monguix/services/dkim-key.scm

(define-module (services dkim-key)
  #:use-module (gnu packages base)
  #:use-module (gnu packages tls)
  #:use-module (gnu services)
  #:use-module (gnu services shepherd)
  #:use-module (guix gexp)
  #:use-module (guix records)
  #:use-module (guix i18n)
  #:export (dkim-key-service-type dkim-key-configuration))

(define-record-type* <dkim-key-configuration>
  dkim-key-configuration make-dkim-key-configuration
  dkim-key-configuration?
  (directory dkim-key-configuration-directory (default "/etc/dkim"))
  (owner dkim-key-configuration-owner (default "smtpd"))
  (domain dkim-key-configuration-selector (default ""))
  (selector dkim-key-configuration-selector (default "dkim"))
  (key-length dkim-key-configuration-key-length (default 1024)))

(define (dkim-key-activation config)
  (match-record config <dkim-key-configuration>
    (directory owner domain selector key-length)
    #~(begin
      (use-modules (guix build utils))
      (mkdir-p #$directory)

      (let ((key-file (string-append #$directory "/" #$domain ".key"))
            (private (string-append #$domain "-" #$selector ".key"))
            (public (string-append #$domain "-" #$selector ".pub")))
        (with-directory-excursion #$directory
          (unless (file-exists? private)
            (let ((openssl #$(file-append openssl "/bin/openssl"))
		  (sed #$(file-append sed "/bin/sed")))
              (system* openssl "genrsa" "-out" private (number->string #$key-length))
              (chown private (passwd:uid (getpwnam #$owner)) -1)
              (system* openssl "rsa" "-in" private "-pubout" "-out" public)
              (system* sed "-i"
                       "1s/.*/v=DKIM1;p=/;:nl;${s/-----.*//;q;};N;s/\\n//g;b nl;"
                       public)))
          (display (format #f "Create a TXT record at ~a._domainkey.~a with the contents of ~a/~a~%"
                           #$selector #$domain #$directory public)))
        (unless (equal? (false-if-exception (readlink key-file)) private)
          (false-if-exception (delete-file key-file))
          (symlink private key-file))))))

(define dkim-key-service-type
  (service-type (name 'dkim-key)
                (extensions
                  (list (service-extension activation-service-type dkim-key-activation)))
                (default-value (dkim-key-configuration))
                (description "Generate DKIM keys")))
Add dkim-key service 2022-10-01 23:43:44 +02:00			`(define-module (services dkim-key)`
services/dkim-key: fix sed invocation and ignore missing file 2023-08-11 17:29:16 +02:00			`#:use-module (gnu packages base)`
Add dkim-key service 2022-10-01 23:43:44 +02:00			`#:use-module (gnu packages tls)`
			`#:use-module (gnu services)`
			`#:use-module (gnu services shepherd)`
			`#:use-module (guix gexp)`
			`#:use-module (guix records)`
			`#:use-module (guix i18n)`
			`#:export (dkim-key-service-type dkim-key-configuration))`

			`(define-record-type* <dkim-key-configuration>`
			`dkim-key-configuration make-dkim-key-configuration`
			`dkim-key-configuration?`
services/dkim-key: allow configuring owner for private key 2023-05-11 19:35:14 +02:00			`(directory dkim-key-configuration-directory (default "/etc/dkim"))`
			`(owner dkim-key-configuration-owner (default "smtpd"))`
Add dkim-key service 2022-10-01 23:43:44 +02:00			`(domain dkim-key-configuration-selector (default ""))`
			`(selector dkim-key-configuration-selector (default "dkim"))`
			`(key-length dkim-key-configuration-key-length (default 1024)))`

			`(define (dkim-key-activation config)`
			`(match-record config <dkim-key-configuration>`
services/dkim-key: allow configuring owner for private key 2023-05-11 19:35:14 +02:00			`(directory owner domain selector key-length)`
Add dkim-key service 2022-10-01 23:43:44 +02:00			`#~(begin`
			`(use-modules (guix build utils))`
			`(mkdir-p #$directory)`

			`(let ((key-file (string-append #$directory "/" #$domain ".key"))`
services/dkim-key: do not overwrite existing keys Also do not suggest publishing the private key. 2023-05-11 19:34:14 +02:00			`(private (string-append #$domain "-" #$selector ".key"))`
			`(public (string-append #$domain "-" #$selector ".pub")))`
			`(with-directory-excursion #$directory`
			`(unless (file-exists? private)`
services/dkim-key: fix sed invocation and ignore missing file 2023-08-11 17:29:16 +02:00			`(let ((openssl #$(file-append openssl "/bin/openssl"))`
			`(sed #$(file-append sed "/bin/sed")))`
Add dkim-key service 2022-10-01 23:43:44 +02:00			`(system* openssl "genrsa" "-out" private (number->string #$key-length))`
services/dkim-key: allow configuring owner for private key 2023-05-11 19:35:14 +02:00			`(chown private (passwd:uid (getpwnam #$owner)) -1)`
Add dkim-key service 2022-10-01 23:43:44 +02:00			`(system* openssl "rsa" "-in" private "-pubout" "-out" public)`
services/dkim-key: fix sed invocation and ignore missing file 2023-08-11 17:29:16 +02:00			`(system* sed "-i"`
Add dkim-key service 2022-10-01 23:43:44 +02:00			`"1s/./v=DKIM1;p=/;:nl;${s/-----.//;q;};N;s/\\n//g;b nl;"`
services/dkim-key: do not overwrite existing keys Also do not suggest publishing the private key. 2023-05-11 19:34:14 +02:00			`public)))`
			`(display (format #f "Create a TXT record at ~a._domainkey.~a with the contents of ~a/~a~%"`
			`#$selector #$domain #$directory public)))`
services/dkim-key: fix condition for linking current private key 2023-05-11 21:51:58 +02:00			`(unless (equal? (false-if-exception (readlink key-file)) private)`
services/dkim-key: fix sed invocation and ignore missing file 2023-08-11 17:29:16 +02:00			`(false-if-exception (delete-file key-file))`
Add dkim-key service 2022-10-01 23:43:44 +02:00			`(symlink private key-file))))))`

			`(define dkim-key-service-type`
			`(service-type (name 'dkim-key)`
			`(extensions`
			`(list (service-extension activation-service-type dkim-key-activation)))`
			`(default-value (dkim-key-configuration))`
			`(description "Generate DKIM keys")))`