flakes/private/openarc/flake.nix

   1 {
   2   inputs.openarc.url = "path:../../openarc";
   3   inputs.secrets.url = "path:../../secrets";
   4   inputs.files-watcher.url = "path:../../files-watcher";
   5
   6   description = "Private configuration for openarc";
   7   outputs = { self, files-watcher, openarc, secrets }: {
   8     nixosModule = self.nixosModules.openarc;
   9     nixosModules.openarc = { config, pkgs, ... }: {
  10       imports = [
  11         files-watcher.nixosModule
  12         openarc.nixosModule
  13         secrets.nixosModule
  14       ];
  15       config = {
  16         services.openarc = {
  17           enable = true;
  18           user = "opendkim";
  19           socket = "/run/openarc/openarc.sock";
  20           group = config.services.postfix.group;
  21           configFile = pkgs.writeText "openarc.conf" ''
  22             AuthservID              mail.immae.eu
  23             Domain                  mail.immae.eu
  24             KeyFile                 ${config.secrets.fullPaths."opendkim/eldiron.private"}
  25             Mode                    sv
  26             Selector                eldiron
  27             SoftwareHeader          yes
  28             Syslog                  Yes
  29             '';
  30         };
  31         systemd.services.openarc.serviceConfig.Slice = "mail.slice";
  32         systemd.services.openarc.postStart = ''
  33           while [ ! -S ${config.services.openarc.socket} ]; do
  34             sleep 0.5
  35           done
  36           chmod g+w ${config.services.openarc.socket}
  37           '';
  38         services.filesWatcher.openarc = {
  39           restart = true;
  40           paths = [
  41             config.secrets.fullPaths."opendkim/eldiron.private"
  42           ];
  43         };
  44       };
  45     };
  46   };
  47 }