kunsi-feature-rspamd-rotating-keys #3
2 changed files with 24 additions and 6 deletions
|
@ -1,4 +1,4 @@
|
|||
# TODO
|
||||
path = "/var/lib/rspamd/dkim/$selector.key";
|
||||
# selector = "${node.metadata['rspamd']['dkim']}";
|
||||
selector = "2019";
|
||||
allow_username_mismatch = true;
|
||||
|
|
|
@ -20,6 +20,11 @@ directories = {
|
|||
'svc_systemd:rspamd:restart',
|
||||
},
|
||||
},
|
||||
'/var/lib/rspamd/dkim': {
|
||||
'owner': '_rspamd',
|
||||
'group': '_rspamd',
|
||||
'mode': '0750',
|
||||
},
|
||||
}
|
||||
|
||||
svc_systemd = {
|
||||
|
@ -51,8 +56,17 @@ files = {
|
|||
},
|
||||
}
|
||||
|
||||
actions = {
|
||||
'rspamd_assure_dkim_key_permissions': {
|
||||
'command': 'chown _rspamd:_rspamd /var/lib/rspamd/dkim/*.key',
|
||||
'needs': {
|
||||
'directory:/var/lib/rspamd/dkim',
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
# TODO manage this using bundlewrap
|
||||
if node.metadata.get('rspamd', {}).get('dkim', False):
|
||||
if 'dkim' in node.metadata.get('rspamd', {}):
|
||||
for i in {'arc', 'dkim_signing'}:
|
||||
files[f'/etc/rspamd/local.d/{i}.conf'] = {
|
||||
'source': 'dkim.conf',
|
||||
|
@ -65,10 +79,14 @@ if node.metadata.get('rspamd', {}).get('dkim', False):
|
|||
},
|
||||
}
|
||||
|
||||
actions = {
|
||||
'rspamd_generate_dkim_key': {
|
||||
'command': node.metadata['rspamd']['dkim'].format_into('cd /var/lib/rspamd/dkim && /usr/bin/rspamadm dkim_keygen -s "{fault}" -b 2048 -k "{fault}.key" > "{fault}.txt"'),
|
||||
'unless': node.metadata['rspamd']['dkim'].format_into('test -f "/var/lib/rspamd/dkim/{fault}.key"'),
|
||||
actions['rspamd_generate_dkim_key'] = {
|
||||
'command': node.metadata['rspamd']['dkim'].format_into('cd /var/lib/rspamd/dkim && /usr/bin/rspamadm dkim_keygen -s "{fault}" -b 2048 -k "{fault}.key" > "{fault}.txt"'),
|
||||
'unless': node.metadata['rspamd']['dkim'].format_into('test -f "/var/lib/rspamd/dkim/{fault}.key"'),
|
||||
'needs': {
|
||||
'directory:/var/lib/rspamd/dkim',
|
||||
},
|
||||
'needed_by': {
|
||||
'action:rspamd_assure_dkim_key_permissions',
|
||||
},
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue