Update README for the email-key-rotation-service-type

1 files changed, 26 insertions, 0 deletions

diff --git a/README.org b/README.org
index 98501b3..f8f2d20 100644
--- a/README.org
+++ b/README.org
@@ -74,6 +74,32 @@ configuration object with =sxml->configuration= in
 the port to read XML from. It defaults to the Guile current input
 port.
 
+* Use the Guix =email-key-rotation-service-type=
+The =guix= sub-directory of this repository holds the code to use
+email-key-rotation as a Guix service. In order to instantiate the
+=email-key-rotation-service-type=, you need a
+=<email-key-rotation-configuration>= object, that you can create with
+=make-email-key-rotation-configuration=.
+
+This function accepts one required argument, the name of the file
+where the rotation state will be written. It also accepts more
+optional keyword arguments:
+- =selectors=: a list af strings, they are selectors that will be used
+  in turn to refer to DKIM keys;
+- =opensmtpd-conf=: the name of a private opensmtpd configuration file
+  where SRS secrets are written;
+- =selector-file=: the name of the file where the current DKIM
+  selector will be written;
+- =key-file=: the name of the file where the current DKIM private key
+  will be written;
+- =gandi-key-file=: the name of the file where your Gandi API key is
+  written;
+- =gandi-domain=: your domain name on Gandi LiveDNS;
+- =services-to-restart=: a list of strings, the Shepherd services that
+  need to be restarted when the keys are rotated. For instance, your
+  opensmtpd service, because the SRS secrets have changed, and your
+  DKIM proxy, because it must change its key and selector.
+
 * About the code
 The code requires =guile-json=, and at run-time, the =openssl= binary.