]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - flakes/private/opendmarc/flake.nix
Move secrets to flakes
[perso/Immae/Config/Nix.git] / flakes / private / opendmarc / flake.nix
index 4b54ccfbfe336c90963ec060f2c537d23262da7b..2b73070f5df0cde63ca46aa2eaf9ddcb2acff151 100644 (file)
@@ -3,6 +3,10 @@
     path = "../../opendmarc";
     type = "path";
   };
+  inputs.secrets = {
+    path = "../../secrets";
+    type = "path";
+  };
   inputs.files-watcher = {
     path = "../../files-watcher";
     type = "path";
   inputs.nix-lib.url = "github:NixOS/nixpkgs";
 
   description = "Private configuration for opendmarc";
-  outputs = { self, nix-lib, opendmarc, my-lib, files-watcher }:
+  outputs = { self, nix-lib, opendmarc, my-lib, files-watcher, secrets }:
     let
       cfg = name': { config, lib, pkgs, name, ... }: {
-        imports = [ (my-lib.lib.withNarKey files-watcher "nixosModule") ];
+        imports = [
+          (my-lib.lib.withNarKey files-watcher "nixosModule")
+          (my-lib.lib.withNarKey opendmarc "nixosModule")
+          (my-lib.lib.withNarKey secrets "nixosModule")
+        ];
         config = lib.mkIf (name == name') {
           users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
           systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
           services.opendmarc = {
             enable = true;
-            socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
+            socket = "/run/opendmarc/opendmarc.sock";
             configFile = pkgs.writeText "opendmarc.conf" ''
               AuthservID                  HOSTNAME
               FailureReports              false