-{ pkgs, lib, config, ... }:
+{ config, inputs, hostName, ... }:
let
- inherit (config.security) gnupg;
inherit (config.services) rspamd;
domain = "sourcephile.fr";
selector = "20200101";
in
{
-services.rspamd.dkimSelectorMap = ''
- mermet ${selector}
- ${domain} ${selector}
-'';
-# rspamadm dkim_keygen -d sourcephile.fr -s 20200101 -b 4096 -t rsa -k /proc/self/fd/3 3>&1 >>hosts/mermet/rspamd/sourcephile.fr.nix |
-# pass insert -m hosts/mermet/rspamd/dkim/sourcephile.fr/20200101.key
-services.knot.zones."${domain}".data = ''
- 20200101._domainkey IN TXT ( "v=DKIM1; k=rsa; "
- "p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA7EKzverbG+5JF+yFjH3MrxLyauiHyLqBbV/8LEMunoKXF8sqhBpQtAQXruLqsyUkxR/4CAyPMyzmcdrU43boMj9yFqLrg/kEz2RIvai9jXBqRoWRW1y7F0LbZmdtOTncuDSP8Zzo02XUzsOC4f/C3tEQHS5rc"
- "hzfhU5FY1CeO6eBMV79qKBOvGMKahQTrrtU6olAAJxOhn6wRuwSf"
- "+m3on1OqiuXYYIgNHKdRhJ8gDwIm/3LEpYMD0gTgJiyclCLoLGHGtKZy1Wf9xV9/7V6fHE4JW5SDivwslVTL+KPXOlIpo5NDHpMxPYOcIg2K4Rj/j7jhavo+fG43q1LhwaPkEMQMbplgnjeMY8300odRiklTkMMpH0m35ZNeHQJSRpEtV8y5xUNxVaGzfqX5iStwV/mQ1Kn"
- "ZSe8ORTNq+eTTFnDk6zdUXjagcf0wO6QsSTeAz/G8CqOBbwmrU+q"
- "F8WbGAeRnhz51mH6fTTfsQ1nwjAiF4ou+eQGTkTMN23KkCKpuozJnxqx4DCEr6J1bL83fhXw7CgcfgKgTOk/HFJpeiGhqodw18r4DWBA6G57z9utm7Mr/9SoVnMq6iK9iEcbCllLR8Sz4viatLSRzhodbk7hfvXS3jmCFjILAjFmA7aMTemDMBDQhpAGF9F8sjFUbEJIZjK"
- "rWWtSTdO8DilDqN8CAwEAAQ=="
- )
-'';
-security.gnupg.secrets."rspamd/dkim/${domain}/${selector}.key" = {
- user = rspamd.user;
- systemdConfig.postStart = "systemctl try-restart --no-block rspamd";
-};
-systemd.services.rspamd = {
- after = [ gnupg.secrets."rspamd/dkim/${domain}/${selector}.key".service ];
- wants = [ gnupg.secrets."rspamd/dkim/${domain}/${selector}.key".service ];
-};
+ services.rspamd.dkimSelectorMap = ''
+ mermet ${selector}
+ ${domain} ${selector}
+ '';
+ # rspamadm dkim_keygen -d sourcephile.fr -s 20200101 -b 4096 -t rsa -k /proc/self/fd/3 3>&1 >>hosts/mermet/rspamd/sourcephile.fr.nix |
+ # pass insert -m hosts/mermet/rspamd/dkim/sourcephile.fr/20200101.key
+ services.knot.zones."${domain}".data = ''
+ 20200101._domainkey IN TXT ( "v=DKIM1; k=rsa; "
+ "p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA7EKzverbG+5JF+yFjH3MrxLyauiHyLqBbV/8LEMunoKXF8sqhBpQtAQXruLqsyUkxR/4CAyPMyzmcdrU43boMj9yFqLrg/kEz2RIvai9jXBqRoWRW1y7F0LbZmdtOTncuDSP8Zzo02XUzsOC4f/C3tEQHS5rc"
+ "hzfhU5FY1CeO6eBMV79qKBOvGMKahQTrrtU6olAAJxOhn6wRuwSf"
+ "+m3on1OqiuXYYIgNHKdRhJ8gDwIm/3LEpYMD0gTgJiyclCLoLGHGtKZy1Wf9xV9/7V6fHE4JW5SDivwslVTL+KPXOlIpo5NDHpMxPYOcIg2K4Rj/j7jhavo+fG43q1LhwaPkEMQMbplgnjeMY8300odRiklTkMMpH0m35ZNeHQJSRpEtV8y5xUNxVaGzfqX5iStwV/mQ1Kn"
+ "ZSe8ORTNq+eTTFnDk6zdUXjagcf0wO6QsSTeAz/G8CqOBbwmrU+q"
+ "F8WbGAeRnhz51mH6fTTfsQ1nwjAiF4ou+eQGTkTMN23KkCKpuozJnxqx4DCEr6J1bL83fhXw7CgcfgKgTOk/HFJpeiGhqodw18r4DWBA6G57z9utm7Mr/9SoVnMq6iK9iEcbCllLR8Sz4viatLSRzhodbk7hfvXS3jmCFjILAjFmA7aMTemDMBDQhpAGF9F8sjFUbEJIZjK"
+ "rWWtSTdO8DilDqN8CAwEAAQ=="
+ )
+ '';
+ systemd.services.rspamd.serviceConfig = {
+ LoadCredentialEncrypted = [
+ "${domain}.${selector}.key:${./. + "/${domain}/${selector}.dkim.key.cred"}"
+ ];
+ };
}
sourcephile / git / sourcephile-nix.git / blobdiff