From c4511c38a49c60394b91ec9d4499cdbf41f4e60c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Fri, 13 Oct 2023 00:43:56 +0200 Subject: Change dkim key for a 2048b one --- deploy/flake.lock | 18 +++++++++--------- flake.lock | 18 +++++++++--------- flakes/flake.lock | 16 ++++++++-------- flakes/private/milters/flake.nix | 9 ++++++++- flakes/private/openarc/flake.nix | 5 +++-- systems/backup-2/flake.lock | 4 ++-- systems/eldiron/dns.nix | 6 +++++- systems/eldiron/flake.lock | 4 ++-- 8 files changed, 46 insertions(+), 34 deletions(-) diff --git a/deploy/flake.lock b/deploy/flake.lock index 7e21897..e53d39c 100644 --- a/deploy/flake.lock +++ b/deploy/flake.lock @@ -2783,7 +2783,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-U/9W/+WAYIWL7g1Wy7sjF/DZzFyCYzs7UPu6QU2zboU=", + "narHash": "sha256-0pgT4QFyk6vDVJZboD4Js8CRLJMtDCvPpMmYSHBgqnU=", "path": "../flakes", "type": "path" }, @@ -2876,7 +2876,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-x6nZbsijTyyeFsCiOHIXTPVsEGaGle3a1QDWsxlp51I=", + "narHash": "sha256-VhRXb3AAlSKwkq4BfVmoKzkLxEaAFGjYLAFETTZuhjE=", "path": "../../flakes/private/milters", "type": "path" }, @@ -3832,7 +3832,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-4IYifux8V3QCpgdSwCR8CpbuOr7CEF6uj4OKTiaEnk8=", + "narHash": "sha256-dslxX2j+qIz/5OJ7J0cMzPhPxMUlM3EoPbHFz2/omjI=", "path": "../systems/backup-2", "type": "path" }, @@ -3903,7 +3903,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-uwd/AAgnu/hYHk7lCI5EHBvajek3ucgPpuTRHzMqtas=", + "narHash": "sha256-yMHsjZMbUXAE/6Bhrm+UVPBi4SD3BMEk+t7k/7S9JVo=", "path": "../systems/eldiron", "type": "path" }, @@ -7004,7 +7004,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-08NmS2KKpthWHC7ob5cu1RBKA7JaPEMqcL5HHwH3vLA=", + "narHash": "sha256-OAM9gsDUnwGZWwnFF9F1GWLDr41V4LdGj4+daTdwjks=", "path": "../../flakes/private/openarc", "type": "path" }, @@ -7523,7 +7523,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-x6nZbsijTyyeFsCiOHIXTPVsEGaGle3a1QDWsxlp51I=", + "narHash": "sha256-VhRXb3AAlSKwkq4BfVmoKzkLxEaAFGjYLAFETTZuhjE=", "path": "../../flakes/private/milters", "type": "path" }, @@ -7558,7 +7558,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-08NmS2KKpthWHC7ob5cu1RBKA7JaPEMqcL5HHwH3vLA=", + "narHash": "sha256-OAM9gsDUnwGZWwnFF9F1GWLDr41V4LdGj4+daTdwjks=", "path": "../../flakes/private/openarc", "type": "path" }, @@ -8394,7 +8394,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-x6nZbsijTyyeFsCiOHIXTPVsEGaGle3a1QDWsxlp51I=", + "narHash": "sha256-VhRXb3AAlSKwkq4BfVmoKzkLxEaAFGjYLAFETTZuhjE=", "path": "./private/milters", "type": "path" }, @@ -8429,7 +8429,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-08NmS2KKpthWHC7ob5cu1RBKA7JaPEMqcL5HHwH3vLA=", + "narHash": "sha256-OAM9gsDUnwGZWwnFF9F1GWLDr41V4LdGj4+daTdwjks=", "path": "./private/openarc", "type": "path" }, diff --git a/flake.lock b/flake.lock index 1accf17..bcce42f 100644 --- a/flake.lock +++ b/flake.lock @@ -2664,7 +2664,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-U/9W/+WAYIWL7g1Wy7sjF/DZzFyCYzs7UPu6QU2zboU=", + "narHash": "sha256-0pgT4QFyk6vDVJZboD4Js8CRLJMtDCvPpMmYSHBgqnU=", "path": "./flakes", "type": "path" }, @@ -2892,7 +2892,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-x6nZbsijTyyeFsCiOHIXTPVsEGaGle3a1QDWsxlp51I=", + "narHash": "sha256-VhRXb3AAlSKwkq4BfVmoKzkLxEaAFGjYLAFETTZuhjE=", "path": "../../flakes/private/milters", "type": "path" }, @@ -3848,7 +3848,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-4IYifux8V3QCpgdSwCR8CpbuOr7CEF6uj4OKTiaEnk8=", + "narHash": "sha256-dslxX2j+qIz/5OJ7J0cMzPhPxMUlM3EoPbHFz2/omjI=", "path": "../systems/backup-2", "type": "path" }, @@ -3919,7 +3919,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-uwd/AAgnu/hYHk7lCI5EHBvajek3ucgPpuTRHzMqtas=", + "narHash": "sha256-yMHsjZMbUXAE/6Bhrm+UVPBi4SD3BMEk+t7k/7S9JVo=", "path": "../systems/eldiron", "type": "path" }, @@ -7020,7 +7020,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-08NmS2KKpthWHC7ob5cu1RBKA7JaPEMqcL5HHwH3vLA=", + "narHash": "sha256-OAM9gsDUnwGZWwnFF9F1GWLDr41V4LdGj4+daTdwjks=", "path": "../../flakes/private/openarc", "type": "path" }, @@ -7539,7 +7539,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-x6nZbsijTyyeFsCiOHIXTPVsEGaGle3a1QDWsxlp51I=", + "narHash": "sha256-VhRXb3AAlSKwkq4BfVmoKzkLxEaAFGjYLAFETTZuhjE=", "path": "../../flakes/private/milters", "type": "path" }, @@ -7574,7 +7574,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-08NmS2KKpthWHC7ob5cu1RBKA7JaPEMqcL5HHwH3vLA=", + "narHash": "sha256-OAM9gsDUnwGZWwnFF9F1GWLDr41V4LdGj4+daTdwjks=", "path": "../../flakes/private/openarc", "type": "path" }, @@ -8410,7 +8410,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-x6nZbsijTyyeFsCiOHIXTPVsEGaGle3a1QDWsxlp51I=", + "narHash": "sha256-VhRXb3AAlSKwkq4BfVmoKzkLxEaAFGjYLAFETTZuhjE=", "path": "./private/milters", "type": "path" }, @@ -8445,7 +8445,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-08NmS2KKpthWHC7ob5cu1RBKA7JaPEMqcL5HHwH3vLA=", + "narHash": "sha256-OAM9gsDUnwGZWwnFF9F1GWLDr41V4LdGj4+daTdwjks=", "path": "./private/openarc", "type": "path" }, diff --git a/flakes/flake.lock b/flakes/flake.lock index d5a227a..e4b20b2 100644 --- a/flakes/flake.lock +++ b/flakes/flake.lock @@ -2797,7 +2797,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-x6nZbsijTyyeFsCiOHIXTPVsEGaGle3a1QDWsxlp51I=", + "narHash": "sha256-VhRXb3AAlSKwkq4BfVmoKzkLxEaAFGjYLAFETTZuhjE=", "path": "../../flakes/private/milters", "type": "path" }, @@ -3753,7 +3753,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-4IYifux8V3QCpgdSwCR8CpbuOr7CEF6uj4OKTiaEnk8=", + "narHash": "sha256-dslxX2j+qIz/5OJ7J0cMzPhPxMUlM3EoPbHFz2/omjI=", "path": "../systems/backup-2", "type": "path" }, @@ -3824,7 +3824,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-uwd/AAgnu/hYHk7lCI5EHBvajek3ucgPpuTRHzMqtas=", + "narHash": "sha256-yMHsjZMbUXAE/6Bhrm+UVPBi4SD3BMEk+t7k/7S9JVo=", "path": "../systems/eldiron", "type": "path" }, @@ -6847,7 +6847,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-08NmS2KKpthWHC7ob5cu1RBKA7JaPEMqcL5HHwH3vLA=", + "narHash": "sha256-OAM9gsDUnwGZWwnFF9F1GWLDr41V4LdGj4+daTdwjks=", "path": "../../flakes/private/openarc", "type": "path" }, @@ -7366,7 +7366,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-x6nZbsijTyyeFsCiOHIXTPVsEGaGle3a1QDWsxlp51I=", + "narHash": "sha256-VhRXb3AAlSKwkq4BfVmoKzkLxEaAFGjYLAFETTZuhjE=", "path": "../../flakes/private/milters", "type": "path" }, @@ -7401,7 +7401,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-08NmS2KKpthWHC7ob5cu1RBKA7JaPEMqcL5HHwH3vLA=", + "narHash": "sha256-OAM9gsDUnwGZWwnFF9F1GWLDr41V4LdGj4+daTdwjks=", "path": "../../flakes/private/openarc", "type": "path" }, @@ -8276,7 +8276,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-x6nZbsijTyyeFsCiOHIXTPVsEGaGle3a1QDWsxlp51I=", + "narHash": "sha256-VhRXb3AAlSKwkq4BfVmoKzkLxEaAFGjYLAFETTZuhjE=", "path": "./private/milters", "type": "path" }, @@ -8311,7 +8311,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-08NmS2KKpthWHC7ob5cu1RBKA7JaPEMqcL5HHwH3vLA=", + "narHash": "sha256-OAM9gsDUnwGZWwnFF9F1GWLDr41V4LdGj4+daTdwjks=", "path": "./private/openarc", "type": "path" }, diff --git a/flakes/private/milters/flake.nix b/flakes/private/milters/flake.nix index c4de5b6..fc088f9 100644 --- a/flakes/private/milters/flake.nix +++ b/flakes/private/milters/flake.nix @@ -42,6 +42,12 @@ permissions = "0400"; text = config.myEnv.mail.dkim.eldiron.private; }; + "opendkim/eldiron2.private" = { + user = config.services.opendkim.user; + group = config.services.opendkim.group; + permissions = "0400"; + text = config.myEnv.mail.dkim.eldiron2.private; + }; }; users.users."${config.services.opendkim.user}".extraGroups = [ "keys" ]; services.opendkim = { @@ -55,7 +61,7 @@ in builtins.concatStringsSep "," domains'; keyPath = config.secrets.fullPaths."opendkim"; - selector = "eldiron"; + selector = "eldiron2"; configFile = pkgs.writeText "opendkim.conf" '' SubDomains yes UMask 002 @@ -72,6 +78,7 @@ restart = true; paths = [ config.secrets.fullPaths."opendkim/eldiron.private" + config.secrets.fullPaths."opendkim/eldiron2.private" ]; }; diff --git a/flakes/private/openarc/flake.nix b/flakes/private/openarc/flake.nix index 56c3a1a..69e0767 100644 --- a/flakes/private/openarc/flake.nix +++ b/flakes/private/openarc/flake.nix @@ -21,9 +21,9 @@ configFile = pkgs.writeText "openarc.conf" '' AuthservID mail.immae.eu Domain mail.immae.eu - KeyFile ${config.secrets.fullPaths."opendkim/eldiron.private"} + KeyFile ${config.secrets.fullPaths."opendkim/eldiron2.private"} Mode sv - Selector eldiron + Selector eldiron2 SoftwareHeader yes Syslog Yes ''; @@ -38,6 +38,7 @@ services.filesWatcher.openarc = { restart = true; paths = [ + config.secrets.fullPaths."opendkim/eldiron2.private" config.secrets.fullPaths."opendkim/eldiron.private" ]; }; diff --git a/systems/backup-2/flake.lock b/systems/backup-2/flake.lock index 83ba265..44a490f 100644 --- a/systems/backup-2/flake.lock +++ b/systems/backup-2/flake.lock @@ -371,7 +371,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-x6nZbsijTyyeFsCiOHIXTPVsEGaGle3a1QDWsxlp51I=", + "narHash": "sha256-VhRXb3AAlSKwkq4BfVmoKzkLxEaAFGjYLAFETTZuhjE=", "path": "../../flakes/private/milters", "type": "path" }, @@ -856,7 +856,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-08NmS2KKpthWHC7ob5cu1RBKA7JaPEMqcL5HHwH3vLA=", + "narHash": "sha256-OAM9gsDUnwGZWwnFF9F1GWLDr41V4LdGj4+daTdwjks=", "path": "../../flakes/private/openarc", "type": "path" }, diff --git a/systems/eldiron/dns.nix b/systems/eldiron/dns.nix index 857b233..b076f62 100644 --- a/systems/eldiron/dns.nix +++ b/systems/eldiron/dns.nix @@ -50,7 +50,11 @@ in }; }; mailSend = { - # DKIM + # DKIM 2048b + subdomains._domainkey.subdomains.eldiron2.TXT = [ + (toKV config.myEnv.mail.dkim.eldiron2.public) + ]; + # DKIM 1024b subdomains._domainkey.subdomains.eldiron.TXT = [ (toKV config.myEnv.mail.dkim.eldiron.public) ]; diff --git a/systems/eldiron/flake.lock b/systems/eldiron/flake.lock index 3291993..0db13d7 100644 --- a/systems/eldiron/flake.lock +++ b/systems/eldiron/flake.lock @@ -2020,7 +2020,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-x6nZbsijTyyeFsCiOHIXTPVsEGaGle3a1QDWsxlp51I=", + "narHash": "sha256-VhRXb3AAlSKwkq4BfVmoKzkLxEaAFGjYLAFETTZuhjE=", "path": "../../flakes/private/milters", "type": "path" }, @@ -2055,7 +2055,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-08NmS2KKpthWHC7ob5cu1RBKA7JaPEMqcL5HHwH3vLA=", + "narHash": "sha256-OAM9gsDUnwGZWwnFF9F1GWLDr41V4LdGj4+daTdwjks=", "path": "../../flakes/private/openarc", "type": "path" }, -- cgit v1.2.3