services/dkim-key: do not overwrite existing keys

Also do not suggest publishing the private key.

services/dkim-key.scm

@@ -23,19 +23,19 @@
       (mkdir-p #$directory)
 
       (let ((key-file (string-append #$directory "/" #$domain ".key"))
-            (private (string-append #$domain "-" #$selector ".key")))
+            (private (string-append #$domain "-" #$selector ".key"))
-        (unless (file-exists? private)
+            (public (string-append #$domain "-" #$selector ".pub")))
-          (with-directory-excursion #$directory
+        (with-directory-excursion #$directory
-            (let ((openssl #$(file-append openssl "/bin/openssl"))
+          (unless (file-exists? private)
-                  (public (string-append #$domain "-" #$selector ".pub")))
+            (let ((openssl #$(file-append openssl "/bin/openssl")))
               (system* openssl "genrsa" "-out" private (number->string #$key-length))
               (chown private (passwd:uid (getpwnam "smtpd")) -1)
               (system* openssl "rsa" "-in" private "-pubout" "-out" public)
               (system* "sed" "-i"
                        "1s/.*/v=DKIM1;p=/;:nl;${s/-----.*//;q;};N;s/\\n//g;b nl;"
-                       public))
+                       public)))
-            (display (format #f "Create a TXT record at ~a._domainkey.~a with the contents of ~a~%"
+          (display (format #f "Create a TXT record at ~a._domainkey.~a with the contents of ~a/~a~%"
-                             #$selector #$domain key-file))))
+                           #$selector #$domain #$directory public)))
         (unless (equal? (false-if-exception (readlink current)) key-file)
           (delete-file key-file)
           (symlink private key-file))))))