kunsi-feature-rspamd-rotating-keys #3
2 changed files with 24 additions and 6 deletions
|
@ -1,4 +1,4 @@
|
||||||
# TODO
|
|
||||||
path = "/var/lib/rspamd/dkim/$selector.key";
|
path = "/var/lib/rspamd/dkim/$selector.key";
|
||||||
|
# selector = "${node.metadata['rspamd']['dkim']}";
|
||||||
selector = "2019";
|
selector = "2019";
|
||||||
allow_username_mismatch = true;
|
allow_username_mismatch = true;
|
||||||
|
|
|
@ -20,6 +20,11 @@ directories = {
|
||||||
'svc_systemd:rspamd:restart',
|
'svc_systemd:rspamd:restart',
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
'/var/lib/rspamd/dkim': {
|
||||||
|
'owner': '_rspamd',
|
||||||
|
'group': '_rspamd',
|
||||||
|
'mode': '0750',
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
svc_systemd = {
|
svc_systemd = {
|
||||||
|
@ -51,8 +56,17 @@ files = {
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
actions = {
|
||||||
|
'rspamd_assure_dkim_key_permissions': {
|
||||||
|
'command': 'chown _rspamd:_rspamd /var/lib/rspamd/dkim/*.key',
|
||||||
|
'needs': {
|
||||||
|
'directory:/var/lib/rspamd/dkim',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
# TODO manage this using bundlewrap
|
# TODO manage this using bundlewrap
|
||||||
if node.metadata.get('rspamd', {}).get('dkim', False):
|
if 'dkim' in node.metadata.get('rspamd', {}):
|
||||||
for i in {'arc', 'dkim_signing'}:
|
for i in {'arc', 'dkim_signing'}:
|
||||||
files[f'/etc/rspamd/local.d/{i}.conf'] = {
|
files[f'/etc/rspamd/local.d/{i}.conf'] = {
|
||||||
'source': 'dkim.conf',
|
'source': 'dkim.conf',
|
||||||
|
@ -65,10 +79,14 @@ if node.metadata.get('rspamd', {}).get('dkim', False):
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
actions = {
|
actions['rspamd_generate_dkim_key'] = {
|
||||||
'rspamd_generate_dkim_key': {
|
|
||||||
'command': node.metadata['rspamd']['dkim'].format_into('cd /var/lib/rspamd/dkim && /usr/bin/rspamadm dkim_keygen -s "{fault}" -b 2048 -k "{fault}.key" > "{fault}.txt"'),
|
'command': node.metadata['rspamd']['dkim'].format_into('cd /var/lib/rspamd/dkim && /usr/bin/rspamadm dkim_keygen -s "{fault}" -b 2048 -k "{fault}.key" > "{fault}.txt"'),
|
||||||
'unless': node.metadata['rspamd']['dkim'].format_into('test -f "/var/lib/rspamd/dkim/{fault}.key"'),
|
'unless': node.metadata['rspamd']['dkim'].format_into('test -f "/var/lib/rspamd/dkim/{fault}.key"'),
|
||||||
|
'needs': {
|
||||||
|
'directory:/var/lib/rspamd/dkim',
|
||||||
|
},
|
||||||
|
'needed_by': {
|
||||||
|
'action:rspamd_assure_dkim_key_permissions',
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue