From 4bd6ddece1481557349f7d8eecc017ae4fd4ea85 Mon Sep 17 00:00:00 2001
From: andromeda <andromeda@lenovo>
Date: Mon, 12 Jan 2026 13:30:25 +0100
Subject: declare dkim secrets

---
 modules/nixos/mailserver.nix | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

(limited to 'modules/nixos')

diff --git a/modules/nixos/mailserver.nix b/modules/nixos/mailserver.nix
index 9ee8b10..767b13f 100644
--- a/modules/nixos/mailserver.nix
+++ b/modules/nixos/mailserver.nix
@@ -2,10 +2,14 @@
   mailserver = {
     enable = true;
     stateVersion = 3;
+
+    # domain bs
     fqdn = "mail.${config.networking.domain}";
     domains = ["${config.networking.domain}"];
     x509.useACMEHost = config.mailserver.fqdn;
+
     loginAccounts = {
+      # test acc
       "test@${config.networking.domain}" = {
         hashedPasswordFile = builtins.toString config.age.secrets.mailserver-acc-test-pw.path;
       };
@@ -15,6 +19,13 @@
       };
     };
   };
+
+  # put dkim key into /etc for declarability
+  mailserver.dkimKeyDirectory = "/etc/dkim";
+  environment.etc."dkim/${config.networking.domain}.${config.mailserver.dkimSelector}.key".source =
+    config.age.secrets."dkim-${config.networking.domain}.${config.mailserver.dkimSelector}.key".path;
+
+  # does acme for me
   services.nginx = {
     enable = true;
     virtualHosts = {
@@ -28,9 +39,12 @@
     acceptTerms = true;
     defaults.email = "mtgmonket@gmail.com";
   };
+
+  # persist directories per the backup guidelines
   environment.persistence."/persist" = {
     directories = [
-      "/var/dkim"
+      # not needed bc the dkim dir is declared
+      # "/var/dkim"
       "/var/vmail"
       "/var/lib/redis-rspamd"
       "/var/lib/acme"
-- 
cgit v1.3