(define-module (services dkim-key) #:use-module (gnu packages base) #:use-module (gnu packages tls) #:use-module (gnu services) #:use-module (gnu services shepherd) #:use-module (guix gexp) #:use-module (guix records) #:use-module (guix i18n) #:export (dkim-key-service-type dkim-key-configuration)) (define-record-type* dkim-key-configuration make-dkim-key-configuration dkim-key-configuration? (directory dkim-key-configuration-directory (default "/etc/dkim")) (owner dkim-key-configuration-owner (default "smtpd")) (domain dkim-key-configuration-selector (default "")) (selector dkim-key-configuration-selector (default "dkim")) (key-length dkim-key-configuration-key-length (default 1024))) (define (dkim-key-activation config) (match-record config (directory owner domain selector key-length) #~(begin (use-modules (guix build utils)) (mkdir-p #$directory) (let ((key-file (string-append #$directory "/" #$domain ".key")) (private (string-append #$domain "-" #$selector ".key")) (public (string-append #$domain "-" #$selector ".pub"))) (with-directory-excursion #$directory (unless (file-exists? private) (let ((openssl #$(file-append openssl "/bin/openssl")) (sed #$(file-append sed "/bin/sed"))) (system* openssl "genrsa" "-out" private (number->string #$key-length)) (chown private (passwd:uid (getpwnam #$owner)) -1) (system* openssl "rsa" "-in" private "-pubout" "-out" public) (system* sed "-i" "1s/.*/v=DKIM1;p=/;:nl;${s/-----.*//;q;};N;s/\\n//g;b nl;" public))) (display (format #f "Create a TXT record at ~a._domainkey.~a with the contents of ~a/~a~%" #$selector #$domain #$directory public))) (unless (equal? (false-if-exception (readlink key-file)) private) (false-if-exception (delete-file key-file)) (symlink private key-file)))))) (define dkim-key-service-type (service-type (name 'dkim-key) (extensions (list (service-extension activation-service-type dkim-key-activation))) (default-value (dkim-key-configuration)) (description "Generate DKIM keys")))