};
};
}) // {
- nixosModules = (if builtins.pathExists ../private/openarc.nix then import ../private/openarc.nix nixpkgs else {});
nixosModule = { config, lib, pkgs, ... }:
let
cfg = config.services.openarc;
};
};
}) // {
- nixosModules = (if builtins.pathExists ../private/opendmarc.nix then import ../private/opendmarc.nix nixpkgs else {});
nixosModule = { config, lib, pkgs, ... }:
let
cfg = config.services.opendmarc;
+++ /dev/null
-pkgs:
-let
- cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
- services.openarc = {
- enable = true;
- user = "opendkim";
- socket = "local:${config.myServices.mail.milters.sockets.openarc}";
- group = config.services.postfix.group;
- configFile = pkgs.writeText "openarc.conf" ''
- AuthservID mail.immae.eu
- Domain mail.immae.eu
- KeyFile ${config.secrets.fullPaths."opendkim/eldiron.private"}
- Mode sv
- Selector eldiron
- SoftwareHeader yes
- Syslog Yes
- '';
- };
- systemd.services.openarc.serviceConfig.Slice = "mail.slice";
- systemd.services.openarc.postStart = lib.optionalString
- (lib.strings.hasPrefix "local:" config.services.openarc.socket) ''
- while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do
- sleep 0.5
- done
- chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket}
- '';
- services.filesWatcher.openarc = {
- restart = true;
- paths = [
- config.secrets.fullPaths."opendkim/eldiron.private"
- ];
- };
- };
-in
- pkgs.lib.genAttrs ["eldiron" "backup-2"] cfg
--- /dev/null
+{
+ "nodes": {
+ "flake-utils": {
+ "locked": {
+ "lastModified": 1609246779,
+ "narHash": "sha256-eq6ZXE/VWo3EMC65jmIT6H/rrUc9UWOWVujkzav025k=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "08c7ad4a0844adc4a7f9f5bb3beae482e789afa4",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "myuids": {
+ "locked": {
+ "dir": "flakes/myuids",
+ "lastModified": 1609281959,
+ "narHash": "sha256-SYNlHeobQAzTzK0pM5AqMn7M2WbTuzBeoD+Q3Mu+sho=",
+ "ref": "master",
+ "rev": "1be9e64bb4556676f65e6e5044e04426848849c0",
+ "revCount": 791,
+ "type": "git",
+ "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+ },
+ "original": {
+ "dir": "flakes/myuids",
+ "type": "git",
+ "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+ }
+ },
+ "nixpkgs": {
+ "locked": {
+ "lastModified": 1611218116,
+ "narHash": "sha256-CcyGZ8cLlHgiViWyBjRIjdsdRZxJjP2MgtWeuqSv3CE=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "30ab92ea31f6b7e9095b1e7e4b56a5000823efdf",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_2": {
+ "locked": {
+ "lastModified": 1597943282,
+ "narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "openarc": {
+ "inputs": {
+ "flake-utils": "flake-utils",
+ "myuids": "myuids",
+ "nixpkgs": "nixpkgs_2",
+ "openarc": "openarc_2"
+ },
+ "locked": {
+ "dir": "flakes/openarc",
+ "lastModified": 1611091761,
+ "narHash": "sha256-fE3FBeUxVaMezKjEpepdQW9apOza+0AfBALFhaaD0VA=",
+ "ref": "master",
+ "rev": "23f9fdf03a6673dbe334ae33be4f498cc4753191",
+ "revCount": 802,
+ "type": "git",
+ "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+ },
+ "original": {
+ "dir": "flakes/openarc",
+ "type": "git",
+ "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+ }
+ },
+ "openarc_2": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1537545083,
+ "narHash": "sha256-xUSRARC7875vFjtZ66t8KBlKmkEdIZblWHc4zqGZAQQ=",
+ "owner": "trusteddomainproject",
+ "repo": "OpenARC",
+ "rev": "355ee2a1ca85acccce494478991983b54f794f4e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "trusteddomainproject",
+ "repo": "OpenARC",
+ "type": "github"
+ }
+ },
+ "root": {
+ "inputs": {
+ "nixpkgs": "nixpkgs",
+ "openarc": "openarc"
+ }
+ }
+ },
+ "root": "root",
+ "version": 7
+}
--- /dev/null
+{
+ inputs.openarc = {
+ url = "https://git.immae.eu/perso/Immae/Config/Nix.git";
+ type = "git";
+ dir = "flakes/openarc";
+ };
