From 4144ffc68e511eaccd9bd441e02fcb4d1725d92c Mon Sep 17 00:00:00 2001
From: Jakub Czajka <jakub@ekhem.eu.org>
Date: Sun, 15 Oct 2023 18:05:02 +0200
Subject: [PATCH] Obtain opendkim keys.

---
 server/opendkim.yaml | 14 ++++++++++++++
 sources.yaml         |  5 +++++
 2 files changed, 19 insertions(+)

diff --git a/server/opendkim.yaml b/server/opendkim.yaml
index f4ee1d6..f70e8eb 100644
--- a/server/opendkim.yaml
+++ b/server/opendkim.yaml
@@ -25,6 +25,20 @@
     dest: "/etc/default"
     remote_src: true
   become: true
+- name: Ensure correct permissions for opendkim files
+  file:
+    path: "/etc/opendkim/keys/{{ item.domain }}/{{ item.name }}"
+    mode: "0500"
+  become: true
+  with_items:
+    - domain: "dobity.eu.org"
+      name: "dobity.private"
+    - domain: "dobity.eu.org"
+      name: "dobity.txt"
+    - domain: "ekhem.eu.org"
+      name: "ekhem.txt"
+    - domain: "ekhem.eu.org"
+      name: "ekhem.txt"
 - name: Restart opendkim
   service:
     name: opendkim
diff --git a/sources.yaml b/sources.yaml
index 938a950..f4a530e 100644
--- a/sources.yaml
+++ b/sources.yaml
@@ -44,6 +44,11 @@ files:
     dest: "/srv/git"
     owner: "git"
     group: "www-data"
+  - name: "opendkim"
+    uid: "1Pwq9RLCr_P53H3c6_ZzxOwRZk1925sfR"
+    dest: "/etc"
+    owner: "opendkim"
+    group: "opendkim"
   - name: "password_store.git"
     uid: "1ZWu643FJBuMF3ypj5VUsLin8rF7WWhmp"
     dest: "/srv/git"
-- 
2.39.5