X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=flakes%2Fprivate%2Fopenarc.nix;fp=flakes%2Fprivate%2Fopenarc.nix;h=5244ca90723eeb1570239d75617394fa959bdf3b;hb=238587099b92027ad780053f0f6217ad88b61ad2;hp=0000000000000000000000000000000000000000;hpb=a1a2455f53bde1235b221a842d3c888c51fcecac;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/flakes/private/openarc.nix b/flakes/private/openarc.nix
new file mode 100644
index 0000000..5244ca9
--- /dev/null
+++ b/flakes/private/openarc.nix
@@ -0,0 +1,35 @@
+pkgs:
+let
+  cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
+    services.openarc = {
+      enable = true;
+      user = "opendkim";
+      socket = "local:${config.myServices.mail.milters.sockets.openarc}";
+      group = config.services.postfix.group;
+      configFile = pkgs.writeText "openarc.conf" ''
+        AuthservID              mail.immae.eu
+        Domain                  mail.immae.eu
+        KeyFile                 ${config.secrets.fullPaths."opendkim/eldiron.private"}
+        Mode                    sv
+        Selector                eldiron
+        SoftwareHeader          yes
+        Syslog                  Yes
+        '';
+    };
+    systemd.services.openarc.serviceConfig.Slice = "mail.slice";
+    systemd.services.openarc.postStart = lib.optionalString
+          (lib.strings.hasPrefix "local:" config.services.openarc.socket) ''
+      while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do
+        sleep 0.5
+      done
+      chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket}
+      '';
+    services.filesWatcher.openarc = {
+      restart = true;
+      paths = [
+        config.secrets.fullPaths."opendkim/eldiron.private"
+      ];
+    };
+  };
+in
+  pkgs.lib.genAttrs ["eldiron" "backup-2"] cfg