]>
Commit | Line | Data |
---|---|---|
ef43c362 IB |
1 | { |
2 | inputs.openarc = { | |
ada96f10 IB |
3 | path = "../../openarc"; |
4 | type = "path"; | |
ef43c362 | 5 | }; |
da30ae4f IB |
6 | inputs.secrets = { |
7 | path = "../../secrets"; | |
8 | type = "path"; | |
9 | }; | |
27dd65fc IB |
10 | inputs.files-watcher = { |
11 | path = "../../files-watcher"; | |
12 | type = "path"; | |
13 | }; | |
14 | inputs.my-lib = { | |
15 | path = "../../lib"; | |
16 | type = "path"; | |
17 | }; | |
5e2ec9fb | 18 | inputs.nix-lib.url = "github:NixOS/nixpkgs"; |
ef43c362 IB |
19 | |
20 | description = "Private configuration for openarc"; | |
da30ae4f | 21 | outputs = { self, nix-lib, my-lib, files-watcher, openarc, secrets }: |
ef43c362 | 22 | let |
27dd65fc | 23 | cfg = name': { config, lib, pkgs, name, ... }: { |
910c2e9e IB |
24 | imports = [ |
25 | (my-lib.lib.withNarKey files-watcher "nixosModule") | |
26 | (my-lib.lib.withNarKey openarc "nixosModule") | |
da30ae4f | 27 | (my-lib.lib.withNarKey secrets "nixosModule") |
910c2e9e | 28 | ]; |
27dd65fc IB |
29 | config = lib.mkIf (name == name') { |
30 | services.openarc = { | |
31 | enable = true; | |
32 | user = "opendkim"; | |
910c2e9e | 33 | socket = "/run/openarc/openarc.sock"; |
27dd65fc IB |
34 | group = config.services.postfix.group; |
35 | configFile = pkgs.writeText "openarc.conf" '' | |
36 | AuthservID mail.immae.eu | |
37 | Domain mail.immae.eu | |
38 | KeyFile ${config.secrets.fullPaths."opendkim/eldiron.private"} | |
39 | Mode sv | |
40 | Selector eldiron | |
41 | SoftwareHeader yes | |
42 | Syslog Yes | |
43 | ''; | |
44 | }; | |
45 | systemd.services.openarc.serviceConfig.Slice = "mail.slice"; | |
910c2e9e IB |
46 | systemd.services.openarc.postStart = '' |
47 | while [ ! -S ${config.services.openarc.socket} ]; do | |
27dd65fc IB |
48 | sleep 0.5 |
49 | done | |
910c2e9e | 50 | chmod g+w ${config.services.openarc.socket} |
ef43c362 | 51 | ''; |
27dd65fc IB |
52 | services.filesWatcher.openarc = { |
53 | restart = true; | |
54 | paths = [ | |
55 | config.secrets.fullPaths."opendkim/eldiron.private" | |
56 | ]; | |
57 | }; | |
ef43c362 IB |
58 | }; |
59 | }; | |
60 | in | |
61 | openarc.outputs // | |
5e2ec9fb | 62 | { nixosModules = openarc.nixosModules or {} // nix-lib.lib.genAttrs ["eldiron" "backup-2"] cfg; }; |
ef43c362 | 63 | } |