diff options
| author | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2025-03-21 12:26:14 +0100 |
|---|---|---|
| committer | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2025-03-29 15:13:15 +0100 |
| commit | 5c28c5d242c60c0fdceffa88a33c65d540e1c8b7 (patch) | |
| tree | a65b4547f7cc73f08e947d209b929452a3e7b2f5 /hosts/by-name/server2/secrets/dkim/gen_key.sh | |
| parent | tests/email-dns/secrets: Re-key secrets, so that soispha and sils can read them (diff) | |
| download | nixos-server-5c28c5d242c60c0fdceffa88a33c65d540e1c8b7.zip | |
hosts/server2: Setup stalwalt-mail on mail.vhack.eu for soispha@vhack.eu
We need to actually test stalwart out in the real world, because the test can never actually capture all the weird things people do with their mail setup. Refs: #6ea08aa
Diffstat (limited to 'hosts/by-name/server2/secrets/dkim/gen_key.sh')
| -rwxr-xr-x | hosts/by-name/server2/secrets/dkim/gen_key.sh | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/hosts/by-name/server2/secrets/dkim/gen_key.sh b/hosts/by-name/server2/secrets/dkim/gen_key.sh new file mode 100755 index 0000000..61da156 --- /dev/null +++ b/hosts/by-name/server2/secrets/dkim/gen_key.sh @@ -0,0 +1,33 @@ +#! /usr/bin/env nix-shell +#! nix-shell -p rage -p openssl -p bash -i bash --impure + +# shellcheck shell=bash + +cd "$(dirname "$0")" || { + echo "No basedir?!" + exit 1 +} + +key_name="$1" +[ -z "$key_name" ] && { + echo "Usage: $0 KEY_NAME IDENTITY" + exit 2 +} + +openssl genpkey \ + -algorithm ed25519 \ + -out - | + tee >(openssl pkey \ + -pubout \ + -out - | + openssl asn1parse \ + -offset 12 \ + -noout \ + -out - | + base64 --wrap 0 >"$key_name-public") | + rage --encrypt \ + --armor \ + --recipient "age1mshh4ynzhhzhff25tqwkg4j054g3xwrfznh98ycchludj9wjj48qn2uffn" \ + >"$key_name-private.age" + +# vim: ft=sh |