{ domain, ... }: { pkgs, lib, config, ... }: let inherit (config.security) pass; inherit (config.services) rspamd; selector = "20200101"; in { services.rspamd.dkimSelectorMap = '' mermet ${selector} ${domain} ${selector} ''; # rspamadm dkim_keygen -d sourcephile.fr -s 20200101 -b 4096 -t rsa -k /proc/self/fd/3 3>&1 >>machines/mermet/rspamd/sourcephile.fr.nix | # pass insert -m machines/mermet/rspamd/dkim/sourcephile.fr/20200101.key services.knot.zones."${domain}".data = '' 20200101._domainkey IN TXT ( "v=DKIM1; k=rsa; " "p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA7EKzverbG+5JF+yFjH3MrxLyauiHyLqBbV/8LEMunoKXF8sqhBpQtAQXruLqsyUkxR/4CAyPMyzmcdrU43boMj9yFqLrg/kEz2RIvai9jXBqRoWRW1y7F0LbZmdtOTncuDSP8Zzo02XUzsOC4f/C3tEQHS5rc" "hzfhU5FY1CeO6eBMV79qKBOvGMKahQTrrtU6olAAJxOhn6wRuwSf" "+m3on1OqiuXYYIgNHKdRhJ8gDwIm/3LEpYMD0gTgJiyclCLoLGHGtKZy1Wf9xV9/7V6fHE4JW5SDivwslVTL+KPXOlIpo5NDHpMxPYOcIg2K4Rj/j7jhavo+fG43q1LhwaPkEMQMbplgnjeMY8300odRiklTkMMpH0m35ZNeHQJSRpEtV8y5xUNxVaGzfqX5iStwV/mQ1Kn" "ZSe8ORTNq+eTTFnDk6zdUXjagcf0wO6QsSTeAz/G8CqOBbwmrU+q" "F8WbGAeRnhz51mH6fTTfsQ1nwjAiF4ou+eQGTkTMN23KkCKpuozJnxqx4DCEr6J1bL83fhXw7CgcfgKgTOk/HFJpeiGhqodw18r4DWBA6G57z9utm7Mr/9SoVnMq6iK9iEcbCllLR8Sz4viatLSRzhodbk7hfvXS3jmCFjILAjFmA7aMTemDMBDQhpAGF9F8sjFUbEJIZjK" "rWWtSTdO8DilDqN8CAwEAAQ==" ) ''; security.pass.secrets."rspamd/dkim/${domain}/${selector}.key" = { user = rspamd.user; postStart = "systemctl try-restart --no-block rspamd"; }; systemd.services.rspamd = { after = [ pass.secrets."rspamd/dkim/${domain}/${selector}.key".service ]; wants = [ pass.secrets."rspamd/dkim/${domain}/${selector}.key".service ]; }; }