Use attrs for secrets instead of lists

[perso/Immae/Config/Nix.git] / modules / private / mail / milters.nix

diff --git a/modules/private/mail/milters.nix b/modules/private/mail/milters.nix
index 4291993351a723d246abdd321ccc28c59766b0f4..4b93a7aea78847d9a575dd2ad912fef061b2fa0c 100644 (file)
--- a/modules/private/mail/milters.nix
+++ b/modules/private/mail/milters.nix
@@ -17,23 +17,27 @@
       '';
   };
   config = lib.mkIf (config.myServices.mail.enable || config.myServices.mailBackup.enable) {
-    secrets.keys = [
-      {
-        dest = "opendkim/eldiron.private";
+    secrets.keys = {
+      "opendkim" = {
+        isDir = true;
+        user = config.services.opendkim.user;
+        group = config.services.opendkim.group;
+        permissions = "0550";
+      };
+      "opendkim/eldiron.private" = {
         user = config.services.opendkim.user;
         group = config.services.opendkim.group;
         permissions = "0400";
         text = config.myEnv.mail.dkim.eldiron.private;
-      }
-      {
-        dest = "opendkim/eldiron.txt";
+      };
+      "opendkim/eldiron.txt" = {
         user = config.services.opendkim.user;
         group = config.services.opendkim.group;
         permissions = "0444";
         text = ''
           eldiron._domainkey   IN      TXT     ${config.myEnv.mail.dkim.eldiron.public}'';
-      }
-    ];
+      };
+    };
     users.users."${config.services.opendkim.user}".extraGroups = [ "keys" ];
     services.opendkim = {
       enable = true;
@@ -45,7 +49,7 @@
         )
         config.myEnv.dns.masterZones
       ));
-      keyPath = "${config.secrets.location}/opendkim";
+      keyPath = config.secrets.fullPaths."opendkim";
       selector = "eldiron";
       configFile = pkgs.writeText "opendkim.conf" ''
         SubDomains        yes