diff --git a/bundles/rspamd/items.py b/bundles/rspamd/items.py index b8ceaeb..cb24f3b 100644 --- a/bundles/rspamd/items.py +++ b/bundles/rspamd/items.py @@ -56,11 +56,22 @@ if node.metadata.get('rspamd', {}).get('dkim', False): for i in {'arc', 'dkim_signing'}: files[f'/etc/rspamd/local.d/{i}.conf'] = { 'source': 'dkim.conf', + 'content_type': 'mako', + 'needs': { + 'action:rspamd_generate_dkim_key', + }, 'triggers': { 'svc_systemd:rspamd:restart', }, } + actions = { + 'rspamd_generate_dkim_key': { + 'command': node.metadata['rspamd']['dkim'].format_into('cd /var/lib/rspamd/dkim && /usr/bin/rspamadm dkim_keygen -s "{fault}" -b 2048 -k "{fault}.key" > "{fault}.txt"'), + 'unless': node.metadata['rspamd']['dkim'].format_into('test -f "/var/lib/rspamd/dkim/{fault}.key"'), + }, + } + if 'password' in node.metadata.get('rspamd', {}): files['/etc/rspamd/local.d/worker-controller.inc'] = { 'content_type': 'mako', diff --git a/bundles/rspamd/metadata.py b/bundles/rspamd/metadata.py index b2ce5cf..10206f8 100644 --- a/bundles/rspamd/metadata.py +++ b/bundles/rspamd/metadata.py @@ -31,6 +31,9 @@ defaults = { }, }, }, + 'rspamd': { + 'dkim': repo.vault.password_for(node.name + ' rspamd dkim key'), + }, } diff --git a/nodes/htz/ex42-1048908.py b/nodes/htz/ex42-1048908.py index 39cddbc..e986ca8 100644 --- a/nodes/htz/ex42-1048908.py +++ b/nodes/htz/ex42-1048908.py @@ -58,11 +58,6 @@ nodes['htz.ex42-1048908'] = { 'deb http://deb.debian.org/debian {os_release}-backports main', ], }, - 'rspamd': { - 'items': { - 'deb [arch=amd64] http://rspamd.com/apt-stable/ {os_release} main', - }, - }, 'weechat': { 'items': { 'deb https://weechat.org/debian {os_release} main', @@ -304,7 +299,6 @@ nodes['htz.ex42-1048908'] = { }, }, 'rspamd': { - 'dkim': True, 'ignore_spam_check_for_ips': { # entropia '188.40.158.213',