]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - flakes/private/openarc/flake.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix nix flake
[perso/Immae/Config/Nix.git] / flakes / private / openarc / flake.nix
1 {
2 inputs.openarc = {
3 url = "path:../../openarc";
4 };
5 inputs.secrets = {
6 url = "path:../../secrets";
7 };
8 inputs.files-watcher = {
9 url = "path:../../files-watcher";
10 };
11 inputs.my-lib = {
12 url = "path:../../lib";
13 };
14 inputs.nix-lib.url = "github:NixOS/nixpkgs";
15
16 description = "Private configuration for openarc";
17 outputs = { self, nix-lib, my-lib, files-watcher, openarc, secrets }:
18 let
19 cfg = name': { config, lib, pkgs, name, ... }: {
20 imports = [
21 (my-lib.lib.withNarKey files-watcher "nixosModule")
22 (my-lib.lib.withNarKey openarc "nixosModule")
23 (my-lib.lib.withNarKey secrets "nixosModule")
24 ];
25 config = lib.mkIf (name == name') {
26 services.openarc = {
27 enable = true;
28 user = "opendkim";
29 socket = "/run/openarc/openarc.sock";
30 group = config.services.postfix.group;
31 configFile = pkgs.writeText "openarc.conf" ''
32 AuthservID mail.immae.eu
33 Domain mail.immae.eu
34 KeyFile ${config.secrets.fullPaths."opendkim/eldiron.private"}
35 Mode sv
36 Selector eldiron
37 SoftwareHeader yes
38 Syslog Yes
39 '';
40 };
41 systemd.services.openarc.serviceConfig.Slice = "mail.slice";
42 systemd.services.openarc.postStart = ''
43 while [ ! -S ${config.services.openarc.socket} ]; do
44 sleep 0.5
45 done
46 chmod g+w ${config.services.openarc.socket}
47 '';
48 services.filesWatcher.openarc = {
49 restart = true;
50 paths = [
51 config.secrets.fullPaths."opendkim/eldiron.private"
52 ];
53 };
54 };
55 };
56 in
57 openarc.outputs //
58 { nixosModules = openarc.nixosModules or {} // nix-lib.lib.genAttrs ["eldiron" "backup-2"] cfg; };
59 }
My infrastructure configuration