pyrox.dev / nixpkgs
lol
fork atom

opendkim: automated key generation (no manual changes for service initialization required anymore)

authored by

joachim schiele and committed by
Franz Pletz 61089ddc 681c8006

+26 -3
unified split
+3
nixos/modules/rename.nix
··· 112 112 113 113 (mkAliasOptionModule [ "environment" "checkConfigurationOptions" ] [ "_module" "check" ]) 114 114 115 + # opendkim 116 + (mkRenamedOptionModule [ "services" "opendkim" "keyFile" ] [ "services" "opendkim" "keyPath" ]) 117 + 115 118 # XBMC 116 119 (mkRenamedOptionModule [ "services" "xserver" "windowManager" "xbmc" ] [ "services" "xserver" "desktopManager" "kodi" ]) 117 120 (mkRenamedOptionModule [ "services" "xserver" "desktopManager" "xbmc" ] [ "services" "xserver" "desktopManager" "kodi" ])
+23 -3
nixos/modules/services/mail/opendkim.nix
··· 8 8 9 9 defaultSock = "local:/run/opendkim/opendkim.sock"; 10 10 11 + keyFile = "${cfg.keyPath}/${cfg.selector}.private"; 12 + 11 13 args = [ "-f" "-l" 12 14 "-p" cfg.socket 13 15 "-d" cfg.domains 14 - "-k" cfg.keyFile 16 + "-k" keyFile 15 17 "-s" cfg.selector 16 18 ] ++ optionals (cfg.configFile != null) [ "-x" cfg.configFile ]; 17 19 ··· 57 59 ''; 58 60 }; 59 61 60 - keyFile = mkOption { 62 + keyPath = mkOption { 61 63 type = types.path; 62 - description = "Secret key file used for signing messages."; 64 + description = '' 65 + The path that opendkim should put its generated private keys into. 66 + The DNS settings will be found in this directory with the name selector.txt. 67 + ''; 68 + default = "/var/lib/opendkim/keys"; 63 69 }; 64 70 65 71 selector = mkOption { ··· 100 106 after = [ "network.target" ]; 101 107 wantedBy = [ "multi-user.target" ]; 102 108 109 + preStart = '' 110 + mkdir -p "${cfg.keyPath}" 111 + cd "${cfg.keyPath}" 112 + if ! test -f ${cfg.selector}.private; then 113 + ${pkgs.opendkim}/bin/opendkim-genkey -s ${cfg.selector} -d all-domains-generic-key 114 + echo "Generated OpenDKIM key! Please update your DNS settings:\n" 115 + echo "-------------------------------------------------------------" 116 + cat ${cfg.selector}.txt 117 + echo "-------------------------------------------------------------" 118 + fi 119 + chown ${cfg.user}:${cfg.group} ${cfg.selector}.private 120 + ''; 121 + 103 122 serviceConfig = { 104 123 ExecStart = "${pkgs.opendkim}/bin/opendkim ${escapeShellArgs args}"; 105 124 User = cfg.user; 106 125 Group = cfg.group; 107 126 RuntimeDirectory = optional (cfg.socket == defaultSock) "opendkim"; 127 + PermissionsStartOnly = true; 108 128 }; 109 129 }; 110 130