#!/usr/bin/env bash
set -euo pipefail
source ./lib.sh

log "Installiere DKIM-Helper …"

install -d -m 0755 /usr/local/sbin

cat >/usr/local/sbin/mailwolt-install-dkim <<'EOF'
#!/usr/bin/env bash
set -euo pipefail

DOMAIN="$1"         # z.B. sysmail.toastra.com
SELECTOR="${2:-mwl1}"

[[ -n "$DOMAIN" ]] || { echo "Usage: $0 <domain> [selector]"; exit 2; }

KEYDIR="/etc/opendkim/keys/${DOMAIN}"
PRIV="${KEYDIR}/${SELECTOR}.private"
TXT="${KEYDIR}/${SELECTOR}.txt"

install -d -m 0750 -o opendkim -g opendkim "$KEYDIR"

if [[ ! -s "$PRIV" ]]; then
  opendkim-genkey -b 2048 -s "$SELECTOR" -d "$DOMAIN" -D "$KEYDIR"
  chown opendkim:opendkim "$PRIV"
  chmod 600 "$PRIV"
fi

grep -q "^${SELECTOR}\._domainkey\.${DOMAIN} " /etc/opendkim/KeyTable 2>/dev/null \
  || echo "${SELECTOR}._domainkey.${DOMAIN} ${DOMAIN}:${SELECTOR}:${PRIV}" >> /etc/opendkim/KeyTable

grep -q "^\*@${DOMAIN} " /etc/opendkim/SigningTable 2>/dev/null \
  || echo "*@${DOMAIN} ${SELECTOR}._domainkey.${DOMAIN}" >> /etc/opendkim/SigningTable

install -d -m 0755 /etc/mailwolt/dns
[[ -s "$TXT" ]] && cp -f "$TXT" "/etc/mailwolt/dns/dkim-${DOMAIN}.txt" || true

systemctl restart opendkim
EOF

log "[✓] DKIM-Helper installiert: /usr/local/sbin/mailwolt-install-dkim"