From 8b1ac25da8313861252e6015f3827d752d9dd8d9 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sat, 21 Mar 2026 15:43:47 +0100
Subject: ...

---
 hosts/surtr/dns/default.nix | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'hosts/surtr/dns/default.nix')

diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix
index 14d6efd6..c210cb2d 100644
--- a/hosts/surtr/dns/default.nix
+++ b/hosts/surtr/dns/default.nix
@@ -46,7 +46,12 @@ in {
 
     systemd.services.knot = {
       unitConfig.RequiresMountsFor = [ "/var/lib/knot" ];
-      serviceConfig.LoadCredential = map ({name, ...}: "${name}.yaml:${config.sops.secrets.${name}.path}") knotKeys;
+      serviceConfig = {
+        LoadCredential = map ({name, ...}: "${name}.yaml:${config.sops.secrets.${name}.path}") knotKeys;
+        BindPaths = let
+          dkimBindPath = domain: "/var/lib/rspamd/dkim/${domain}.txt:/var/lib/dkim/${domain}.txt";
+        in map dkimBindPath ["yggdrasil.li" "141.li" "kleen.li" "praseodym.org" "kleen.consulting" "bouncy.email"];
+      };
     };
 
     services.knot = {
-- 
cgit v1.2.3