path = "../../opendmarc";
type = "path";
};
+ inputs.secrets = {
+ path = "../../secrets";
+ type = "path";
+ };
inputs.files-watcher = {
path = "../../files-watcher";
type = "path";
inputs.nix-lib.url = "github:NixOS/nixpkgs";
description = "Private configuration for opendmarc";
- outputs = { self, nix-lib, opendmarc, my-lib, files-watcher }:
+ outputs = { self, nix-lib, opendmarc, my-lib, files-watcher, secrets }:
let
cfg = name': { config, lib, pkgs, name, ... }: {
- imports = [ (my-lib.lib.withNarKey files-watcher "nixosModule") ];
+ imports = [
+ (my-lib.lib.withNarKey files-watcher "nixosModule")
+ (my-lib.lib.withNarKey opendmarc "nixosModule")
+ (my-lib.lib.withNarKey secrets "nixosModule")
+ ];
config = lib.mkIf (name == name') {
users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
services.opendmarc = {
enable = true;
- socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
+ socket = "/run/opendmarc/opendmarc.sock";
configFile = pkgs.writeText "opendmarc.conf" ''
AuthservID HOSTNAME
FailureReports false