From c21cc486e567b42ac8ffbdb305d04049788f4c8a Mon Sep 17 00:00:00 2001
From: Timotej Lazar <timotej.lazar@araneo.si>
Date: Sat, 1 Oct 2022 23:43:44 +0200
Subject: [PATCH] Add dkim-key service

---
 services/dkim-key.scm | 48 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 services/dkim-key.scm

diff --git a/services/dkim-key.scm b/services/dkim-key.scm
new file mode 100644
index 0000000..1625b3e
--- /dev/null
+++ b/services/dkim-key.scm
@@ -0,0 +1,48 @@
+(define-module (services dkim-key)
+  #:use-module (gnu packages tls)
+  #:use-module (gnu services)
+  #:use-module (gnu services shepherd)
+  #:use-module (guix gexp)
+  #:use-module (guix records)
+  #:use-module (guix i18n)
+  #:export (dkim-key-service-type dkim-key-configuration))
+
+(define-record-type* <dkim-key-configuration>
+  dkim-key-configuration make-dkim-key-configuration
+  dkim-key-configuration?
+  (domain dkim-key-configuration-selector (default ""))
+  (selector dkim-key-configuration-selector (default "dkim"))
+  (directory dkim-key-configuration-directory (default "/etc/dkim"))
+  (key-length dkim-key-configuration-key-length (default 1024)))
+
+(define (dkim-key-activation config)
+  (match-record config <dkim-key-configuration>
+    (domain directory selector key-length)
+    #~(begin
+      (use-modules (guix build utils))
+      (mkdir-p #$directory)
+
+      (let ((key-file (string-append #$directory "/" #$domain ".key"))
+            (private (string-append #$domain "-" #$selector ".key")))
+        (unless (file-exists? private)
+          (with-directory-excursion #$directory
+            (let ((openssl #$(file-append openssl "/bin/openssl"))
+                  (public (string-append #$domain "-" #$selector ".pub")))
+              (system* openssl "genrsa" "-out" private (number->string #$key-length))
+              (chown private (passwd:uid (getpwnam "smtpd")) -1)
+              (system* openssl "rsa" "-in" private "-pubout" "-out" public)
+              (system* "sed" "-i"
+                       "1s/.*/v=DKIM1;p=/;:nl;${s/-----.*//;q;};N;s/\\n//g;b nl;"
+                       public))
+            (display (format #f "Create a TXT record at ~a._domainkey.~a with the contents of ~a~%"
+                             #$selector #$domain key-file))))
+        (unless (equal? (false-if-exception (readlink current)) key-file)
+          (delete-file key-file)
+          (symlink private key-file))))))
+
+(define dkim-key-service-type
+  (service-type (name 'dkim-key)
+                (extensions
+                  (list (service-extension activation-service-type dkim-key-activation)))
+                (default-value (dkim-key-configuration))
+                (description "Generate DKIM keys")))