diff options
author | joachim schiele <js@lastlog.de> | 2017-09-13 12:13:08 +0200 |
---|---|---|
committer | Franz Pletz <fpletz@fnordicwalking.de> | 2017-10-23 15:53:55 +0200 |
commit | 61089ddceec7d05a05efd4db9bbdf4b45d102b9c (patch) | |
tree | 40ae16fe4a098784da4775fd174c4f66c50ff673 /nixos/modules/services/mail | |
parent | 681c8006f5ea89f949880b6bc05d29a5422c6320 (diff) | |
download | nixlib-61089ddceec7d05a05efd4db9bbdf4b45d102b9c.tar nixlib-61089ddceec7d05a05efd4db9bbdf4b45d102b9c.tar.gz nixlib-61089ddceec7d05a05efd4db9bbdf4b45d102b9c.tar.bz2 nixlib-61089ddceec7d05a05efd4db9bbdf4b45d102b9c.tar.lz nixlib-61089ddceec7d05a05efd4db9bbdf4b45d102b9c.tar.xz nixlib-61089ddceec7d05a05efd4db9bbdf4b45d102b9c.tar.zst nixlib-61089ddceec7d05a05efd4db9bbdf4b45d102b9c.zip |
opendkim: automated key generation (no manual changes for service initialization required anymore)
Diffstat (limited to 'nixos/modules/services/mail')
-rw-r--r-- | nixos/modules/services/mail/opendkim.nix | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/nixos/modules/services/mail/opendkim.nix b/nixos/modules/services/mail/opendkim.nix index f065208ddfc1..59a8373843a1 100644 --- a/nixos/modules/services/mail/opendkim.nix +++ b/nixos/modules/services/mail/opendkim.nix @@ -8,10 +8,12 @@ let defaultSock = "local:/run/opendkim/opendkim.sock"; + keyFile = "${cfg.keyPath}/${cfg.selector}.private"; + args = [ "-f" "-l" "-p" cfg.socket "-d" cfg.domains - "-k" cfg.keyFile + "-k" keyFile "-s" cfg.selector ] ++ optionals (cfg.configFile != null) [ "-x" cfg.configFile ]; @@ -57,9 +59,13 @@ in { ''; }; - keyFile = mkOption { + keyPath = mkOption { type = types.path; - description = "Secret key file used for signing messages."; + description = '' + The path that opendkim should put its generated private keys into. + The DNS settings will be found in this directory with the name selector.txt. + ''; + default = "/var/lib/opendkim/keys"; }; selector = mkOption { @@ -100,11 +106,25 @@ in { after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; + preStart = '' + mkdir -p "${cfg.keyPath}" + cd "${cfg.keyPath}" + if ! test -f ${cfg.selector}.private; then + ${pkgs.opendkim}/bin/opendkim-genkey -s ${cfg.selector} -d all-domains-generic-key + echo "Generated OpenDKIM key! Please update your DNS settings:\n" + echo "-------------------------------------------------------------" + cat ${cfg.selector}.txt + echo "-------------------------------------------------------------" + fi + chown ${cfg.user}:${cfg.group} ${cfg.selector}.private + ''; + serviceConfig = { ExecStart = "${pkgs.opendkim}/bin/opendkim ${escapeShellArgs args}"; User = cfg.user; Group = cfg.group; RuntimeDirectory = optional (cfg.socket == defaultSock) "opendkim"; + PermissionsStartOnly = true; }; }; |