Refactor opendmarc/openarc flakes

author Ismaël Bouya <ismael.bouya@normalesup.org>

Thu, 7 Oct 2021 13:22:57 +0000 (15:22 +0200)

committer Ismaël Bouya <ismael.bouya@normalesup.org>

Fri, 15 Oct 2021 21:15:44 +0000 (23:15 +0200)
author Ismaël Bouya <ismael.bouya@normalesup.org>
Thu, 7 Oct 2021 13:22:57 +0000 (15:22 +0200)
committer Ismaël Bouya <ismael.bouya@normalesup.org>
Fri, 15 Oct 2021 21:15:44 +0000 (23:15 +0200)
diff --git a/flakes/openarc/flake.nix b/flakes/openarc/flake.nix

index f4ce653e3de42d612a660c28f10b644e06481731..6fd45bf6995168223111496ba70577c6c1bccbea 100644 (file)
--- a/flakes/openarc/flake.nix
+++ b/flakes/openarc/flake.nix
@@ -63,8 +63,8 @@
        nixosModule = { config, lib, pkgs, ... }:
          let
            cfg = config.services.openarc;
-          defaultSock = "local:/run/openarc/openarc.sock";
-          args = [ "-f" "-p" cfg.socket ] ++ lib.optionals (cfg.configFile != null) [ "-c" cfg.configFile ];
+          defaultSock = "/run/openarc/openarc.sock";
+          args = [ "-f" "-p" "local:${cfg.socket}" ] ++ lib.optionals (cfg.configFile != null) [ "-c" cfg.configFile ];
          in {
            options = {
              services.openarc = {
diff --git a/flakes/opendmarc/flake.nix b/flakes/opendmarc/flake.nix

index f1877b63721a70363f71c3bd65ef339f74e903f8..277fd259c8bbc39800ff09a9ee69cc349505b8f6 100644 (file)
--- a/flakes/opendmarc/flake.nix
+++ b/flakes/opendmarc/flake.nix
@@ -48,8 +48,8 @@
       nixosModule = { config, lib, pkgs, ... }:
         let
           cfg = config.services.opendmarc;
-         defaultSock = "local:/run/opendmarc/opendmarc.sock";
-         args = [ "-f" "-l" "-p" cfg.socket ] ++ lib.optionals (cfg.configFile != null) [ "-c" cfg.configFile ];
+         defaultSock = "/run/opendmarc/opendmarc.sock";
+         args = [ "-f" "-l" "-p" "local:${cfg.socket}" ] ++ lib.optionals (cfg.configFile != null) [ "-c" cfg.configFile ];
         in {
           options = {
             services.opendmarc = {
diff --git a/flakes/private/openarc/flake.lock b/flakes/private/openarc/flake.lock

index 76ddaed56d3a8d9a10a231e40e996c9cd342f824..f0f56c7126fb6c381004b7781ef5d4490bb39dc6 100644 (file)
--- a/flakes/private/openarc/flake.lock
+++ b/flakes/private/openarc/flake.lock
@@ -31,7 +31,7 @@
          "nixpkgs": "nixpkgs"
        },
        "locked": {
-        "narHash": "sha256-YJREl39cf4zrFdAULMu1Yjg7hIEZCLuCnP8qJvWbIvM=",
+        "narHash": "sha256-HGNP1eH7b42BxViYx/F3ZPO9CM1X+5qfA9JoP2ArN+s=",
          "path": "../../lib",
          "type": "path"
        },
@@ -59,11 +59,11 @@
      },
      "nix-lib": {
        "locked": {
-        "lastModified": 1629758329,
-        "narHash": "sha256-Qdno5vgP0pnc+nEB5DjYGseW+4MuXiJMfc6cHwalCXY=",
+        "lastModified": 1633008342,
+        "narHash": "sha256-wZV5YidnsqV/iufDIhaZip3LzwUGeIt8wtdiGS5+cXc=",
          "owner": "NixOS",
          "repo": "nixpkgs",
-        "rev": "99967a54d893b9742b38809ccfe3172b6918bdef",
+        "rev": "6eae8a116011f4db0aa5146f364820024411d6bb",
          "type": "github"
        },
        "original": {
@@ -110,7 +110,7 @@
          "openarc": "openarc_2"
        },
        "locked": {
-        "narHash": "sha256-w+MiC+2IBNsXJT9Ln5TBfipv0eCqZOdyY/BYGFVu+nk=",
+        "narHash": "sha256-ilrfNs6jpi1OceDE3y1atkovECx6PKNWubwLc0Sjx+s=",
          "path": "../../openarc",
          "type": "path"
        },
diff --git a/flakes/private/openarc/flake.nix b/flakes/private/openarc/flake.nix

