bundles/rspamd: refine auto-generation of dkim signing keys

This commit is contained in:
Franzi 2020-11-08 13:35:43 +01:00
parent 56f1b1a6c6
commit cff0870e63
Signed by: kunsi
GPG key ID: 12E3D2136B818350
2 changed files with 24 additions and 6 deletions

View file

@ -1,4 +1,4 @@
# TODO
path = "/var/lib/rspamd/dkim/$selector.key"; path = "/var/lib/rspamd/dkim/$selector.key";
# selector = "${node.metadata['rspamd']['dkim']}";
selector = "2019"; selector = "2019";
allow_username_mismatch = true; allow_username_mismatch = true;

View file

@ -20,6 +20,11 @@ directories = {
'svc_systemd:rspamd:restart', 'svc_systemd:rspamd:restart',
}, },
}, },
'/var/lib/rspamd/dkim': {
'owner': '_rspamd',
'group': '_rspamd',
'mode': '0750',
},
} }
svc_systemd = { svc_systemd = {
@ -51,8 +56,17 @@ files = {
}, },
} }
actions = {
'rspamd_assure_dkim_key_permissions': {
'command': 'chown _rspamd:_rspamd /var/lib/rspamd/dkim/*.key',
'needs': {
'directory:/var/lib/rspamd/dkim',
},
},
}
# TODO manage this using bundlewrap # TODO manage this using bundlewrap
if node.metadata.get('rspamd', {}).get('dkim', False): if 'dkim' in node.metadata.get('rspamd', {}):
for i in {'arc', 'dkim_signing'}: for i in {'arc', 'dkim_signing'}:
files[f'/etc/rspamd/local.d/{i}.conf'] = { files[f'/etc/rspamd/local.d/{i}.conf'] = {
'source': 'dkim.conf', 'source': 'dkim.conf',
@ -65,10 +79,14 @@ if node.metadata.get('rspamd', {}).get('dkim', False):
}, },
} }
actions = { actions['rspamd_generate_dkim_key'] = {
'rspamd_generate_dkim_key': {
'command': node.metadata['rspamd']['dkim'].format_into('cd /var/lib/rspamd/dkim && /usr/bin/rspamadm dkim_keygen -s "{fault}" -b 2048 -k "{fault}.key" > "{fault}.txt"'), 'command': node.metadata['rspamd']['dkim'].format_into('cd /var/lib/rspamd/dkim && /usr/bin/rspamadm dkim_keygen -s "{fault}" -b 2048 -k "{fault}.key" > "{fault}.txt"'),
'unless': node.metadata['rspamd']['dkim'].format_into('test -f "/var/lib/rspamd/dkim/{fault}.key"'), 'unless': node.metadata['rspamd']['dkim'].format_into('test -f "/var/lib/rspamd/dkim/{fault}.key"'),
'needs': {
'directory:/var/lib/rspamd/dkim',
},
'needed_by': {
'action:rspamd_assure_dkim_key_permissions',
}, },
} }