diff options
author | Vivien Kraus <vivien@planete-kraus.eu> | 2024-01-09 12:16:46 +0100 |
---|---|---|
committer | Vivien Kraus <vivien@planete-kraus.eu> | 2024-01-09 12:16:46 +0100 |
commit | ebd008e7da6d622eab758fbed290b7430573e6ec (patch) | |
tree | ed87841bc82daa9e0c938284b8ebf63d9275ffad | |
parent | 52efbbb4fb92c442ceed9196a31b667c8dacbe02 (diff) |
Update README for the email-key-rotation-service-type
-rw-r--r-- | README.org | 26 |
1 files changed, 26 insertions, 0 deletions
@@ -74,6 +74,32 @@ configuration object with =sxml->configuration= in the port to read XML from. It defaults to the Guile current input port. +* Use the Guix =email-key-rotation-service-type= +The =guix= sub-directory of this repository holds the code to use +email-key-rotation as a Guix service. In order to instantiate the +=email-key-rotation-service-type=, you need a +=<email-key-rotation-configuration>= object, that you can create with +=make-email-key-rotation-configuration=. + +This function accepts one required argument, the name of the file +where the rotation state will be written. It also accepts more +optional keyword arguments: +- =selectors=: a list af strings, they are selectors that will be used + in turn to refer to DKIM keys; +- =opensmtpd-conf=: the name of a private opensmtpd configuration file + where SRS secrets are written; +- =selector-file=: the name of the file where the current DKIM + selector will be written; +- =key-file=: the name of the file where the current DKIM private key + will be written; +- =gandi-key-file=: the name of the file where your Gandi API key is + written; +- =gandi-domain=: your domain name on Gandi LiveDNS; +- =services-to-restart=: a list of strings, the Shepherd services that + need to be restarted when the keys are rotated. For instance, your + opensmtpd service, because the SRS secrets have changed, and your + DKIM proxy, because it must change its key and selector. + * About the code The code requires =guile-json=, and at run-time, the =openssl= binary. |