From 803bc95317806841ef8f9a4a57be04eea671e7ad Mon Sep 17 00:00:00 2001
From: andromeda <andromeda@lenovo>
Date: Mon, 12 Jan 2026 14:26:35 +0100
Subject: [PATCH] fix dkim perms?

---
 modules/nixos/mailserver.nix | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/modules/nixos/mailserver.nix b/modules/nixos/mailserver.nix
index 767b13f..ada51f4 100644
--- a/modules/nixos/mailserver.nix
+++ b/modules/nixos/mailserver.nix
@@ -22,8 +22,12 @@
 
   # put dkim key into /etc for declarability
   mailserver.dkimKeyDirectory = "/etc/dkim";
-  environment.etc."dkim/${config.networking.domain}.${config.mailserver.dkimSelector}.key".source =
-    config.age.secrets."dkim-${config.networking.domain}.${config.mailserver.dkimSelector}.key".path;
+  environment.etc."dkim/${config.networking.domain}.${config.mailserver.dkimSelector}.key" = {
+    source = config.age.secrets."dkim-${config.networking.domain}.${config.mailserver.dkimSelector}.key".path;
+    mode = "600";
+    user = config.services.rspamd.user;
+    group = config.services.rspamd.group;
+  };
 
   # does acme for me
   services.nginx = {