Add dkim-key service

2022-10-01 23:43:44 +02:00 · 2022-10-01 23:43:44 +02:00 · c21cc486e5
commit c21cc486e5
parent 7a42f26290
1 changed files with 48 additions and 0 deletions
--- a/services/dkim-key.scm
+++ b/services/dkim-key.scm
@ -0,0 +1,48 @@
 (define-module (services dkim-key)
  #:use-module (gnu packages tls)
  #:use-module (gnu services)
  #:use-module (gnu services shepherd)
  #:use-module (guix gexp)
  #:use-module (guix records)
  #:use-module (guix i18n)
  #:export (dkim-key-service-type dkim-key-configuration))
 (define-record-type* <dkim-key-configuration>
  dkim-key-configuration make-dkim-key-configuration
  dkim-key-configuration?
  (domain dkim-key-configuration-selector (default ""))
  (selector dkim-key-configuration-selector (default "dkim"))
  (directory dkim-key-configuration-directory (default "/etc/dkim"))
  (key-length dkim-key-configuration-key-length (default 1024)))
 (define (dkim-key-activation config)
  (match-record config <dkim-key-configuration>
    (domain directory selector key-length)
    #~(begin
      (use-modules (guix build utils))
      (mkdir-p #$directory)
      (let ((key-file (string-append #$directory "/" #$domain ".key"))
            (private (string-append #$domain "-" #$selector ".key")))
        (unless (file-exists? private)
          (with-directory-excursion #$directory
            (let ((openssl #$(file-append openssl "/bin/openssl"))
                  (public (string-append #$domain "-" #$selector ".pub")))
              (system* openssl "genrsa" "-out" private (number->string #$key-length))
              (chown private (passwd:uid (getpwnam "smtpd")) -1)
              (system* openssl "rsa" "-in" private "-pubout" "-out" public)
              (system* "sed" "-i"
                       "1s/.*/v=DKIM1;p=/;:nl;${s/-----.*//;q;};N;s/\\n//g;b nl;"
                       public))
            (display (format #f "Create a TXT record at ~a._domainkey.~a with the contents of ~a~%"
                             #$selector #$domain key-file))))
        (unless (equal? (false-if-exception (readlink current)) key-file)
          (delete-file key-file)
          (symlink private key-file))))))
 (define dkim-key-service-type
  (service-type (name 'dkim-key)
                (extensions
                  (list (service-extension activation-service-type dkim-key-activation)))
                (default-value (dkim-key-configuration))
                (description "Generate DKIM keys")))