XuBJwMZQskD6AkQHhZ0T7wYXCAcPGrbjmrqtPfV9YZSOB6lob3EMcPuZgpikWiT1bgsR7LBAA5KsZpRpuWjnpH4fgay3biEc2kXBvvzh4baozJvhF32vV9bSVc5z0jR9rZjR/qgJKSce8xQa0RfbZLJsVI9TgJ"
    "+hH+Mr/4V1wnKtdosk/7+3VIQ6clTIfWhD6PlnWd78Uo5lfWnYxTem7EMc2q7j6tzGwj+Q+b4Li9fdhLqxGuD0V64/nVZit90b0HyfiV5srln2lK6Hczrwqr0gOEBGQ4YeLjOF6ldaV01mFWR9ddr9a5/gVCqw8vw7vhqXvU7yK8VHW2rdsvkNZ0bDOa66MCveD7pH2vyljrfZq9k0T/NLHrsu8CAwEAAQ=="
  )
'';
security.gnupg.secrets."rspamd/dkim/${domain}/${selector}.key" = {
  user = rspamd.user;
  systemdConfig.postStart = "systemctl try-restart --no-block rspamd";
};
systemd.services.rspamd = {
  wants = [ gnupg.secrets."rspamd/dkim/${domain}/${selector}.key".service ];
  after = [ gnupg.secrets."rspamd/dkim/${domain}/${selector}.key".service ];
};
}