[perso/Immae/Config/Nix.git] / flakes / private / openarc / flake.nix

{
  inputs.openarc = {
    path = "../../openarc";
    type = "path";
  };
  inputs.secrets = {
    path = "../../secrets";
    type = "path";
  };
  inputs.files-watcher = {
    path = "../../files-watcher";
    type = "path";
  };
  inputs.my-lib = {
    path = "../../lib";
    type = "path";
  };
  inputs.nix-lib.url = "github:NixOS/nixpkgs";

  description = "Private configuration for openarc";
  outputs = { self, nix-lib, my-lib, files-watcher, openarc, secrets }:
    let
      cfg = name': { config, lib, pkgs, name, ... }: {
        imports = [
          (my-lib.lib.withNarKey files-watcher "nixosModule")
          (my-lib.lib.withNarKey openarc "nixosModule")
          (my-lib.lib.withNarKey secrets "nixosModule")
        ];
        config = lib.mkIf (name == name') {
          services.openarc = {
            enable = true;
            user = "opendkim";
            socket = "/run/openarc/openarc.sock";
            group = config.services.postfix.group;
            configFile = pkgs.writeText "openarc.conf" ''
              AuthservID              mail.immae.eu
              Domain                  mail.immae.eu
              KeyFile                 ${config.secrets.fullPaths."opendkim/eldiron.private"}
              Mode                    sv
              Selector                eldiron
              SoftwareHeader          yes
              Syslog                  Yes
              '';
          };
          systemd.services.openarc.serviceConfig.Slice = "mail.slice";
          systemd.services.openarc.postStart = ''
            while [ ! -S ${config.services.openarc.socket} ]; do
              sleep 0.5
            done
            chmod g+w ${config.services.openarc.socket}
            '';
          services.filesWatcher.openarc = {
            restart = true;
            paths = [
              config.secrets.fullPaths."opendkim/eldiron.private"
            ];
          };
        };
      };
    in
      openarc.outputs //
      { nixosModules = openarc.nixosModules or {} // nix-lib.lib.genAttrs ["eldiron" "backup-2"] cfg; };
}
Commit	Line	Data
ef43c362 IB	1	{
ef43c362 IB	2	inputs.openarc = {
ada96f10 IB	3	path = "../../openarc";
ada96f10 IB	4	type = "path";
ef43c362	5	};
da30ae4f IB	6	inputs.secrets = {
	7	path = "../../secrets";
	8	type = "path";
	9	};
27dd65fc IB	10	inputs.files-watcher = {
	11	path = "../../files-watcher";
	12	type = "path";
	13	};
	14	inputs.my-lib = {
	15	path = "../../lib";
	16	type = "path";
	17	};
5e2ec9fb	18	inputs.nix-lib.url = "github:NixOS/nixpkgs";
ef43c362 IB	19
ef43c362 IB	20	description = "Private configuration for openarc";
da30ae4f	21	outputs = { self, nix-lib, my-lib, files-watcher, openarc, secrets }:
ef43c362	22	let
27dd65fc	23	cfg = name': { config, lib, pkgs, name, ... }: {
910c2e9e IB	24	imports = [
	25	(my-lib.lib.withNarKey files-watcher "nixosModule")
	26	(my-lib.lib.withNarKey openarc "nixosModule")
da30ae4f	27	(my-lib.lib.withNarKey secrets "nixosModule")
910c2e9e	28	];
27dd65fc IB	29	config = lib.mkIf (name == name') {
	30	services.openarc = {
	31	enable = true;
	32	user = "opendkim";
910c2e9e	33	socket = "/run/openarc/openarc.sock";
27dd65fc IB	34	group = config.services.postfix.group;
	35	configFile = pkgs.writeText "openarc.conf" ''
	36	AuthservID mail.immae.eu
	37	Domain mail.immae.eu
	38	KeyFile ${config.secrets.fullPaths."opendkim/eldiron.private"}
	39	Mode sv
	40	Selector eldiron
	41	SoftwareHeader yes
	42	Syslog Yes
	43	'';
	44	};
	45	systemd.services.openarc.serviceConfig.Slice = "mail.slice";
910c2e9e IB	46	systemd.services.openarc.postStart = ''
910c2e9e IB	47	while [ ! -S ${config.services.openarc.socket} ]; do
27dd65fc IB	48	sleep 0.5
27dd65fc IB	49	done
910c2e9e	50	chmod g+w ${config.services.openarc.socket}
ef43c362	51	'';
27dd65fc IB	52	services.filesWatcher.openarc = {
	53	restart = true;
	54	paths = [
	55	config.secrets.fullPaths."opendkim/eldiron.private"
	56	];
	57	};
ef43c362 IB	58	};
	59	};
	60	in
	61	openarc.outputs //
5e2ec9fb	62	{ nixosModules = openarc.nixosModules or {} // nix-lib.lib.genAttrs ["eldiron" "backup-2"] cfg; };
ef43c362	63	}