-- Copyright (c) 2022 Jakub Czajka <jakub@ekhem.eu.org>
-- License: 0BSD.
+CREATE TABLE IF NOT EXISTS dkim_keys (
+ name VARCHAR(64) PRIMARY KEY,
+ path VARCHAR(128) NOT NULL
+);
+
CREATE TABLE IF NOT EXISTS users (
username VARCHAR(128) PRIMARY KEY,
domain VARCHAR(128) NOT NULL,
password VARCHAR(64) NOT NULL,
+ dkim_key VARCHAR(64) REFERENCES dkim_keys (name),
active CHAR(1) DEFAULT 'Y' NOT NULL
);
+CREATE OR REPLACE VIEW users_dkim_keys (key, username, domain, selector, path)
+ AS SELECT CONCAT(name, '._domainkey.', domain),
+ CONCAT(username, '@', domain),
+ domain,
+ name,
+ path
+ FROM users INNER JOIN dkim_keys
+ ON dkim_key = name;
+
DO $$
BEGIN
IF NOT EXISTS (SELECT * FROM pg_user WHERE usename = 'dovecot')
ON DATABASE %I
TO dovecot', current_database());
END IF;
+
+ IF NOT EXISTS (SELECT * FROM pg_user WHERE usename = 'dkim')
+ THEN
+ CREATE ROLE dkim LOGIN;
+
+ GRANT SELECT
+ ON TABLE users_dkim_keys
+ TO dkim;
+
+ /* Execute for the current database. */
+ EXECUTE FORMAT('GRANT CONNECT
+ ON DATABASE %I
+ TO dkim', current_database());
+ END IF;
END$$;
DROP ROLE dovecot;
END IF;
+
+ IF EXISTS (SELECT * FROM pg_user WHERE usename = 'dkim')
+ THEN
+ REVOKE SELECT
+ ON TABLE users_dkim_keys
+ FROM dkim;
+
+ EXECUTE
+ FORMAT('REVOKE CONNECT
+ ON DATABASE %I
+ FROM dkim;', current_database());
+
+ DROP ROLE dkim;
+ END IF;
END$$;
+DROP VIEW IF EXISTS users_dkim_keys;
+
DROP TABLE IF EXISTS users;
+DROP TABLE IF EXISTS dkim_keys;
# by the package dns-root-data.
TrustAnchorFile /usr/share/dns/root.key
#Nameservers 127.0.0.1
+
+# Connect to postgres on localhost:5432 as dkim.
+KeyTable dsn:pgsql://dkim@5432+localhost/mail_db/table=users_dkim_keys?keycol=key?datacol=domain,selector,path
+SigningTable dsn:pgsql://dkim@5432+localhost/mail_db/table=users_dkim_keys?keycol=username?datacol=key
projects / server.git / commitdiff