kunsi-feature-rspamd-rotating-keys #3

Merged
kunsi merged 4 commits from kunsi-feature-rspamd-rotating-keys into main 2020-11-13 12:13:00 +00:00
2 changed files with 24 additions and 6 deletions
Showing only changes of commit cff0870e63 - Show all commits

View file

@ -1,4 +1,4 @@
# TODO
path = "/var/lib/rspamd/dkim/$selector.key";
# selector = "${node.metadata['rspamd']['dkim']}";
selector = "2019";
allow_username_mismatch = true;

View file

@ -20,6 +20,11 @@ directories = {
'svc_systemd:rspamd:restart',
},
},
'/var/lib/rspamd/dkim': {
'owner': '_rspamd',
'group': '_rspamd',
'mode': '0750',
},
}
svc_systemd = {
@ -51,8 +56,17 @@ files = {
},
}
actions = {
'rspamd_assure_dkim_key_permissions': {
'command': 'chown _rspamd:_rspamd /var/lib/rspamd/dkim/*.key',
'needs': {
'directory:/var/lib/rspamd/dkim',
},
},
}
# TODO manage this using bundlewrap
if node.metadata.get('rspamd', {}).get('dkim', False):
if 'dkim' in node.metadata.get('rspamd', {}):
for i in {'arc', 'dkim_signing'}:
files[f'/etc/rspamd/local.d/{i}.conf'] = {
'source': 'dkim.conf',
@ -65,10 +79,14 @@ if node.metadata.get('rspamd', {}).get('dkim', False):
},
}
actions = {
'rspamd_generate_dkim_key': {
'command': node.metadata['rspamd']['dkim'].format_into('cd /var/lib/rspamd/dkim && /usr/bin/rspamadm dkim_keygen -s "{fault}" -b 2048 -k "{fault}.key" > "{fault}.txt"'),
'unless': node.metadata['rspamd']['dkim'].format_into('test -f "/var/lib/rspamd/dkim/{fault}.key"'),
actions['rspamd_generate_dkim_key'] = {
'command': node.metadata['rspamd']['dkim'].format_into('cd /var/lib/rspamd/dkim && /usr/bin/rspamadm dkim_keygen -s "{fault}" -b 2048 -k "{fault}.key" > "{fault}.txt"'),
'unless': node.metadata['rspamd']['dkim'].format_into('test -f "/var/lib/rspamd/dkim/{fault}.key"'),
'needs': {
'directory:/var/lib/rspamd/dkim',
},
'needed_by': {
'action:rspamd_assure_dkim_key_permissions',
},
}