pkgs:
let
  cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
    services.openarc = {
      enable = true;
      user = "opendkim";
      socket = "local:${config.myServices.mail.milters.sockets.openarc}";
      group = config.services.postfix.group;
      configFile = pkgs.writeText "openarc.conf" ''
        AuthservID              mail.immae.eu
        Domain                  mail.immae.eu
        KeyFile                 ${config.secrets.fullPaths."opendkim/eldiron.private"}
        Mode                    sv
        Selector                eldiron
        SoftwareHeader          yes
        Syslog                  Yes
        '';
    };
    systemd.services.openarc.serviceConfig.Slice = "mail.slice";
    systemd.services.openarc.postStart = lib.optionalString
          (lib.strings.hasPrefix "local:" config.services.openarc.socket) ''
      while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do
        sleep 0.5
      done
      chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket}
      '';
    services.filesWatcher.openarc = {
      restart = true;
      paths = [
        config.secrets.fullPaths."opendkim/eldiron.private"
      ];
    };
  };
in
  pkgs.lib.genAttrs ["eldiron" "backup-2"] cfg