path = "../../opendmarc";
type = "path";
};
+ inputs.secrets = {
+ path = "../../secrets";
+ type = "path";
+ };
inputs.files-watcher = {
path = "../../files-watcher";
type = "path";
inputs.nix-lib.url = "github:NixOS/nixpkgs";
description = "Private configuration for opendmarc";
- outputs = { self, nix-lib, opendmarc, my-lib, files-watcher }:
+ outputs = { self, nix-lib, opendmarc, my-lib, files-watcher, secrets }:
let
cfg = name': { config, lib, pkgs, name, ... }: {
imports = [
(my-lib.lib.withNarKey files-watcher "nixosModule")
(my-lib.lib.withNarKey opendmarc "nixosModule")
- #FIXME:
- #(my-lib.lib.withNarKey secrets "nixosModule")
+ (my-lib.lib.withNarKey secrets "nixosModule")
];
config = lib.mkIf (name == name') {
users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
config.secrets.fullPaths."opendmarc/ignore.hosts"
];
};
- secrets.keys = [
- {
- dest = "opendmarc/ignore.hosts";
+ secrets.keys = {
+ "opendmarc/ignore.hosts" = {
user = config.services.opendmarc.user;
group = config.services.opendmarc.group;
permissions = "0400";
builtins.concatStringsSep "\n" ([
config.myEnv.mail.dmarc.ignore_hosts
] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
- }
- ];
+ };
+ };
};
};
in