Add filesWatcher flake

[perso/Immae/Config/Nix.git] / flakes / private / opendmarc / flake.nix

diff --git a/flakes/private/opendmarc/flake.nix b/flakes/private/opendmarc/flake.nix
index ae96c30721f01adff1227ac220734c625032ebbf..4b54ccfbfe336c90963ec060f2c537d23262da7b 100644 (file)
--- a/flakes/private/opendmarc/flake.nix
+++ b/flakes/private/opendmarc/flake.nix
@@ -3,54 +3,65 @@
     path = "../../opendmarc";
     type = "path";
   };
+  inputs.files-watcher = {
+    path = "../../files-watcher";
+    type = "path";
+  };
+  inputs.my-lib = {
+    path = "../../lib";
+    type = "path";
+  };
   inputs.nix-lib.url = "github:NixOS/nixpkgs";
 
   description = "Private configuration for opendmarc";
-  outputs = { self, nix-lib, opendmarc }:
+  outputs = { self, nix-lib, opendmarc, my-lib, files-watcher }:
     let
-      cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
-        users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
-        systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
-        services.opendmarc = {
-          enable = true;
-          socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
-          configFile = pkgs.writeText "opendmarc.conf" ''
-            AuthservID                  HOSTNAME
-            FailureReports              false
-            FailureReportsBcc           postmaster@immae.eu
-            FailureReportsOnNone        true
-            FailureReportsSentBy        postmaster@immae.eu
-            IgnoreAuthenticatedClients  true
-            IgnoreHosts                 ${config.secrets.fullPaths."opendmarc/ignore.hosts"}
-            SoftwareHeader              true
-            SPFIgnoreResults            true
-            SPFSelfValidate             true
-            UMask                       002
-            '';
-          group = config.services.postfix.group;
-        };
-        services.filesWatcher.opendmarc = {
-          restart = true;
-          paths = [
-            config.secrets.fullPaths."opendmarc/ignore.hosts"
+      cfg = name': { config, lib, pkgs, name, ... }: {
+        imports = [ (my-lib.lib.withNarKey files-watcher "nixosModule") ];
+        config = lib.mkIf (name == name') {
+          users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
+          systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
+          services.opendmarc = {
+            enable = true;
+            socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
+            configFile = pkgs.writeText "opendmarc.conf" ''
+              AuthservID                  HOSTNAME
+              FailureReports              false
+              FailureReportsBcc           postmaster@immae.eu
+              FailureReportsOnNone        true
+              FailureReportsSentBy        postmaster@immae.eu
+              IgnoreAuthenticatedClients  true
+              IgnoreHosts                 ${config.secrets.fullPaths."opendmarc/ignore.hosts"}
+              SoftwareHeader              true
+              SPFIgnoreResults            true
+              SPFSelfValidate             true
+              UMask                       002
+              '';
+            group = config.services.postfix.group;
+          };
+          services.filesWatcher.opendmarc = {
+            restart = true;
+            paths = [
+              config.secrets.fullPaths."opendmarc/ignore.hosts"
+            ];
+          };
+          secrets.keys = [
+            {
+              dest = "opendmarc/ignore.hosts";
+              user = config.services.opendmarc.user;
+              group = config.services.opendmarc.group;
+              permissions = "0400";
+              text = let
+                mxes = lib.attrsets.filterAttrs
+                  (n: v: v.mx.enable)
+                  config.myEnv.servers;
+                in
+                  builtins.concatStringsSep "\n" ([
+                    config.myEnv.mail.dmarc.ignore_hosts
+                  ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
+            }
           ];
         };
-        secrets.keys = [
-          {
-            dest = "opendmarc/ignore.hosts";
-            user = config.services.opendmarc.user;
-            group = config.services.opendmarc.group;
-            permissions = "0400";
-            text = let
-              mxes = lib.attrsets.filterAttrs
-                (n: v: v.mx.enable)
-                config.myEnv.servers;
-              in
-                builtins.concatStringsSep "\n" ([
-                  config.myEnv.mail.dmarc.ignore_hosts
-                ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
-          }
-        ];
       };
     in
       opendmarc.outputs //