]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - flakes/private/openarc/flake.nix
projects / perso / Immae / Config / Nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Move backup directory to host subdir
[perso/Immae/Config/Nix.git] / flakes / private / openarc / flake.nix
diff --git a/flakes/private/openarc/flake.nix b/flakes/private/openarc/flake.nix
index 6a2518b9e9c2ec6c52fc6c022fc1712870305408..69e076701ec35f09ea351248476a8fa1d881eb05 100644 (file)
--- a/flakes/private/openarc/flake.nix
+++ b/flakes/private/openarc/flake.nix
@@ -1,46 +1,48 @@
 {
-  inputs.openarc = {
-    url = "https://git.immae.eu/perso/Immae/Config/Nix.git";
-    type = "git";
-    dir = "flakes/openarc";
-  };
-  inputs.nixpkgs.url = "github:NixOS/nixpkgs";
+  inputs.openarc.url = "path:../../openarc";
+  inputs.secrets.url = "path:../../secrets";
+  inputs.files-watcher.url = "path:../../files-watcher";
 
   description = "Private configuration for openarc";
-  outputs = { self, nixpkgs, openarc }:
-    let
-      cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
+  outputs = { self, files-watcher, openarc, secrets }: {
+    nixosModule = self.nixosModules.openarc;
+    nixosModules.openarc = { config, pkgs, ... }: {
+      imports = [
+        files-watcher.nixosModule
+        openarc.nixosModule
+        secrets.nixosModule
+      ];
+      config = {
         services.openarc = {
           enable = true;
           user = "opendkim";
-          socket = "local:${config.myServices.mail.milters.sockets.openarc}";
+          socket = "/run/openarc/openarc.sock";
           group = config.services.postfix.group;
           configFile = pkgs.writeText "openarc.conf" ''
             AuthservID              mail.immae.eu
             Domain                  mail.immae.eu
-            KeyFile                 ${config.secrets.fullPaths."opendkim/eldiron.private"}
+            KeyFile                 ${config.secrets.fullPaths."opendkim/eldiron2.private"}
             Mode                    sv
-            Selector                eldiron
+            Selector                eldiron2
             SoftwareHeader          yes
             Syslog                  Yes
             '';
         };
         systemd.services.openarc.serviceConfig.Slice = "mail.slice";
-        systemd.services.openarc.postStart = lib.optionalString
-              (lib.strings.hasPrefix "local:" config.services.openarc.socket) ''
-          while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do
+        systemd.services.openarc.postStart = ''
+          while [ ! -S ${config.services.openarc.socket} ]; do
             sleep 0.5
           done
-          chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket}
+          chmod g+w ${config.services.openarc.socket}
           '';
         services.filesWatcher.openarc = {
           restart = true;
           paths = [
+            config.secrets.fullPaths."opendkim/eldiron2.private"
             config.secrets.fullPaths."opendkim/eldiron.private"
           ];
         };
       };
-    in
-      openarc.outputs //
-      { nixosModules = openarc.nixosModules or {} // nixpkgs.lib.genAttrs ["eldiron" "backup-2"] cfg; };
+    };
+  };
 }
My infrastructure configuration