]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - flakes/private/openarc/flake.nix
projects / perso / Immae / Config / Nix.git / blob
? search:


5c4b73cfeb83583d744d68973365cace139db684
[perso/Immae/Config/Nix.git] / flakes / private / openarc / flake.nix
1 {
2 inputs.openarc = {
3 path = "../../openarc";
4 type = "path";
5 };
6 inputs.files-watcher = {
7 path = "../../files-watcher";
8 type = "path";
9 };
10 inputs.my-lib = {
11 path = "../../lib";
12 type = "path";
13 };
14 inputs.nix-lib.url = "github:NixOS/nixpkgs";
15
16 description = "Private configuration for openarc";
17 outputs = { self, nix-lib, my-lib, files-watcher, openarc }:
18 let
19 cfg = name': { config, lib, pkgs, name, ... }: {
20 imports = [
21 (my-lib.lib.withNarKey files-watcher "nixosModule")
22 (my-lib.lib.withNarKey openarc "nixosModule")
23 #FIXME:
24 #(my-lib.lib.withNarKey secrets "nixosModule")
25 ];
26 config = lib.mkIf (name == name') {
27 services.openarc = {
28 enable = true;
29 user = "opendkim";
30 socket = "/run/openarc/openarc.sock";
31 group = config.services.postfix.group;
32 configFile = pkgs.writeText "openarc.conf" ''
33 AuthservID mail.immae.eu
34 Domain mail.immae.eu
35 KeyFile ${config.secrets.fullPaths."opendkim/eldiron.private"}
36 Mode sv
37 Selector eldiron
38 SoftwareHeader yes
39 Syslog Yes
40 '';
41 };
42 systemd.services.openarc.serviceConfig.Slice = "mail.slice";
43 systemd.services.openarc.postStart = ''
44 while [ ! -S ${config.services.openarc.socket} ]; do
45 sleep 0.5
46 done
47 chmod g+w ${config.services.openarc.socket}
48 '';
49 services.filesWatcher.openarc = {
50 restart = true;
51 paths = [
52 config.secrets.fullPaths."opendkim/eldiron.private"
53 ];
54 };
55 };
56 };
57 in
58 openarc.outputs //
59 { nixosModules = openarc.nixosModules or {} // nix-lib.lib.genAttrs ["eldiron" "backup-2"] cfg; };
60 }
My infrastructure configuration