--- /dev/null
+{
+ inputs.openarc = {
+ url = "https://git.immae.eu/perso/Immae/Config/Nix.git";
+ type = "git";
+ dir = "flakes/openarc";
+ };
+ inputs.nixpkgs.url = "github:NixOS/nixpkgs";
+
+ description = "Private configuration for openarc";
+ outputs = { self, nixpkgs, openarc }:
+ let
+ cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
+ services.openarc = {
+ enable = true;
+ user = "opendkim";
+ socket = "local:${config.myServices.mail.milters.sockets.openarc}";
+ group = config.services.postfix.group;
+ configFile = pkgs.writeText "openarc.conf" ''
+ AuthservID mail.immae.eu
+ Domain mail.immae.eu
+ KeyFile ${config.secrets.fullPaths."opendkim/eldiron.private"}
+ Mode sv
+ Selector eldiron
+ SoftwareHeader yes
+ Syslog Yes
+ '';
+ };
+ systemd.services.openarc.serviceConfig.Slice = "mail.slice";
+ systemd.services.openarc.postStart = lib.optionalString
+ (lib.strings.hasPrefix "local:" config.services.openarc.socket) ''
+ while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do
+ sleep 0.5
+ done
+ chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket}
+ '';
+ services.filesWatcher.openarc = {
+ restart = true;
+ paths = [
+ config.secrets.fullPaths."opendkim/eldiron.private"
+ ];
+ };
+ };
+ in
+ openarc.outputs //
+ { nixosModules = openarc.nixosModules or {} // nixpkgs.lib.genAttrs ["eldiron" "backup-2"] cfg; };
+}
projects / perso / Immae / Config / Nix.git / blobdiff