+ inputs.nixpkgs.url = "github:NixOS/nixpkgs";
+
+ description = "Private configuration for openarc";
+ outputs = { self, nixpkgs, openarc }:
+ let
+ cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
+ services.openarc = {
+ enable = true;
+ user = "opendkim";
+ socket = "local:${config.myServices.mail.milters.sockets.openarc}";
+ group = config.services.postfix.group;
+ configFile = pkgs.writeText "openarc.conf" ''
+ AuthservID mail.immae.eu
+ Domain mail.immae.eu
+ KeyFile ${config.secrets.fullPaths."opendkim/eldiron.private"}
+ Mode sv
+ Selector eldiron
+ SoftwareHeader yes
+ Syslog Yes
+ '';
+ };
+ systemd.services.openarc.serviceConfig.Slice = "mail.slice";
+ systemd.services.openarc.postStart = lib.optionalString
+ (lib.strings.hasPrefix "local:" config.services.openarc.socket) ''
+ while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do
+ sleep 0.5
+ done
+ chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket}
+ '';
+ services.filesWatcher.openarc = {
+ restart = true;
+ paths = [
+ config.secrets.fullPaths."opendkim/eldiron.private"
+ ];
+ };
+ };
+ in
+ openarc.outputs //
+ { nixosModules = openarc.nixosModules or {} // nixpkgs.lib.genAttrs ["eldiron" "backup-2"] cfg; };
+}
+++ /dev/null
-pkgs:
-let
- cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
- users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
- systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
- services.opendmarc = {
- enable = true;
- socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
- configFile = pkgs.writeText "opendmarc.conf" ''
- AuthservID HOSTNAME
- FailureReports false
- FailureReportsBcc postmaster@immae.eu
- FailureReportsOnNone true
- FailureReportsSentBy postmaster@immae.eu
- IgnoreAuthenticatedClients true
- IgnoreHosts ${config.secrets.fullPaths."opendmarc/ignore.hosts"}
- SoftwareHeader true
- SPFIgnoreResults true
- SPFSelfValidate true
- UMask 002
- '';
- group = config.services.postfix.group;
- };
- services.filesWatcher.opendmarc = {
- restart = true;
- paths = [
- config.secrets.fullPaths."opendmarc/ignore.hosts"
- ];
- };
- secrets.keys = [
- {
- dest = "opendmarc/ignore.hosts";
- user = config.services.opendmarc.user;
- group = config.services.opendmarc.group;
- permissions = "0400";
- text = let
- mxes = lib.attrsets.filterAttrs
- (n: v: v.mx.enable)
- config.myEnv.servers;
- in
- builtins.concatStringsSep "\n" ([
- config.myEnv.mail.dmarc.ignore_hosts
- ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
- }
- ];
- };
-in
- pkgs.lib.genAttrs ["eldiron" "backup-2"] cfg
-
--- /dev/null
+{
+ "nodes": {
+ "flake-utils": {
+ "locked": {
+ "lastModified": 1609246779,
+ "narHash": "sha256-eq6ZXE/VWo3EMC65jmIT6H/rrUc9UWOWVujkzav025k=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "08c7ad4a0844adc4a7f9f5bb3beae482e789afa4",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_2": {
+ "locked": {
+ "lastModified": 1609246779,
+ "narHash": "sha256-eq6ZXE/VWo3EMC65jmIT6H/rrUc9UWOWVujkzav025k=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "08c7ad4a0844adc4a7f9f5bb3beae482e789afa4",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "libspf2": {
+ "inputs": {
+ "flake-utils": "flake-utils_2",
+ "nixpkgs": "nixpkgs_2"
+ },
+ "locked": {
+ "dir": "flakes/libspf2",
+ "lastModified": 1609548509,
+ "narHash": "sha256-d9gssVdKV0EaeDU/L5QgQpQwFuxWMbwNQ71i7z4LdDs=",
+ "ref": "master",
+ "rev": "749623765bef80615fc21e73aff89521d262e277",
+ "revCount": 796,
+ "type": "git",
+ "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+ },
+ "original": {
+ "dir": "flakes/libspf2",
+ "type": "git",
+ "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+ }
+ },
+ "myuids": {
+ "locked": {
+ "dir": "flakes/myuids",
+ "lastModified": 1609548509,
+ "narHash": "sha256-d9gssVdKV0EaeDU/L5QgQpQwFuxWMbwNQ71i7z4LdDs=",
