opendkim: automated key generation (no manual changes for service initialization required anymore)

pyrox.dev / nixpkgs

fork atom

lol

fork atom

authored by

joachim schiele and committed by

Franz Pletz 8 years ago 61089ddc 681c8006

+26 -3

2 changed files

expand all

unified split

nixos

modules

rename.nix

services

mail

opendkim.nix

nixos/modules/rename.nix

··· 112 113 (mkAliasOptionModule [ "environment" "checkConfigurationOptions" ] [ "_module" "check" ]) 114 115 # XBMC 116 (mkRenamedOptionModule [ "services" "xserver" "windowManager" "xbmc" ] [ "services" "xserver" "desktopManager" "kodi" ]) 117 (mkRenamedOptionModule [ "services" "xserver" "desktopManager" "xbmc" ] [ "services" "xserver" "desktopManager" "kodi" ])

··· 112 113 (mkAliasOptionModule [ "environment" "checkConfigurationOptions" ] [ "_module" "check" ]) 114 115 + # opendkim 116 + (mkRenamedOptionModule [ "services" "opendkim" "keyFile" ] [ "services" "opendkim" "keyPath" ]) 117 + 118 # XBMC 119 (mkRenamedOptionModule [ "services" "xserver" "windowManager" "xbmc" ] [ "services" "xserver" "desktopManager" "kodi" ]) 120 (mkRenamedOptionModule [ "services" "xserver" "desktopManager" "xbmc" ] [ "services" "xserver" "desktopManager" "kodi" ])

+23 -3

nixos/modules/services/mail/opendkim.nix

··· 8 9 defaultSock = "local:/run/opendkim/opendkim.sock"; 10 11 args = [ "-f" "-l" 12 "-p" cfg.socket 13 "-d" cfg.domains 14 - "-k" cfg.keyFile 15 "-s" cfg.selector 16 ] ++ optionals (cfg.configFile != null) [ "-x" cfg.configFile ]; 17 ··· 57 ''; 58 }; 59 60 - keyFile = mkOption { 61 type = types.path; 62 - description = "Secret key file used for signing messages."; 63 }; 64 65 selector = mkOption { ··· 100 after = [ "network.target" ]; 101 wantedBy = [ "multi-user.target" ]; 102 103 serviceConfig = { 104 ExecStart = "${pkgs.opendkim}/bin/opendkim ${escapeShellArgs args}"; 105 User = cfg.user; 106 Group = cfg.group; 107 RuntimeDirectory = optional (cfg.socket == defaultSock) "opendkim"; 108 }; 109 }; 110

··· 8 9 defaultSock = "local:/run/opendkim/opendkim.sock"; 10 11 + keyFile = "${cfg.keyPath}/${cfg.selector}.private"; 12 + 13 args = [ "-f" "-l" 14 "-p" cfg.socket 15 "-d" cfg.domains 16 + "-k" keyFile 17 "-s" cfg.selector 18 ] ++ optionals (cfg.configFile != null) [ "-x" cfg.configFile ]; 19 ··· 59 ''; 60 }; 61 62 + keyPath = mkOption { 63 type = types.path; 64 + description = '' 65 + The path that opendkim should put its generated private keys into. 66 + The DNS settings will be found in this directory with the name selector.txt. 67 + ''; 68 + default = "/var/lib/opendkim/keys"; 69 }; 70 71 selector = mkOption { ··· 106 after = [ "network.target" ]; 107 wantedBy = [ "multi-user.target" ]; 108 109 + preStart = '' 110 + mkdir -p "${cfg.keyPath}" 111 + cd "${cfg.keyPath}" 112 + if ! test -f ${cfg.selector}.private; then 113 + ${pkgs.opendkim}/bin/opendkim-genkey -s ${cfg.selector} -d all-domains-generic-key 114 + echo "Generated OpenDKIM key! Please update your DNS settings:\n" 115 + echo "-------------------------------------------------------------" 116 + cat ${cfg.selector}.txt 117 + echo "-------------------------------------------------------------" 118 + fi 119 + chown ${cfg.user}:${cfg.group} ${cfg.selector}.private 120 + ''; 121 + 122 serviceConfig = { 123 ExecStart = "${pkgs.opendkim}/bin/opendkim ${escapeShellArgs args}"; 124 User = cfg.user; 125 Group = cfg.group; 126 RuntimeDirectory = optional (cfg.socket == defaultSock) "opendkim"; 127 + PermissionsStartOnly = true; 128 }; 129 }; 130