Add DKIM TXT record for mail-test.nixos.org

I just deployed `simple-nixos-mailserver` to `umbriel`, so we now have a DKIM signature. I'm following the instructions on <https://nixos-mailserver.readthedocs.io/en/latest/setup-guide.html#set-dkim-signature>.
NixOS · Oct 31, 2024 · e18d4c4 · e18d4c4
1 parent baf4add
commit e18d4c4
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/non-critical-infra/hosts/umbriel.nixos.org/README.md b/non-critical-infra/hosts/umbriel.nixos.org/README.md
@@ -0,0 +1,7 @@
+# `umbriel`
+
+## Provisioning
+
+If you recreate `umbriel`, it will generate a new `DKIM` signature. That's
+ok to do, but you'll need to update the corresponding `mail._domainkey.*` `TXT`
+DNS record.
diff --git a/terraform/dns.tf b/terraform/dns.tf
@@ -343,8 +343,11 @@ locals {
       type     = "TXT"
       value    = "v=spf1 a:mail-test.nixos.org -all"
     },
-    # TODO: create `DKIM` TXT record: <https://nixos-mailserver.readthedocs.io/en/latest/setup-guide.html#set-dkim-signature>.
-    #       (can't do this until after SNM is deployed: https://github.com/NixOS/infra/pull/495/)
+    {
+      hostname = "mail._domainkey.mail-test.nixos.org"
+      type     = "TXT"
+      value = "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTLW88xioTw4YUMSBw2+RO1+ASTbWNsqDwrpCmA+ikru4cWLEkx2JVEcms4Uxqrk2A8Qhfjvc8Oe026HdTXiTNEb9e+Sh0d/IR/eH5MFhiSUGrahZBx1FGVvMf5zfjYWZXn+7oXW8zNpxWd042hLMcY14G8v+/OBQ9IJL+ja3wFwIDAQAB"
+    },
     {
       hostname = "_dmarc.mail-test.nixos.org"
       type     = "TXT"