Use flake for openarc modules

[perso/Immae/Config/Nix.git] / flakes / openarc / private.nix

diff --git a/flakes/openarc/private.nix b/flakes/openarc/private.nix
new file mode 100644 (file)
index 0000000..5244ca9
--- /dev/null
+++ b/flakes/openarc/private.nix
@@ -0,0 +1,35 @@
+pkgs:
+let
+  cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
+    services.openarc = {
+      enable = true;
+      user = "opendkim";
+      socket = "local:${config.myServices.mail.milters.sockets.openarc}";
+      group = config.services.postfix.group;
+      configFile = pkgs.writeText "openarc.conf" ''
+        AuthservID              mail.immae.eu
+        Domain                  mail.immae.eu
+        KeyFile                 ${config.secrets.fullPaths."opendkim/eldiron.private"}
+        Mode                    sv
+        Selector                eldiron
+        SoftwareHeader          yes
+        Syslog                  Yes
+        '';
+    };
+    systemd.services.openarc.serviceConfig.Slice = "mail.slice";
+    systemd.services.openarc.postStart = lib.optionalString
+          (lib.strings.hasPrefix "local:" config.services.openarc.socket) ''
+      while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do
+        sleep 0.5
+      done
+      chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket}
+      '';
+    services.filesWatcher.openarc = {
+      restart = true;
+      paths = [
+        config.secrets.fullPaths."opendkim/eldiron.private"
+      ];
+    };
+  };
+in
+  pkgs.lib.genAttrs ["eldiron" "backup-2"] cfg