kunsi-feature-rspamd-rotating-keys #3
8 changed files with 40 additions and 8 deletions
|
@ -1,4 +1,4 @@
|
|||
# TODO
|
||||
path = "/var/lib/rspamd/dkim/$selector.key";
|
||||
# selector = "${node.metadata['rspamd']['dkim']}";
|
||||
selector = "2019";
|
||||
allow_username_mismatch = true;
|
||||
|
|
|
@ -20,6 +20,11 @@ directories = {
|
|||
'svc_systemd:rspamd:restart',
|
||||
},
|
||||
},
|
||||
'/var/lib/rspamd/dkim': {
|
||||
'owner': '_rspamd',
|
||||
'group': '_rspamd',
|
||||
'mode': '0750',
|
||||
},
|
||||
}
|
||||
|
||||
svc_systemd = {
|
||||
|
@ -51,16 +56,40 @@ files = {
|
|||
},
|
||||
}
|
||||
|
||||
actions = {
|
||||
'rspamd_assure_dkim_key_permissions': {
|
||||
'command': 'chown _rspamd:_rspamd /var/lib/rspamd/dkim/*.key',
|
||||
'needs': {
|
||||
'directory:/var/lib/rspamd/dkim',
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
# TODO manage this using bundlewrap
|
||||
if node.metadata.get('rspamd', {}).get('dkim', False):
|
||||
if 'dkim' in node.metadata.get('rspamd', {}):
|
||||
for i in {'arc', 'dkim_signing'}:
|
||||
files[f'/etc/rspamd/local.d/{i}.conf'] = {
|
||||
'source': 'dkim.conf',
|
||||
'content_type': 'mako',
|
||||
'needs': {
|
||||
'action:rspamd_generate_dkim_key',
|
||||
},
|
||||
'triggers': {
|
||||
'svc_systemd:rspamd:restart',
|
||||
},
|
||||
}
|
||||
|
||||
actions['rspamd_generate_dkim_key'] = {
|
||||
'command': node.metadata['rspamd']['dkim'].format_into('cd /var/lib/rspamd/dkim && /usr/bin/rspamadm dkim_keygen -s "{0}" -b 2048 -k "{0}.key" > "{0}.txt"'),
|
||||
'unless': node.metadata['rspamd']['dkim'].format_into('test -f "/var/lib/rspamd/dkim/{0}.key"'),
|
||||
'needs': {
|
||||
'directory:/var/lib/rspamd/dkim',
|
||||
},
|
||||
'needed_by': {
|
||||
'action:rspamd_assure_dkim_key_permissions',
|
||||
},
|
||||
}
|
||||
|
||||
if 'password' in node.metadata.get('rspamd', {}):
|
||||
files['/etc/rspamd/local.d/worker-controller.inc'] = {
|
||||
'content_type': 'mako',
|
||||
|
|
|
@ -31,6 +31,9 @@ defaults = {
|
|||
},
|
||||
},
|
||||
},
|
||||
'rspamd': {
|
||||
'dkim': repo.vault.password_for(node.name + ' rspamd dkim key'),
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -39,3 +39,4 @@ _mta-sts IN TXT "v=STSv1;id=20201111;"
|
|||
_smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net"
|
||||
_token._dnswl IN TXT "gg3mbwjx9bbuo5osvh7oz6bc881wcmc"
|
||||
2019._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB"
|
||||
uO4aNejDvVdw8BKne3KJIqAvCQMJ0416._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDpoveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB"
|
||||
|
|
|
@ -32,6 +32,9 @@ _mta-sts IN TXT "v=STSv1;id=20201111;"
|
|||
_smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net"
|
||||
_token._dnswl IN TXT "6akc10htbgmg56e072w0w2n0wql4oezu"
|
||||
2019._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB"
|
||||
uO4aNejDvVdw8BKne3KJIqAvCQMJ0416._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDpoveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB"
|
||||
_smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net"
|
||||
|
||||
f2k1.de._report._dmarc IN TXT "v=DMARC1"
|
||||
franzi.business._report._dmarc IN TXT "v=DMARC1"
|
||||
kunsmann.eu._report._dmarc IN TXT "v=DMARC1"
|
||||
|
|
|
@ -35,3 +35,4 @@ _mta-sts IN TXT "v=STSv1;id=20201111;"
|
|||
_smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net"
|
||||
_token._dnswl IN TXT "5mx0rv9ru8s1zz4tf4xlt48osh09czmg"
|
||||
2019._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB"
|
||||
uO4aNejDvVdw8BKne3KJIqAvCQMJ0416._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDpoveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB"
|
||||
|
|
|
@ -16,3 +16,4 @@ _mta-sts IN TXT "v=STSv1;id=20201111;"
|
|||
_smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net"
|
||||
_token._dnswl IN TXT "5mx0rv9ru8s1zz4tf4xlt48osh09czmg"
|
||||
2019._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB"
|
||||
uO4aNejDvVdw8BKne3KJIqAvCQMJ0416._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDpoveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB"
|
||||
|
|
|
@ -58,11 +58,6 @@ nodes['htz.ex42-1048908'] = {
|
|||
'deb http://deb.debian.org/debian {os_release}-backports main',
|
||||
],
|
||||
},
|
||||
'rspamd': {
|
||||
'items': {
|
||||
'deb [arch=amd64] http://rspamd.com/apt-stable/ {os_release} main',
|
||||
},
|
||||
},
|
||||
'weechat': {
|
||||
'items': {
|
||||
'deb https://weechat.org/debian {os_release} main',
|
||||
|
@ -304,7 +299,6 @@ nodes['htz.ex42-1048908'] = {
|
|||
},
|
||||
},
|
||||
'rspamd': {
|
||||
'dkim': True,
|
||||
'ignore_spam_check_for_ips': {
|
||||
# entropia
|
||||
'188.40.158.213',
|
||||
|
|
Loading…
Reference in a new issue