]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - flakes/private/opendmarc/flake.nix
projects / perso / Immae / Config / Nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Squash changes containing private information
[perso/Immae/Config/Nix.git] / flakes / private / opendmarc / flake.nix
diff --git a/flakes/private/opendmarc/flake.nix b/flakes/private/opendmarc/flake.nix
index 3d500a29212a136f4b664834da97db2c4eeb022c..7e9e8eb4d5ea117eee2710c0ba94e502ea67af6b 100644 (file)
--- a/flakes/private/opendmarc/flake.nix
+++ b/flakes/private/opendmarc/flake.nix
@@ -1,22 +1,25 @@
 {
-  inputs.opendmarc = {
-    path = "../../opendmarc";
-    type = "path";
-  };
-  inputs.nix-lib.url = "github:NixOS/nixpkgs";
-
-  # Necessary for dependencies
-  inputs.nixpkgs.follows = "opendmarc/nixpkgs";
+  inputs.opendmarc.url = "path:../../opendmarc";
+  inputs.environment.url = "path:../environment";
+  inputs.secrets.url = "path:../../secrets";
+  inputs.files-watcher.url = "path:../../files-watcher";
 
   description = "Private configuration for opendmarc";
-  outputs = { self, nix-lib, opendmarc, nixpkgs }:
-    let
-      cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
+  outputs = { self, environment, opendmarc, files-watcher, secrets }: {
+    nixosModule = self.nixosModules.opendmarc;
+    nixosModules.opendmarc = { config, lib, pkgs, ... }: {
+      imports = [
+        environment.nixosModule
+        files-watcher.nixosModule
+        opendmarc.nixosModule
+        secrets.nixosModule
+      ];
+      config = {
         users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
         systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
         services.opendmarc = {
           enable = true;
-          socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
+          socket = "/run/opendmarc/opendmarc.sock";
           configFile = pkgs.writeText "opendmarc.conf" ''
             AuthservID                  HOSTNAME
             FailureReports              false
@@ -38,9 +41,8 @@
             config.secrets.fullPaths."opendmarc/ignore.hosts"
           ];
         };
-        secrets.keys = [
-          {
-            dest = "opendmarc/ignore.hosts";
+        secrets.keys = {
+          "opendmarc/ignore.hosts" = {
             user = config.services.opendmarc.user;
             group = config.services.opendmarc.group;
             permissions = "0400";
@@ -52,11 +54,9 @@
                 builtins.concatStringsSep "\n" ([
                   config.myEnv.mail.dmarc.ignore_hosts
                 ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
-          }
-        ];
+          };
+        };
       };
-    in
-      opendmarc.outputs //
-      { nixosModules = opendmarc.nixosModules or {} // nix-lib.lib.genAttrs ["eldiron" "backup-2"] cfg; };
+    };
+  };
 }
-
My infrastructure configuration