'';
};
config = lib.mkIf (config.myServices.mail.enable || config.myServices.mailBackup.enable) {
- secrets.keys = [
- {
- dest = "opendkim/eldiron.private";
+ secrets.keys = {
+ "opendkim" = {
+ isDir = true;
+ user = config.services.opendkim.user;
+ group = config.services.opendkim.group;
+ permissions = "0550";
+ };
+ "opendkim/eldiron.private" = {
user = config.services.opendkim.user;
group = config.services.opendkim.group;
permissions = "0400";
text = config.myEnv.mail.dkim.eldiron.private;
- }
- {
- dest = "opendkim/eldiron.txt";
+ };
+ "opendkim/eldiron.txt" = {
user = config.services.opendkim.user;
group = config.services.opendkim.group;
permissions = "0444";
text = ''
eldiron._domainkey IN TXT ${config.myEnv.mail.dkim.eldiron.public}'';
- }
- ];
+ };
+ };
users.users."${config.services.opendkim.user}".extraGroups = [ "keys" ];
services.opendkim = {
enable = true;
)
config.myEnv.dns.masterZones
));
- keyPath = "${config.secrets.location}/opendkim";
+ keyPath = config.secrets.fullPaths."opendkim";
selector = "eldiron";
configFile = pkgs.writeText "opendkim.conf" ''
SubDomains yes