summary refs log tree commit diff
path: root/nixos/modules/services/mail
diff options
context:
space:
mode:
authorjoachim schiele <js@lastlog.de>2017-09-13 12:13:08 +0200
committerFranz Pletz <fpletz@fnordicwalking.de>2017-10-23 15:53:55 +0200
commit61089ddceec7d05a05efd4db9bbdf4b45d102b9c (patch)
tree40ae16fe4a098784da4775fd174c4f66c50ff673 /nixos/modules/services/mail
parent681c8006f5ea89f949880b6bc05d29a5422c6320 (diff)
downloadnixlib-61089ddceec7d05a05efd4db9bbdf4b45d102b9c.tar
nixlib-61089ddceec7d05a05efd4db9bbdf4b45d102b9c.tar.gz
nixlib-61089ddceec7d05a05efd4db9bbdf4b45d102b9c.tar.bz2
nixlib-61089ddceec7d05a05efd4db9bbdf4b45d102b9c.tar.lz
nixlib-61089ddceec7d05a05efd4db9bbdf4b45d102b9c.tar.xz
nixlib-61089ddceec7d05a05efd4db9bbdf4b45d102b9c.tar.zst
nixlib-61089ddceec7d05a05efd4db9bbdf4b45d102b9c.zip
opendkim: automated key generation (no manual changes for service initialization required anymore)
Diffstat (limited to 'nixos/modules/services/mail')
-rw-r--r--nixos/modules/services/mail/opendkim.nix26


1 files changed, 23 insertions, 3 deletions
diff --git a/nixos/modules/services/mail/opendkim.nix b/nixos/modules/services/mail/opendkim.nix
index f065208ddfc1..59a8373843a1 100644
--- a/nixos/modules/services/mail/opendkim.nix
+++ b/nixos/modules/services/mail/opendkim.nix
@@ -8,10 +8,12 @@ let
 
   defaultSock = "local:/run/opendkim/opendkim.sock";
 
+  keyFile = "${cfg.keyPath}/${cfg.selector}.private";
+
   args = [ "-f" "-l"
            "-p" cfg.socket
            "-d" cfg.domains
-           "-k" cfg.keyFile
+           "-k" keyFile
            "-s" cfg.selector
          ] ++ optionals (cfg.configFile != null) [ "-x" cfg.configFile ];
 
@@ -57,9 +59,13 @@ in {
         '';
       };
 
-      keyFile = mkOption {
+      keyPath = mkOption {
         type = types.path;
-        description = "Secret key file used for signing messages.";
+        description = ''
+          The path that opendkim should put its generated private keys into.
+          The DNS settings will be found in this directory with the name selector.txt.
+        '';
+        default = "/var/lib/opendkim/keys";
       };
 
       selector = mkOption {
@@ -100,11 +106,25 @@ in {
       after = [ "network.target" ];
       wantedBy = [ "multi-user.target" ];
 
+      preStart = ''
+        mkdir -p "${cfg.keyPath}"
+        cd "${cfg.keyPath}"
+        if ! test -f ${cfg.selector}.private; then
+          ${pkgs.opendkim}/bin/opendkim-genkey -s ${cfg.selector} -d all-domains-generic-key
+          echo "Generated OpenDKIM key! Please update your DNS settings:\n"
+          echo "-------------------------------------------------------------"
+          cat ${cfg.selector}.txt
+          echo "-------------------------------------------------------------"
+        fi
+        chown ${cfg.user}:${cfg.group} ${cfg.selector}.private
+      '';
+
       serviceConfig = {
         ExecStart = "${pkgs.opendkim}/bin/opendkim ${escapeShellArgs args}";
         User = cfg.user;
         Group = cfg.group;
         RuntimeDirectory = optional (cfg.socket == defaultSock) "opendkim";
+        PermissionsStartOnly = true;
       };
     };
 

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-20 17:32:55 +0000