X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=flakes%2Fprivate%2Fopenarc%2Fflake.nix;h=69e076701ec35f09ea351248476a8fa1d881eb05;hb=670d287ee1dc24437ecdd030ccacd2cb5d55109a;hp=fd8ec5687ca95b14867289555a05b153c016f594;hpb=5e2ec9fb8628136e7f9f618c68c0e42ab086b80e;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/flakes/private/openarc/flake.nix b/flakes/private/openarc/flake.nix
index fd8ec56..69e0767 100644
--- a/flakes/private/openarc/flake.nix
+++ b/flakes/private/openarc/flake.nix
@@ -1,45 +1,48 @@
 {
-  inputs.openarc = {
-    path = "../../openarc";
-    type = "path";
-  };
-  inputs.nix-lib.url = "github:NixOS/nixpkgs";
+  inputs.openarc.url = "path:../../openarc";
+  inputs.secrets.url = "path:../../secrets";
+  inputs.files-watcher.url = "path:../../files-watcher";
 
   description = "Private configuration for openarc";
-  outputs = { self, nix-lib, openarc }:
-    let
-      cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
+  outputs = { self, files-watcher, openarc, secrets }: {
+    nixosModule = self.nixosModules.openarc;
+    nixosModules.openarc = { config, pkgs, ... }: {
+      imports = [
+        files-watcher.nixosModule
+        openarc.nixosModule
+        secrets.nixosModule
+      ];
+      config = {
         services.openarc = {
           enable = true;
           user = "opendkim";
-          socket = "local:${config.myServices.mail.milters.sockets.openarc}";
+          socket = "/run/openarc/openarc.sock";
           group = config.services.postfix.group;
           configFile = pkgs.writeText "openarc.conf" ''
             AuthservID              mail.immae.eu
             Domain                  mail.immae.eu
-            KeyFile                 ${config.secrets.fullPaths."opendkim/eldiron.private"}
+            KeyFile                 ${config.secrets.fullPaths."opendkim/eldiron2.private"}
             Mode                    sv
-            Selector                eldiron
+            Selector                eldiron2
             SoftwareHeader          yes
             Syslog                  Yes
             '';
         };
         systemd.services.openarc.serviceConfig.Slice = "mail.slice";
-        systemd.services.openarc.postStart = lib.optionalString
-              (lib.strings.hasPrefix "local:" config.services.openarc.socket) ''
-          while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do
+        systemd.services.openarc.postStart = ''
+          while [ ! -S ${config.services.openarc.socket} ]; do
             sleep 0.5
           done
-          chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket}
+          chmod g+w ${config.services.openarc.socket}
           '';
         services.filesWatcher.openarc = {
           restart = true;
           paths = [
+            config.secrets.fullPaths."opendkim/eldiron2.private"
             config.secrets.fullPaths."opendkim/eldiron.private"
           ];
         };
       };
-    in
-      openarc.outputs //
-      { nixosModules = openarc.nixosModules or {} // nix-lib.lib.genAttrs ["eldiron" "backup-2"] cfg; };
+    };
+  };
 }