index 9cc9aedd1d734d43728c20c389dc2837602f8e84..5c4b73cfeb83583d744d68973365cace139db684 100644 (file)
--- a/flakes/private/openarc/flake.nix
+++ b/flakes/private/openarc/flake.nix
@@ -17,12 +17,17 @@
    outputs = { self, nix-lib, my-lib, files-watcher, openarc }:
      let
        cfg = name': { config, lib, pkgs, name, ... }: {
-        imports = [ (my-lib.lib.withNarKey files-watcher "nixosModule") ];
+        imports = [
+          (my-lib.lib.withNarKey files-watcher "nixosModule")
+          (my-lib.lib.withNarKey openarc "nixosModule")
+          #FIXME:
+          #(my-lib.lib.withNarKey secrets "nixosModule")
+        ];
          config = lib.mkIf (name == name') {
            services.openarc = {
              enable = true;
              user = "opendkim";
-            socket = "local:${config.myServices.mail.milters.sockets.openarc}";
+            socket = "/run/openarc/openarc.sock";
              group = config.services.postfix.group;
              configFile = pkgs.writeText "openarc.conf" ''
                AuthservID              mail.immae.eu
@@ -35,12 +40,11 @@
                '';
            };
            systemd.services.openarc.serviceConfig.Slice = "mail.slice";
-          systemd.services.openarc.postStart = lib.optionalString
-                (lib.strings.hasPrefix "local:" config.services.openarc.socket) ''
-            while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do
+          systemd.services.openarc.postStart = ''
+            while [ ! -S ${config.services.openarc.socket} ]; do
                sleep 0.5
              done
-            chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket}
+            chmod g+w ${config.services.openarc.socket}
              '';
            services.filesWatcher.openarc = {
              restart = true;
diff --git a/flakes/private/opendmarc/flake.lock b/flakes/private/opendmarc/flake.lock

index ea056e5e14dec204a3687eef73867b31539f87ce..121f51db5bb457ac8e3428ccd059f07e5e1fa105 100644 (file)
--- a/flakes/private/opendmarc/flake.lock
+++ b/flakes/private/opendmarc/flake.lock
@@ -59,11 +59,11 @@
      },
      "nix-lib": {
        "locked": {
-        "lastModified": 1630358951,
-        "narHash": "sha256-y6jh6YDWX6fX88tS9bSFOVSnckCL4qgt7UqUJhLPSx8=",
+        "lastModified": 1633008342,
+        "narHash": "sha256-wZV5YidnsqV/iufDIhaZip3LzwUGeIt8wtdiGS5+cXc=",
          "owner": "NixOS",
          "repo": "nixpkgs",
-        "rev": "2d786792ca69c98a8655858464e53698ad7311e2",
+        "rev": "6eae8a116011f4db0aa5146f364820024411d6bb",
          "type": "github"
        },
        "original": {
@@ -109,7 +109,7 @@
          "nixpkgs": "nixpkgs_2"
        },
        "locked": {
-        "narHash": "sha256-eIe5hzNsp1zz5m4ZMzORwdHuLkhEsKkS7WMpPOJE4ok=",
+        "narHash": "sha256-7jup/d3+WXXWsNMB7Sp5Py4rJQV30Z5+PJITBISbQ9o=",
          "path": "../../opendmarc",
          "type": "path"
        },
diff --git a/flakes/private/opendmarc/flake.nix b/flakes/private/opendmarc/flake.nix

