From 74a10960d8659eaffa8224cee31fcf217c69609f Mon Sep 17 00:00:00 2001 From: =?utf8?q?Isma=C3=ABl=20Bouya?= Date: Fri, 1 Jan 2021 12:21:09 +0100 Subject: [PATCH] Use flake for openarc modules --- flakes/openarc/flake.nix | 1 + flakes/openarc/private.nix | 35 ++++++++++++++++++++++++++++++++ modules/private/mail/milters.nix | 35 ++++---------------------------- 3 files changed, 40 insertions(+), 31 deletions(-) create mode 100644 flakes/openarc/private.nix diff --git a/flakes/openarc/flake.nix b/flakes/openarc/flake.nix index bdb0358..9bc104d 100644 --- a/flakes/openarc/flake.nix +++ b/flakes/openarc/flake.nix @@ -75,6 +75,7 @@ }; }) // { hydraJobs.build = nixpkgs.lib.genAttrs flake-utils.lib.defaultSystems (system: self.defaultPackage."${system}"); + nixosModules = (if builtins.pathExists ./private.nix then import ./private.nix nixpkgs else {}); nixosModule = { config, lib, pkgs, ... }: let cfg = config.services.openarc; diff --git a/flakes/openarc/private.nix b/flakes/openarc/private.nix new file mode 100644 index 0000000..5244ca9 --- /dev/null +++ b/flakes/openarc/private.nix @@ -0,0 +1,35 @@ +pkgs: +let + cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') { + services.openarc = { + enable = true; + user = "opendkim"; + socket = "local:${config.myServices.mail.milters.sockets.openarc}"; + group = config.services.postfix.group; + configFile = pkgs.writeText "openarc.conf" '' + AuthservID mail.immae.eu + Domain mail.immae.eu + KeyFile ${config.secrets.fullPaths."opendkim/eldiron.private"} + Mode sv + Selector eldiron + SoftwareHeader yes + Syslog Yes + ''; + }; + systemd.services.openarc.serviceConfig.Slice = "mail.slice"; + systemd.services.openarc.postStart = lib.optionalString + (lib.strings.hasPrefix "local:" config.services.openarc.socket) '' + while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do + sleep 0.5 + done + chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket} + ''; + services.filesWatcher.openarc = { + restart = true; + paths = [ + config.secrets.fullPaths."opendkim/eldiron.private" + ]; + }; + }; +in + pkgs.lib.genAttrs ["eldiron" "backup-2"] cfg diff --git a/modules/private/mail/milters.nix b/modules/private/mail/milters.nix index 02c35c8..96c2800 100644 --- a/modules/private/mail/milters.nix +++ b/modules/private/mail/milters.nix @@ -1,5 +1,8 @@ -{ lib, pkgs, config, ... }: +{ lib, pkgs, config, name, ... }: { + imports = + builtins.attrValues (import ../../../lib/flake-compat.nix ../../../flakes/openarc).nixosModules; + options.myServices.mail.milters.sockets = lib.mkOption { type = lib.types.attrsOf lib.types.path; default = { @@ -103,36 +106,6 @@ ]; }; - services.openarc = { - enable = true; - user = "opendkim"; - socket = "local:${config.myServices.mail.milters.sockets.openarc}"; - group = config.services.postfix.group; - configFile = pkgs.writeText "openarc.conf" '' - AuthservID mail.immae.eu - Domain mail.immae.eu - KeyFile ${config.secrets.fullPaths."opendkim/eldiron.private"} - Mode sv - Selector eldiron - SoftwareHeader yes - Syslog Yes - ''; - }; - systemd.services.openarc.serviceConfig.Slice = "mail.slice"; - systemd.services.openarc.postStart = lib.optionalString - (lib.strings.hasPrefix "local:" config.services.openarc.socket) '' - while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do - sleep 0.5 - done - chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket} - ''; - services.filesWatcher.openarc = { - restart = true; - paths = [ - config.secrets.fullPaths."opendkim/eldiron.private" - ]; - }; - systemd.services.milter_verify_from = { description = "Verify from milter"; after = [ "network.target" ]; -- 2.41.0