Use attrs for secrets instead of lists

[perso/Immae/Config/Nix.git] / modules / private / mail / sympa.nix

diff --git a/modules/private/mail/sympa.nix b/modules/private/mail/sympa.nix
index f7070e65be68d619bb83fe507314ea93f005e1b7..920daa985e11bb2f1b56d163c9e7c874f6ef6b4c 100644 (file)
--- a/modules/private/mail/sympa.nix
+++ b/modules/private/mail/sympa.nix
@@ -34,28 +34,37 @@ in
       ];
     };
 
-    secrets.keys = [
-      {
-        dest = "sympa/db_password";
+    secrets.keys = {
+      "sympa/db_password" = {
         permissions = "0400";
         group = "sympa";
         user = "sympa";
         text = sympaConfig.postgresql.password;
-      }
-    ]
-    ++ lib.mapAttrsToList (n: v: {
-      dest = "sympa/data_sources/${n}.incl"; permissions = "0400"; group = "sympa"; user = "sympa"; text = v;
+      };
+    }
+    // lib.mapAttrs' (n: v: lib.nameValuePair "sympa/data_sources/${n}.incl" {
+      permissions = "0400"; group = "sympa"; user = "sympa"; text = v;
     }) sympaConfig.data_sources
-    ++ lib.mapAttrsToList (n: v: {
-      dest = "sympa/scenari/${n}"; permissions = "0400"; group = "sympa"; user = "sympa"; text = v;
+    // lib.mapAttrs' (n: v: lib.nameValuePair "sympa/scenari/${n}" {
+      permissions = "0400"; group = "sympa"; user = "sympa"; text = v;
     }) sympaConfig.scenari;
     users.users.sympa.extraGroups = [ "keys" ];
+    systemd.slices.mail-sympa = {
+      description = "Sympa slice";
+    };
+
     systemd.services.sympa.serviceConfig.SupplementaryGroups = [ "keys" ];
     systemd.services.sympa-archive.serviceConfig.SupplementaryGroups = [ "keys" ];
     systemd.services.sympa-bounce.serviceConfig.SupplementaryGroups = [ "keys" ];
     systemd.services.sympa-bulk.serviceConfig.SupplementaryGroups = [ "keys" ];
     systemd.services.sympa-task.serviceConfig.SupplementaryGroups = [ "keys" ];
 
+    systemd.services.sympa.serviceConfig.Slice = "mail-sympa.slice";
+    systemd.services.sympa-archive.serviceConfig.Slice = "mail-sympa.slice";
+    systemd.services.sympa-bounce.serviceConfig.Slice = "mail-sympa.slice";
+    systemd.services.sympa-bulk.serviceConfig.Slice = "mail-sympa.slice";
+    systemd.services.sympa-task.serviceConfig.Slice = "mail-sympa.slice";
+
     # https://github.com/NixOS/nixpkgs/pull/84202
     systemd.services.sympa.serviceConfig.ProtectKernelModules = lib.mkForce false;
     systemd.services.sympa-archive.serviceConfig.ProtectKernelModules = lib.mkForce false;
@@ -72,6 +81,7 @@ in
       wantedBy = [ "multi-user.target" ];
       after = [ "sympa.service" ];
       serviceConfig = {
+        Slice = "mail-sympa.slice";
         Type = "forking";
         PIDFile = "/run/sympa/wwsympa.pid";
         Restart = "always";