From 9652257a80f65965fb1adb5857ccfe764cc46fc7 Mon Sep 17 00:00:00 2001
From: Malfurious <m@lfurio.us>
Date: Wed, 19 Jun 2024 02:53:59 -0400
Subject: opendkim: Setup package and data volume

The postfix user is added to the opendkim group so that the MTA can
eventually interact with the filter over its socket file.

Signed-off-by: Malfurious <m@lfurio.us>
---
 Dockerfile | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'Dockerfile')

diff --git a/Dockerfile b/Dockerfile
index f79830a..e7ca4b9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -25,6 +25,14 @@ RUN useradd \
     --skel /dev/null --create-home \
     mlmmj
 
+RUN useradd \
+    --uid 2003 \
+    --shell /usr/sbin/nologin \
+    --home-dir /run/opendkim \
+    opendkim
+
+RUN usermod -aG opendkim postfix
+
 # Install packages
 RUN apt update \
  && apt full-upgrade --yes \
@@ -32,6 +40,7 @@ RUN apt update \
     dovecot-core \
     dovecot-imapd \
     mlmmj \
+    opendkim \
     postfix \
     postfix-pcre \
     sudo \
-- 
cgit v1.2.3


From 067a9c14c41022f5a93846a5b4c8dba4d5030ec1 Mon Sep 17 00:00:00 2001
From: Malfurious <m@lfurio.us>
Date: Sun, 30 Jun 2024 07:53:42 -0400
Subject: opendkim: Add default config file

Signed-off-by: Malfurious <m@lfurio.us>
---
 Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'Dockerfile')

diff --git a/Dockerfile b/Dockerfile
index e7ca4b9..aa35a8f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -48,10 +48,11 @@ RUN apt update \
 
 # Install files
 COPY dovecot /etc/dovecot/
+COPY opendkim /etc/
 COPY postfix /etc/postfix/
 COPY userconfig /etc/userconfig/
 
-RUN find /etc/dovecot /etc/postfix -type f | xargs sed -i \
+RUN find /etc/dovecot /etc/opendkim.conf /etc/postfix -type f | xargs sed -i \
     "s/ENV_HOSTNAME/${HOSTNAME}/g; s/ENV_VIRTUAL_DOMAINS/${VIRTUAL_DOMAINS}/g"
 
 EXPOSE 25
-- 
cgit v1.2.3


From 08b83d5142f093a60ea2dfaeb9014a5831a1480b Mon Sep 17 00:00:00 2001
From: Malfurious <m@lfurio.us>
Date: Wed, 19 Jun 2024 03:01:09 -0400
Subject: opendkim: Generate keys / TXT record

Keys are generated using the config from the previous commit and stored
in the dkim data volume.  The key length is set to 1024 bits for
compatibility with nameservers.  See this quote from the opendkim
readme:

    BIND servers have a 256 byte limit on serving TXT records, so a 1024
    bit RSA key is recommended if using BIND as your primary DNS server.

Signed-off-by: Malfurious <m@lfurio.us>
---
 Dockerfile | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'Dockerfile')

diff --git a/Dockerfile b/Dockerfile
index aa35a8f..aa7c1ca 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -46,6 +46,18 @@ RUN apt update \
     sudo \
  && apt clean
 
+# Generate OpenDKIM keypair
+# Do this here so we can print the pubkey/dns record to logs during build
+# process.  After initial run, a volume should preserve the keys for later
+# runs.
+RUN mkdir -p /opendkim \
+ && chown opendkim:opendkim /opendkim \
+ && opendkim-genkey \
+    --bits=1024 \
+    --directory=/opendkim \
+    --selector=default \
+ && cat /opendkim/default.txt
+
 # Install files
 COPY dovecot /etc/dovecot/
 COPY opendkim /etc/
-- 
cgit v1.2.3