(define-module (services dkim-key) #:use-module (gnu packages tls) #:use-module (gnu services) #:use-module (gnu services shepherd) #:use-module (guix gexp) #:use-module (guix records) #:use-module (guix i18n) #:export (dkim-key-service-type dkim-key-configuration)) (define-record-type* dkim-key-configuration make-dkim-key-configuration dkim-key-configuration? (domain dkim-key-configuration-selector (default "")) (selector dkim-key-configuration-selector (default "dkim")) (directory dkim-key-configuration-directory (default "/etc/dkim")) (key-length dkim-key-configuration-key-length (default 1024))) (define (dkim-key-activation config) (match-record config (domain directory selector key-length) #~(begin (use-modules (guix build utils)) (mkdir-p #$directory) (let ((key-file (string-append #$directory "/" #$domain ".key")) (private (string-append #$domain "-" #$selector ".key"))) (unless (file-exists? private) (with-directory-excursion #$directory (let ((openssl #$(file-append openssl "/bin/openssl")) (public (string-append #$domain "-" #$selector ".pub"))) (system* openssl "genrsa" "-out" private (number->string #$key-length)) (chown private (passwd:uid (getpwnam "smtpd")) -1) (system* openssl "rsa" "-in" private "-pubout" "-out" public) (system* "sed" "-i" "1s/.*/v=DKIM1;p=/;:nl;${s/-----.*//;q;};N;s/\\n//g;b nl;" public)) (display (format #f "Create a TXT record at ~a._domainkey.~a with the contents of ~a~%" #$selector #$domain key-file)))) (unless (equal? (false-if-exception (readlink current)) key-file) (delete-file key-file) (symlink private key-file)))))) (define dkim-key-service-type (service-type (name 'dkim-key) (extensions (list (service-extension activation-service-type dkim-key-activation))) (default-value (dkim-key-configuration)) (description "Generate DKIM keys")))