X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fmail%2Fsympa.nix;h=920daa985e11bb2f1b56d163c9e7c874f6ef6b4c;hb=4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0;hp=f7070e65be68d619bb83fe507314ea93f005e1b7;hpb=6c7d42fc4844bc4f9af72dab531be8377825296a;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/mail/sympa.nix b/modules/private/mail/sympa.nix
index f7070e6..920daa9 100644
--- a/modules/private/mail/sympa.nix
+++ b/modules/private/mail/sympa.nix
@@ -34,28 +34,37 @@ in
       ];
     };
 
-    secrets.keys = [
-      {
-        dest = "sympa/db_password";
+    secrets.keys = {
+      "sympa/db_password" = {
         permissions = "0400";
         group = "sympa";
         user = "sympa";
         text = sympaConfig.postgresql.password;
-      }
-    ]
-    ++ lib.mapAttrsToList (n: v: {
-      dest = "sympa/data_sources/${n}.incl"; permissions = "0400"; group = "sympa"; user = "sympa"; text = v;
+      };
+    }
+    // lib.mapAttrs' (n: v: lib.nameValuePair "sympa/data_sources/${n}.incl" {
+      permissions = "0400"; group = "sympa"; user = "sympa"; text = v;
     }) sympaConfig.data_sources
-    ++ lib.mapAttrsToList (n: v: {
-      dest = "sympa/scenari/${n}"; permissions = "0400"; group = "sympa"; user = "sympa"; text = v;
+    // lib.mapAttrs' (n: v: lib.nameValuePair "sympa/scenari/${n}" {
+      permissions = "0400"; group = "sympa"; user = "sympa"; text = v;
     }) sympaConfig.scenari;
     users.users.sympa.extraGroups = [ "keys" ];
+    systemd.slices.mail-sympa = {
+      description = "Sympa slice";
+    };
+
     systemd.services.sympa.serviceConfig.SupplementaryGroups = [ "keys" ];
     systemd.services.sympa-archive.serviceConfig.SupplementaryGroups = [ "keys" ];
     systemd.services.sympa-bounce.serviceConfig.SupplementaryGroups = [ "keys" ];
     systemd.services.sympa-bulk.serviceConfig.SupplementaryGroups = [ "keys" ];
     systemd.services.sympa-task.serviceConfig.SupplementaryGroups = [ "keys" ];
 
+    systemd.services.sympa.serviceConfig.Slice = "mail-sympa.slice";
+    systemd.services.sympa-archive.serviceConfig.Slice = "mail-sympa.slice";
+    systemd.services.sympa-bounce.serviceConfig.Slice = "mail-sympa.slice";
+    systemd.services.sympa-bulk.serviceConfig.Slice = "mail-sympa.slice";
+    systemd.services.sympa-task.serviceConfig.Slice = "mail-sympa.slice";
+
     # https://github.com/NixOS/nixpkgs/pull/84202
     systemd.services.sympa.serviceConfig.ProtectKernelModules = lib.mkForce false;
     systemd.services.sympa-archive.serviceConfig.ProtectKernelModules = lib.mkForce false;
@@ -72,6 +81,7 @@ in
       wantedBy = [ "multi-user.target" ];
       after = [ "sympa.service" ];
       serviceConfig = {
+        Slice = "mail-sympa.slice";
         Type = "forking";
         PIDFile = "/run/sympa/wwsympa.pid";
         Restart = "always";