#!/bin/bash
#
# vmail-stack
# https://git.stack-source.com/msb/vmail-stack
# Copyright (c) 2022 Matthew Saunders Brown <matthewsaundersbrown@gmail.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

# load include file
source $(dirname $0)/vmail.sh

help()
{
  thisfilename=$(basename -- "$0")
  echo "$thisfilename"
  echo "Add DKIM key for specified domain.."
  echo ""
  echo "usage: $thisfilename -d <domain> [-h]"
  echo ""
  echo "  -h          Print this help."
  echo "  -d          Domain name to add DKIM to."
  echo ""
  echo "              This will create a DKIM key that exim will start using immediately for"
  echo "              all outgoing messages for the specified domain. A DNS entry needs to"
  echo "              be created for the domain so that DKIM validation works. The DNS entry"
  echo "              to add is output on the command line and is stored in the file:"
  echo "              /etc/ssl/dkim/<domain>.dns"
  exit
}

vmail:getoptions "$@"

# check for domain
if [[ -z $domain ]]; then
  echo "domain name is required"
  exit
fi

# check for existing dkim
if [ -f /etc/ssl/dkim/$domain.dkim ]; then
  echo "dkim for $domain already exists"
  exit 1
fi

cd /etc/ssl/dkim
date +%Y%m%d > $domain.selector
openssl genrsa -out $domain.pem 2048 2> /dev/null
openssl rsa -in $domain.pem -out $domain.pub -pubout 2> /dev/null
tail -n +2 $domain.pub |head -n -1|tr -d '\n' > $domain.dkim
echo `cat $domain.selector`._domainkey.$domain 3600 IN TXT \""k=rsa; p=`cat $domain.dkim`"\" > $domain.dns
chown Debian-exim:ssl-cert $domain.*

if [[ -f /usr/local/etc/pdns.conf ]]; then
  dnsname=`cat /etc/ssl/dkim/$domain.selector`
  dnsname="$dnsname._domainkey.$domain"
  dnsrecord=`cat /etc/ssl/dkim/$domain.dkim`
  dnsrecord="k=rsa; p=$dnsrecord"
  echo pdns-rr-rep.sh -z $domain -n $dnsname -t TXT -r \'$dnsrecord\'
  exit
else
  echo Create this dns record:
  echo
  cat $domain.dns
fi