Fix the DKIM setup

2023-05-16 20:30:59 +02:00 · 2023-05-16 20:30:59 +02:00 · 6812ef8736
parent d8ce20c7ca
commit 6812ef8736
6 changed files with 34 additions and 0 deletions
--- a/modules/docker-mailserver/default.nix
+++ b/modules/docker-mailserver/default.nix
@ -14,6 +14,31 @@ in
  imports = [
    (import "${custom.inputs.self}/modules/telegram-notifications" { inherit custom; })
  ];
+
+  age.secrets.dkim2liCh = {
+    file = "${custom.inputs.self}/scrts/dkim_2li.ch.age";
+    mode = "600";
+    owner = "113";
+    group = "115";
+  };
+  age.secrets.dkimZweiliCh = {
+    file = "${custom.inputs.self}/scrts/dkim_zweili.ch.age";
+    mode = "600";
+    owner = "113";
+    group = "115";
+  };
+
+  environment.etc = {
+    "dkim/2li.ch.private" = {
+      enable = true;
+      source = config.age.secrets.dkim2liCh.path;
+    };
+    "dkim/zweili.ch.private" = {
+      enable = true;
+      source = config.age.secrets.dkimZweiliCh.path;
+    };
+  };
+
  environment.systemPackages = [
    mailserver-setup
  ];
@ -36,6 +61,9 @@ in
      ];
      volumes = [
        "/etc/localtime:/etc/localtime:ro"
+        "/etc/dkim:/etc/dkim:ro"
+        "/etc/static:/etc/static:ro"
+        "/run/agenix:/run/agenix:ro"
        "/var/lib/acme/mail.zweili.org:/etc/letsencrypt/live/mail.zweili.org:ro"
        "/var/lib/redis:/var/lib/redis"
      ];
--- a/modules/docker-mailserver/dkim_2li.ch.pub
+++ b/modules/docker-mailserver/dkim_2li.ch.pub
@ -0,0 +1,3 @@
+mail._domainkey	IN	TXT	( "v=DKIM1; h=sha256; k=rsa; "
+	  "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvK+Xel8uf7abb45Ab2NGPD8VlkXfFzmga+WPmFBy/knh/mCtHJbF70dil0/gV5Br/yTzjy4ZOo73USkaaQHDY2OF4acQ9PqLfMFvDTeEc7wOf/UAAVr2eM7vbU2I2yDTNbgPxIh+Necifa1Xpgz24VoWwZFt1etRVGBkMYoxtayyA/WFXWWinTrCKGnFJ1Ley1CQwtlPukdvud"
+	  "vLdmaIV+oTSX8Yvs4UwAOK4TQpvJ3bglGMlF3z3iv8D5EZ52tZFCz9pu4PZfez14P9AMRSnktAbYfPVQ1SdWA/n/4CGte7cEGpeS2jxQXMtQbjFDsJqiEZV869xgrPlcFcE77IKwIDAQAB" )  ; ----- DKIM key mail for 2li.ch
--- a/modules/docker-mailserver/dkim_zweili.ch.pub
+++ b/modules/docker-mailserver/dkim_zweili.ch.pub
@ -0,0 +1 @@
+mail._domainkey	IN	TXT	( "v=DKIM1; h=sha256; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwS3BDuWaNvl/Jb2USUb/Iap84OPE+eAfpXag7b18WfKgFTJdIb0v1Q4JPaq4Z6lDzBogrK5HqxbjZVq0W+4SqkZZ8uk2Cxiy5m7otQvm4YDMIDz/sDCQYxsH9yr+wXckoIw2t+Eg/im/1HemE+HioC7s2FRBMHFbcLBb9O0U/xVPRotZs3nU0Pepw+f6K1xxeTuedsmFI/25wkUZqu8rFLyaTAe/U4/LQWAnc8jIljb41PhSOiDVJ7zJ2vKGUa+C+AmFKPOIBa+sKjAoMmWAtS9LDomaocOTBIGFRHXNFzFg/d4VD7wdySua6ZUKEBeCZwFdpAko7B3Ms9WvPwkTowIDAQAB" )  ; ----- DKIM key mail for zweili.ch
--- a/scrts/dkim_2li.ch.age
+++ b/scrts/dkim_2li.ch.age
--- a/scrts/dkim_zweili.ch.age
+++ b/scrts/dkim_zweili.ch.age
--- a/scrts/secrets.nix
+++ b/scrts/secrets.nix
@ -32,6 +32,8 @@ let
  all = users ++ systems;
 in
 {
+  "dkim_2li.ch.age".publicKeys = defaultKeys ++ [ mail ];
+  "dkim_zweili.ch.age".publicKeys = defaultKeys ++ [ mail ];
  "gitea_env.age".publicKeys = defaultKeys ++ [ git ];
  "infomaniak_env.age".publicKeys = all;
  "nextcloud_env.age".publicKeys = defaultKeys ++ [ nextcloud ];
				`@ -0,0 +1 @@`
				`mail._domainkey IN TXT ( "v=DKIM1; h=sha256; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwS3BDuWaNvl/Jb2USUb/Iap84OPE+eAfpXag7b18WfKgFTJdIb0v1Q4JPaq4Z6lDzBogrK5HqxbjZVq0W+4SqkZZ8uk2Cxiy5m7otQvm4YDMIDz/sDCQYxsH9yr+wXckoIw2t+Eg/im/1HemE+HioC7s2FRBMHFbcLBb9O0U/xVPRotZs3nU0Pepw+f6K1xxeTuedsmFI/25wkUZqu8rFLyaTAe/U4/LQWAnc8jIljb41PhSOiDVJ7zJ2vKGUa+C+AmFKPOIBa+sKjAoMmWAtS9LDomaocOTBIGFRHXNFzFg/d4VD7wdySua6ZUKEBeCZwFdpAko7B3Ms9WvPwkTowIDAQAB" ) ; ----- DKIM key mail for zweili.ch`