From 8de3f4f0eb6f52ebc3ad09fe0082f2bfea96e6d8 Mon Sep 17 00:00:00 2001
From: mwiegand <mwiegand@seibert-media.net>
Date: Wed, 16 Jun 2021 19:17:12 +0200
Subject: [PATCH] wip

---
 bundles/opendkim/files/opendkim.conf |  7 ++++---
 bundles/opendkim/items.py            | 17 +++++++++++++----
 bundles/postfix/files/main.cf        |  4 ++--
 nodes/htz.mails.py                   | 17 +++++++++--------
 4 files changed, 28 insertions(+), 17 deletions(-)

diff --git a/bundles/opendkim/files/opendkim.conf b/bundles/opendkim/files/opendkim.conf
index ad5d0d5..6f2ef79 100644
--- a/bundles/opendkim/files/opendkim.conf
+++ b/bundles/opendkim/files/opendkim.conf
@@ -4,11 +4,12 @@ Canonicalization        relaxed/simple
 KeyTable                refile:/etc/opendkim/key_table
 SigningTable            refile:/etc/opendkim/signing_table
 
-UMask                   002
+UMask                   007
 UserID                  opendkim:opendkim
-PidFile                 /var/run/opendkim/opendkim.pid
-Socket                  local:/var/run/opendkim/opendkim.sock
+PidFile                 /run/opendkim/opendkim.pid
+Socket                  inet:8891@localhost
 
 Syslog                  yes
 SyslogSuccess           Yes
+SyslogFacility          mail
 LogWhy                  Yes
diff --git a/bundles/opendkim/items.py b/bundles/opendkim/items.py
index 0c27933..792f7da 100644
--- a/bundles/opendkim/items.py
+++ b/bundles/opendkim/items.py
@@ -48,16 +48,25 @@ files = {
 for domain in node.metadata.get('opendkim/domains'):
     directories[f'/etc/opendkim/keys/{domain}'] = {
         **file_attributes,
+        'purge': True,
+    }
+    files[f'/etc/opendkim/keys/{domain}/mail.private'] = {
+        **file_attributes,
+        'content_type': 'any',
+    }
+    files[f'/etc/opendkim/keys/{domain}/mail.txt'] = {
+        **file_attributes,
+        'content_type': 'any',
     }
-    
     actions[f'generate_{domain}_dkim_key'] = {
         'command': (
-            'sudo --user opendkim'
-            ' opendkim-genkey'
+            f'sudo --user opendkim'
+            f' opendkim-genkey'
+            f' --selector=mail'
             f' --directory=/etc/opendkim/keys/{domain}'
             f' --domain={domain}'
         ),
-        'unless': f'test -f /etc/opendkim/keys/{domain}/default.private',
+        'unless': f'test -f /etc/opendkim/keys/{domain}/mail.private',
         'needs': [
             'svc_systemd:opendkim',
             f'directory:/etc/opendkim/keys/{domain}',
diff --git a/bundles/postfix/files/main.cf b/bundles/postfix/files/main.cf
index 4163172..4c9d747 100644
--- a/bundles/postfix/files/main.cf
+++ b/bundles/postfix/files/main.cf
@@ -45,5 +45,5 @@ mua_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_inva
 # opendkim
 milter_protocol = 2
 milter_default_action = accept
-smtpd_milters = local:/var/run/opendkim/opendkim.sock
-non_smtpd_milters = local:/var/run/opendkim/opendkim.sock
+smtpd_milters = inet:localhost:8891
+non_smtpd_milters = inet:localhost:8891
diff --git a/nodes/htz.mails.py b/nodes/htz.mails.py
index ffa950e..ef744d9 100644
--- a/nodes/htz.mails.py
+++ b/nodes/htz.mails.py
@@ -12,14 +12,15 @@
     'metadata': {
         'opendkim': {
             'domains': [
-                "sublimity.de", 
-                "freibrief.net",
-                "nadenau.net",
-                "naeder.net",
-                "rolfwerner.eu",
-                "wettengl.net",
-                "wingl.de",
-                "woodpipe.de",
+                'mail2.sublimity.de',
+                # 'sublimity.de',
+                # 'freibrief.net',
+                # 'nadenau.net',
+                # 'naeder.net',
+                # 'rolfwerner.eu',
+                # 'wettengl.net',
+                # 'wingl.de',
+                # 'woodpipe.de',
             ],
         },
         'interfaces': {