{ inputs.openarc = { path = "../../openarc"; type = "path"; }; inputs.secrets = { path = "../../secrets"; type = "path"; }; inputs.files-watcher = { path = "../../files-watcher"; type = "path"; }; inputs.my-lib = { path = "../../lib"; type = "path"; }; inputs.nix-lib.url = "github:NixOS/nixpkgs"; description = "Private configuration for openarc"; outputs = { self, nix-lib, my-lib, files-watcher, openarc, secrets }: let cfg = name': { config, lib, pkgs, name, ... }: { imports = [ (my-lib.lib.withNarKey files-watcher "nixosModule") (my-lib.lib.withNarKey openarc "nixosModule") (my-lib.lib.withNarKey secrets "nixosModule") ]; config = lib.mkIf (name == name') { services.openarc = { enable = true; user = "opendkim"; socket = "/run/openarc/openarc.sock"; group = config.services.postfix.group; configFile = pkgs.writeText "openarc.conf" '' AuthservID mail.immae.eu Domain mail.immae.eu KeyFile ${config.secrets.fullPaths."opendkim/eldiron.private"} Mode sv Selector eldiron SoftwareHeader yes Syslog Yes ''; }; systemd.services.openarc.serviceConfig.Slice = "mail.slice"; systemd.services.openarc.postStart = '' while [ ! -S ${config.services.openarc.socket} ]; do sleep 0.5 done chmod g+w ${config.services.openarc.socket} ''; services.filesWatcher.openarc = { restart = true; paths = [ config.secrets.fullPaths."opendkim/eldiron.private" ]; }; }; }; in openarc.outputs // { nixosModules = openarc.nixosModules or {} // nix-lib.lib.genAttrs ["eldiron" "backup-2"] cfg; }; }