flakes/private/openarc/flake.nix

   1 {
   2   inputs.openarc = {
   3     path = "../../openarc";
   4     type = "path";
   5   };
   6   inputs.files-watcher = {
   7     path = "../../files-watcher";
   8     type = "path";
   9   };
  10   inputs.my-lib = {
  11     path = "../../lib";
  12     type = "path";
  13   };
  14   inputs.nix-lib.url = "github:NixOS/nixpkgs";
  15
  16   description = "Private configuration for openarc";
  17   outputs = { self, nix-lib, my-lib, files-watcher, openarc }:
  18     let
  19       cfg = name': { config, lib, pkgs, name, ... }: {
  20         imports = [ (my-lib.lib.withNarKey files-watcher "nixosModule") ];
  21         config = lib.mkIf (name == name') {
  22           services.openarc = {
  23             enable = true;
  24             user = "opendkim";
  25             socket = "local:${config.myServices.mail.milters.sockets.openarc}";
  26             group = config.services.postfix.group;
  27             configFile = pkgs.writeText "openarc.conf" ''
  28               AuthservID              mail.immae.eu
  29               Domain                  mail.immae.eu
  30               KeyFile                 ${config.secrets.fullPaths."opendkim/eldiron.private"}
  31               Mode                    sv
  32               Selector                eldiron
  33               SoftwareHeader          yes
  34               Syslog                  Yes
  35               '';
  36           };
  37           systemd.services.openarc.serviceConfig.Slice = "mail.slice";
  38           systemd.services.openarc.postStart = lib.optionalString
  39                 (lib.strings.hasPrefix "local:" config.services.openarc.socket) ''
  40             while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do
  41               sleep 0.5
  42             done
  43             chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket}
  44             '';
  45           services.filesWatcher.openarc = {
  46             restart = true;
  47             paths = [
  48               config.secrets.fullPaths."opendkim/eldiron.private"
  49             ];
  50           };
  51         };
  52       };
  53     in
  54       openarc.outputs //
  55       { nixosModules = openarc.nixosModules or {} // nix-lib.lib.genAttrs ["eldiron" "backup-2"] cfg; };
  56 }