index 4b54ccfbfe336c90963ec060f2c537d23262da7b..debcfbda9d106cde115dcf811f771fef24c8abbe 100644 (file)
--- a/flakes/private/opendmarc/flake.nix
+++ b/flakes/private/opendmarc/flake.nix
@@ -17,13 +17,18 @@
    outputs = { self, nix-lib, opendmarc, my-lib, files-watcher }:
      let
        cfg = name': { config, lib, pkgs, name, ... }: {
-        imports = [ (my-lib.lib.withNarKey files-watcher "nixosModule") ];
+        imports = [
+          (my-lib.lib.withNarKey files-watcher "nixosModule")
+          (my-lib.lib.withNarKey opendmarc "nixosModule")
+          #FIXME:
+          #(my-lib.lib.withNarKey secrets "nixosModule")
+        ];
          config = lib.mkIf (name == name') {
            users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
            systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
            services.opendmarc = {
              enable = true;
-            socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
+            socket = "/run/opendmarc/opendmarc.sock";
              configFile = pkgs.writeText "opendmarc.conf" ''
                AuthservID                  HOSTNAME
                FailureReports              false
diff --git a/modules/default.nix b/modules/default.nix

index 5359e9cf233afb68ccdf65d06cefe0d492174b02..11b3081631df78b4e4ec14c20fd0132171aeba08 100644 (file)
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -16,8 +16,8 @@ in
    fiche = ./webapps/fiche.nix;
    paste = (flakeCompat ../flakes/paste).nixosModule;
  
-  opendmarc = (flakeCompat ../flakes/opendmarc).nixosModule;
-  openarc = (flakeCompat ../flakes/openarc).nixosModule;
+  opendmarc = flakeLib.withNarKeyCompat flakeCompat ../flakes/opendmarc "nixosModule";
+  openarc = flakeLib.withNarKeyCompat flakeCompat ../flakes/openarc "nixosModule";
  
    duplyBackup = ./duply_backup;
    rsyncBackup = ./rsync_backup;
diff --git a/modules/private/mail/milters.nix b/modules/private/mail/milters.nix

index e00a2f35d0d57e2cfc1ed6d34908e96780a8fa5f..4291993351a723d246abdd321ccc28c59766b0f4 100644 (file)
--- a/modules/private/mail/milters.nix
+++ b/modules/private/mail/milters.nix
@@ -8,8 +8,8 @@
      type = lib.types.attrsOf lib.types.path;
      default = {
        opendkim = "/run/opendkim/opendkim.sock";
-      opendmarc = "/run/opendmarc/opendmarc.sock";
-      openarc = "/run/openarc/openarc.sock";
+      opendmarc = config.services.opendmarc.socket;
+      openarc = config.services.openarc.socket;
      };
      readOnly = true;
      description = ''
author	Ismaël Bouya <ismael.bouya@normalesup.org>
	Thu, 7 Oct 2021 13:22:57 +0000 (15:22 +0200)
committer	Ismaël Bouya <ismael.bouya@normalesup.org>
	Fri, 15 Oct 2021 21:15:44 +0000 (23:15 +0200)
flakes/openarc/flake.nix		patch \| blob \| blame \| history
flakes/opendmarc/flake.nix		patch \| blob \| blame \| history
flakes/private/openarc/flake.lock		patch \| blob \| blame \| history
flakes/private/openarc/flake.nix		patch \| blob \| blame \| history
flakes/private/opendmarc/flake.lock		patch \| blob \| blame \| history
flakes/private/opendmarc/flake.nix		patch \| blob \| blame \| history
modules/default.nix		patch \| blob \| blame \| history
modules/private/mail/milters.nix		patch \| blob \| blame \| history