X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fmail%2Fmilters.nix;h=96c280066f44b966c55beee99fc7c12d2f961047;hb=74a10960d8659eaffa8224cee31fcf217c69609f;hp=5de03cf12dcb04152579f01ffa5e7a4c7823fbe5;hpb=45730653020eb8b23090a731fc9e687efab850a5;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/mail/milters.nix b/modules/private/mail/milters.nix
index 5de03cf..96c2800 100644
--- a/modules/private/mail/milters.nix
+++ b/modules/private/mail/milters.nix
@@ -1,5 +1,8 @@
-{ lib, pkgs, config, ... }:
+{ lib, pkgs, config, name, ... }:
 {
+  imports =
+    builtins.attrValues (import ../../../lib/flake-compat.nix ../../../flakes/openarc).nixosModules;
+
   options.myServices.mail.milters.sockets = lib.mkOption {
     type = lib.types.attrsOf lib.types.path;
     default = {
@@ -64,6 +67,7 @@
         '';
       group = config.services.postfix.group;
     };
+    systemd.services.opendkim.serviceConfig.Slice = "mail.slice";
     systemd.services.opendkim.preStart = lib.mkBefore ''
       # Skip the prestart script as keys are handled in secrets
       exit 0
@@ -76,6 +80,7 @@
     };
 
     users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
+    systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
     services.opendmarc = {
       enable = true;
       socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
@@ -101,41 +106,13 @@
       ];
     };
 
-    services.openarc = {
-      enable = true;
-      user = "opendkim";
-      socket = "local:${config.myServices.mail.milters.sockets.openarc}";
-      group = config.services.postfix.group;
-      configFile = pkgs.writeText "openarc.conf" ''
-        AuthservID              mail.immae.eu
-        Domain                  mail.immae.eu
-        KeyFile                 ${config.secrets.fullPaths."opendkim/eldiron.private"}
-        Mode                    sv
-        Selector                eldiron
-        SoftwareHeader          yes
-        Syslog                  Yes
-        '';
-    };
-    systemd.services.openarc.postStart = lib.optionalString
-          (lib.strings.hasPrefix "local:" config.services.openarc.socket) ''
-      while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do
-        sleep 0.5
-      done
-      chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket}
-      '';
-    services.filesWatcher.openarc = {
-      restart = true;
-      paths = [
-        config.secrets.fullPaths."opendkim/eldiron.private"
-      ];
-    };
-
     systemd.services.milter_verify_from = {
       description  = "Verify from milter";
       after = [ "network.target" ];
       wantedBy = [ "multi-user.target" ];
 
       serviceConfig = {
+        Slice = "mail.slice";
         User = "postfix";
         Group = "postfix";
         ExecStart = let python = pkgs.python3.withPackages (p: [ p.pymilter ]);