From 87d8e157054e82dd4f7164d4bc353c56aeee66cd Mon Sep 17 00:00:00 2001
From: Yureka <yuka@yuka.dev>
Date: Fri, 19 Jul 2024 18:14:30 +0200
Subject: [PATCH] allow specifying extra domains for dkim signing

---
 default.nix              |  7 +++++++
 mail-server/opendkim.nix | 11 +++++++----
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/default.nix b/default.nix
index edc9294..56b3d4d 100644
--- a/default.nix
+++ b/default.nix
@@ -44,6 +44,13 @@ in
       description = "The domains that this mail server serves.";
     };
 
+    dkimDomains = mkOption {
+      type = types.listOf types.str;
+      example = [ "example.com" ];
+      default = [];
+      description = "The domains that this mail server serves.";
+    };
+
     certificateDomains = mkOption {
       type = types.listOf types.str;
       example = [ "imap.example.com" "pop3.example.com" ];
diff --git a/mail-server/opendkim.nix b/mail-server/opendkim.nix
index cdb283c..d42c814 100644
--- a/mail-server/opendkim.nix
+++ b/mail-server/opendkim.nix
@@ -41,24 +41,27 @@ let
               echo "Generated key for domain ${dom} selector ${cfg.dkimSelector}"
           fi
         '';
-  createAllCerts = lib.concatStringsSep "\n" (map createDomainDkimCert cfg.domains);
+  createAllCerts = lib.concatStringsSep "\n" (map createDomainDkimCert cfg.dkimDomains);
 
   keyTable = pkgs.writeText "opendkim-KeyTable"
-    (lib.concatStringsSep "\n" (lib.flip map cfg.domains
+    (lib.concatStringsSep "\n" (lib.flip map cfg.dkimDomains
       (dom: "${dom} ${dom}:${cfg.dkimSelector}:${cfg.dkimKeyDirectory}/${dom}.${cfg.dkimSelector}.key")));
   signingTable = pkgs.writeText "opendkim-SigningTable"
-    (lib.concatStringsSep "\n" (lib.flip map cfg.domains (dom: "${dom} ${dom}")));
+    (lib.concatStringsSep "\n" (lib.flip map cfg.dkimDomains (dom: "${dom} ${dom}")));
 
   dkim = config.services.opendkim;
   args = [ "-f" "-l" ] ++ lib.optionals (dkim.configFile != null) [ "-x" dkim.configFile ];
 in
 {
     config = mkIf (cfg.dkimSigning && cfg.enable) {
+
+      mailserver.dkimDomains = config.mailserver.domains;
+
       services.opendkim = {
         enable = true;
         selector = cfg.dkimSelector;
         keyPath = cfg.dkimKeyDirectory;
-        domains = "csl:${builtins.concatStringsSep "," cfg.domains}";
+        domains = "csl:${builtins.concatStringsSep "," cfg.dkimDomains}";
         configFile = pkgs.writeText "opendkim.conf" (''
           Canonicalization ${cfg.dkimHeaderCanonicalization}/${cfg.dkimBodyCanonicalization}
           UMask 0002