opendkim: automated key generation (no manual changes for service initialization required anymore)
This commit is contained in:
parent
681c8006f5
commit
61089ddcee
|
@ -112,6 +112,9 @@ with lib;
|
||||||
|
|
||||||
(mkAliasOptionModule [ "environment" "checkConfigurationOptions" ] [ "_module" "check" ])
|
(mkAliasOptionModule [ "environment" "checkConfigurationOptions" ] [ "_module" "check" ])
|
||||||
|
|
||||||
|
# opendkim
|
||||||
|
(mkRenamedOptionModule [ "services" "opendkim" "keyFile" ] [ "services" "opendkim" "keyPath" ])
|
||||||
|
|
||||||
# XBMC
|
# XBMC
|
||||||
(mkRenamedOptionModule [ "services" "xserver" "windowManager" "xbmc" ] [ "services" "xserver" "desktopManager" "kodi" ])
|
(mkRenamedOptionModule [ "services" "xserver" "windowManager" "xbmc" ] [ "services" "xserver" "desktopManager" "kodi" ])
|
||||||
(mkRenamedOptionModule [ "services" "xserver" "desktopManager" "xbmc" ] [ "services" "xserver" "desktopManager" "kodi" ])
|
(mkRenamedOptionModule [ "services" "xserver" "desktopManager" "xbmc" ] [ "services" "xserver" "desktopManager" "kodi" ])
|
||||||
|
|
|
@ -8,10 +8,12 @@ let
|
||||||
|
|
||||||
defaultSock = "local:/run/opendkim/opendkim.sock";
|
defaultSock = "local:/run/opendkim/opendkim.sock";
|
||||||
|
|
||||||
|
keyFile = "${cfg.keyPath}/${cfg.selector}.private";
|
||||||
|
|
||||||
args = [ "-f" "-l"
|
args = [ "-f" "-l"
|
||||||
"-p" cfg.socket
|
"-p" cfg.socket
|
||||||
"-d" cfg.domains
|
"-d" cfg.domains
|
||||||
"-k" cfg.keyFile
|
"-k" keyFile
|
||||||
"-s" cfg.selector
|
"-s" cfg.selector
|
||||||
] ++ optionals (cfg.configFile != null) [ "-x" cfg.configFile ];
|
] ++ optionals (cfg.configFile != null) [ "-x" cfg.configFile ];
|
||||||
|
|
||||||
|
@ -57,9 +59,13 @@ in {
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
keyFile = mkOption {
|
keyPath = mkOption {
|
||||||
type = types.path;
|
type = types.path;
|
||||||
description = "Secret key file used for signing messages.";
|
description = ''
|
||||||
|
The path that opendkim should put its generated private keys into.
|
||||||
|
The DNS settings will be found in this directory with the name selector.txt.
|
||||||
|
'';
|
||||||
|
default = "/var/lib/opendkim/keys";
|
||||||
};
|
};
|
||||||
|
|
||||||
selector = mkOption {
|
selector = mkOption {
|
||||||
|
@ -100,11 +106,25 @@ in {
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
|
preStart = ''
|
||||||
|
mkdir -p "${cfg.keyPath}"
|
||||||
|
cd "${cfg.keyPath}"
|
||||||
|
if ! test -f ${cfg.selector}.private; then
|
||||||
|
${pkgs.opendkim}/bin/opendkim-genkey -s ${cfg.selector} -d all-domains-generic-key
|
||||||
|
echo "Generated OpenDKIM key! Please update your DNS settings:\n"
|
||||||
|
echo "-------------------------------------------------------------"
|
||||||
|
cat ${cfg.selector}.txt
|
||||||
|
echo "-------------------------------------------------------------"
|
||||||
|
fi
|
||||||
|
chown ${cfg.user}:${cfg.group} ${cfg.selector}.private
|
||||||
|
'';
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${pkgs.opendkim}/bin/opendkim ${escapeShellArgs args}";
|
ExecStart = "${pkgs.opendkim}/bin/opendkim ${escapeShellArgs args}";
|
||||||
User = cfg.user;
|
User = cfg.user;
|
||||||
Group = cfg.group;
|
Group = cfg.group;
|
||||||
RuntimeDirectory = optional (cfg.socket == defaultSock) "opendkim";
|
RuntimeDirectory = optional (cfg.socket == defaultSock) "opendkim";
|
||||||
|
PermissionsStartOnly = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user