+ "ref": "master",
+ "rev": "749623765bef80615fc21e73aff89521d262e277",
+ "revCount": 796,
+ "type": "git",
+ "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+ },
+ "original": {
+ "dir": "flakes/myuids",
+ "type": "git",
+ "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+ }
+ },
+ "nixpkgs": {
+ "locked": {
+ "lastModified": 1611218116,
+ "narHash": "sha256-CcyGZ8cLlHgiViWyBjRIjdsdRZxJjP2MgtWeuqSv3CE=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "30ab92ea31f6b7e9095b1e7e4b56a5000823efdf",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_2": {
+ "locked": {
+ "lastModified": 1597943282,
+ "narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_3": {
+ "locked": {
+ "lastModified": 1597943282,
+ "narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "opendmarc": {
+ "inputs": {
+ "flake-utils": "flake-utils",
+ "libspf2": "libspf2",
+ "myuids": "myuids",
+ "nixpkgs": "nixpkgs_3"
+ },
+ "locked": {
+ "dir": "flakes/opendmarc",
+ "lastModified": 1611091761,
+ "narHash": "sha256-fE3FBeUxVaMezKjEpepdQW9apOza+0AfBALFhaaD0VA=",
+ "ref": "master",
+ "rev": "23f9fdf03a6673dbe334ae33be4f498cc4753191",
+ "revCount": 802,
+ "type": "git",
+ "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+ },
+ "original": {
+ "dir": "flakes/opendmarc",
+ "type": "git",
+ "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+ }
+ },
+ "root": {
+ "inputs": {
+ "nixpkgs": "nixpkgs",
+ "opendmarc": "opendmarc"
+ }
+ }
+ },
+ "root": "root",
+ "version": 7
+}
--- /dev/null
+{
+ inputs.opendmarc = {
+ url = "https://git.immae.eu/perso/Immae/Config/Nix.git";
+ type = "git";
+ dir = "flakes/opendmarc";
+ };
+ inputs.nixpkgs.url = "github:NixOS/nixpkgs";
+
+ description = "Private configuration for opendmarc";
+ outputs = { self, nixpkgs, opendmarc }:
+ let
+ cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
+ users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
+ systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
+ services.opendmarc = {
+ enable = true;
+ socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
+ configFile = pkgs.writeText "opendmarc.conf" ''
+ AuthservID HOSTNAME
+ FailureReports false
+ FailureReportsBcc postmaster@immae.eu
+ FailureReportsOnNone true
+ FailureReportsSentBy postmaster@immae.eu
+ IgnoreAuthenticatedClients true
+ IgnoreHosts ${config.secrets.fullPaths."opendmarc/ignore.hosts"}
+ SoftwareHeader true
+ SPFIgnoreResults true
+ SPFSelfValidate true
+ UMask 002
+ '';
+ group = config.services.postfix.group;
+ };
+ services.filesWatcher.opendmarc = {
+ restart = true;
+ paths = [
+ config.secrets.fullPaths."opendmarc/ignore.hosts"
+ ];
+ };
+ secrets.keys = [
+ {
+ dest = "opendmarc/ignore.hosts";
+ user = config.services.opendmarc.user;
+ group = config.services.opendmarc.group;
+ permissions = "0400";
+ text = let
+ mxes = lib.attrsets.filterAttrs
+ (n: v: v.mx.enable)
+ config.myEnv.servers;
+ in
+ builtins.concatStringsSep "\n" ([
+ config.myEnv.mail.dmarc.ignore_hosts
+ ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
+ }
+ ];
+ };
+ in
+ opendmarc.outputs //
+ { nixosModules = opendmarc.nixosModules or {} // nixpkgs.lib.genAttrs ["eldiron" "backup-2"] cfg; };
+}
+
{ lib, pkgs, config, name, ... }:
{
imports =
- builtins.attrValues (import ../../../lib/flake-compat.nix ../../../flakes/openarc).nixosModules
- ++ builtins.attrValues (import ../../../lib/flake-compat.nix ../../../flakes/opendmarc).nixosModules;
+ builtins.attrValues (import ../../../lib/flake-compat.nix ../../../flakes/private/openarc).nixosModules
+ ++ builtins.attrValues (import ../../../lib/flake-compat.nix ../../../flakes/private/opendmarc).nixosModules;
options.myServices.mail.milters.sockets = lib.mkOption {
type = lib.types.attrsOf lib.types.path;
projects / perso / Immae / Config / Nix.git / commitdiff
