'';
};
config = lib.mkIf (config.myServices.mail.enable || config.myServices.mailBackup.enable) {
- secrets.keys = [
- {
- dest = "opendkim";
+ secrets.keys = {
+ "opendkim" = {
isDir = true;
user = config.services.opendkim.user;
group = config.services.opendkim.group;
permissions = "0550";
- }
- {
- dest = "opendkim/eldiron.private";
+ };
+ "opendkim/eldiron.private" = {
user = config.services.opendkim.user;
group = config.services.opendkim.group;
permissions = "0400";
text = config.myEnv.mail.dkim.eldiron.private;
- }
- {
- dest = "opendkim/eldiron.txt";
+ };
+ "opendkim/eldiron.txt" = {
user = config.services.opendkim.user;
group = config.services.opendkim.group;
permissions = "0444";
text = ''
eldiron._domainkey IN TXT ${config.myEnv.mail.dkim.eldiron.public}'';
- }
- ];
+ };
+ };
users.users."${config.services.opendkim.user}".extraGroups = [ "keys" ];
services.opendkim = {
enable = true;