From 910c2e9eb4996bfa12cd1ef925843403f7d3e154 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Isma=C3=ABl=20Bouya?= Date: Thu, 7 Oct 2021 15:22:57 +0200 Subject: [PATCH] Refactor opendmarc/openarc flakes --- flakes/openarc/flake.nix | 4 ++-- flakes/opendmarc/flake.nix | 4 ++-- flakes/private/openarc/flake.lock | 10 +++++----- flakes/private/openarc/flake.nix | 16 ++++++++++------ flakes/private/opendmarc/flake.lock | 8 ++++---- flakes/private/opendmarc/flake.nix | 9 +++++++-- modules/default.nix | 4 ++-- modules/private/mail/milters.nix | 4 ++-- 8 files changed, 34 insertions(+), 25 deletions(-) diff --git a/flakes/openarc/flake.nix b/flakes/openarc/flake.nix index f4ce653..6fd45bf 100644 --- a/flakes/openarc/flake.nix +++ b/flakes/openarc/flake.nix @@ -63,8 +63,8 @@ nixosModule = { config, lib, pkgs, ... }: let cfg = config.services.openarc; - defaultSock = "local:/run/openarc/openarc.sock"; - args = [ "-f" "-p" cfg.socket ] ++ lib.optionals (cfg.configFile != null) [ "-c" cfg.configFile ]; + defaultSock = "/run/openarc/openarc.sock"; + args = [ "-f" "-p" "local:${cfg.socket}" ] ++ lib.optionals (cfg.configFile != null) [ "-c" cfg.configFile ]; in { options = { services.openarc = { diff --git a/flakes/opendmarc/flake.nix b/flakes/opendmarc/flake.nix index f1877b6..277fd25 100644 --- a/flakes/opendmarc/flake.nix +++ b/flakes/opendmarc/flake.nix @@ -48,8 +48,8 @@ nixosModule = { config, lib, pkgs, ... }: let cfg = config.services.opendmarc; - defaultSock = "local:/run/opendmarc/opendmarc.sock"; - args = [ "-f" "-l" "-p" cfg.socket ] ++ lib.optionals (cfg.configFile != null) [ "-c" cfg.configFile ]; + defaultSock = "/run/opendmarc/opendmarc.sock"; + args = [ "-f" "-l" "-p" "local:${cfg.socket}" ] ++ lib.optionals (cfg.configFile != null) [ "-c" cfg.configFile ]; in { options = { services.opendmarc = { diff --git a/flakes/private/openarc/flake.lock b/flakes/private/openarc/flake.lock index 76ddaed..f0f56c7 100644 --- a/flakes/private/openarc/flake.lock +++ b/flakes/private/openarc/flake.lock @@ -31,7 +31,7 @@ "nixpkgs": "nixpkgs" }, "locked": { - "narHash": "sha256-YJREl39cf4zrFdAULMu1Yjg7hIEZCLuCnP8qJvWbIvM=", + "narHash": "sha256-HGNP1eH7b42BxViYx/F3ZPO9CM1X+5qfA9JoP2ArN+s=", "path": "../../lib", "type": "path" }, @@ -59,11 +59,11 @@ }, "nix-lib": { "locked": { - "lastModified": 1629758329, - "narHash": "sha256-Qdno5vgP0pnc+nEB5DjYGseW+4MuXiJMfc6cHwalCXY=", + "lastModified": 1633008342, + "narHash": "sha256-wZV5YidnsqV/iufDIhaZip3LzwUGeIt8wtdiGS5+cXc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "99967a54d893b9742b38809ccfe3172b6918bdef", + "rev": "6eae8a116011f4db0aa5146f364820024411d6bb", "type": "github" }, "original": { @@ -110,7 +110,7 @@ "openarc": "openarc_2" }, "locked": { - "narHash": "sha256-w+MiC+2IBNsXJT9Ln5TBfipv0eCqZOdyY/BYGFVu+nk=", + "narHash": "sha256-ilrfNs6jpi1OceDE3y1atkovECx6PKNWubwLc0Sjx+s=", "path": "../../openarc", "type": "path" }, diff --git a/flakes/private/openarc/flake.nix b/flakes/private/openarc/flake.nix index 9cc9aed..5c4b73c 100644 --- a/flakes/private/openarc/flake.nix +++ b/flakes/private/openarc/flake.nix @@ -17,12 +17,17 @@ outputs = { self, nix-lib, my-lib, files-watcher, openarc }: let cfg = name': { config, lib, pkgs, name, ... }: { - imports = [ (my-lib.lib.withNarKey files-watcher "nixosModule") ]; + imports = [ + (my-lib.lib.withNarKey files-watcher "nixosModule") + (my-lib.lib.withNarKey openarc "nixosModule") + #FIXME: + #(my-lib.lib.withNarKey secrets "nixosModule") + ]; config = lib.mkIf (name == name') { services.openarc = { enable = true; user = "opendkim"; - socket = "local:${config.myServices.mail.milters.sockets.openarc}"; + socket = "/run/openarc/openarc.sock"; group = config.services.postfix.group; configFile = pkgs.writeText "openarc.conf" '' AuthservID mail.immae.eu @@ -35,12 +40,11 @@ ''; }; systemd.services.openarc.serviceConfig.Slice = "mail.slice"; - systemd.services.openarc.postStart = lib.optionalString - (lib.strings.hasPrefix "local:" config.services.openarc.socket) '' - while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do + systemd.services.openarc.postStart = '' + while [ ! -S ${config.services.openarc.socket} ]; do sleep 0.5 done - chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket} + chmod g+w ${config.services.openarc.socket} ''; services.filesWatcher.openarc = { restart = true; diff --git a/flakes/private/opendmarc/flake.lock b/flakes/private/opendmarc/flake.lock index ea056e5..121f51d 100644 --- a/flakes/private/opendmarc/flake.lock +++ b/flakes/private/opendmarc/flake.lock @@ -59,11 +59,11 @@ }, "nix-lib": { "locked": { - "lastModified": 1630358951, - "narHash": "sha256-y6jh6YDWX6fX88tS9bSFOVSnckCL4qgt7UqUJhLPSx8=", + "lastModified": 1633008342, + "narHash": "sha256-wZV5YidnsqV/iufDIhaZip3LzwUGeIt8wtdiGS5+cXc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2d786792ca69c98a8655858464e53698ad7311e2", + "rev": "6eae8a116011f4db0aa5146f364820024411d6bb", "type": "github" }, "original": { @@ -109,7 +109,7 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "narHash": "sha256-eIe5hzNsp1zz5m4ZMzORwdHuLkhEsKkS7WMpPOJE4ok=", + "narHash": "sha256-7jup/d3+WXXWsNMB7Sp5Py4rJQV30Z5+PJITBISbQ9o=", "path": "../../opendmarc", "type": "path" }, diff --git a/flakes/private/opendmarc/flake.nix b/flakes/private/opendmarc/flake.nix index 4b54ccf..debcfbd 100644 --- a/flakes/private/opendmarc/flake.nix +++ b/flakes/private/opendmarc/flake.nix @@ -17,13 +17,18 @@ outputs = { self, nix-lib, opendmarc, my-lib, files-watcher }: let cfg = name': { config, lib, pkgs, name, ... }: { - imports = [ (my-lib.lib.withNarKey files-watcher "nixosModule") ]; + imports = [ + (my-lib.lib.withNarKey files-watcher "nixosModule") + (my-lib.lib.withNarKey opendmarc "nixosModule") + #FIXME: + #(my-lib.lib.withNarKey secrets "nixosModule") + ]; config = lib.mkIf (name == name') { users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ]; systemd.services.opendmarc.serviceConfig.Slice = "mail.slice"; services.opendmarc = { enable = true; - socket = "local:${config.myServices.mail.milters.sockets.opendmarc}"; + socket = "/run/opendmarc/opendmarc.sock"; configFile = pkgs.writeText "opendmarc.conf" '' AuthservID HOSTNAME FailureReports false diff --git a/modules/default.nix b/modules/default.nix index 5359e9c..11b3081 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -16,8 +16,8 @@ in fiche = ./webapps/fiche.nix; paste = (flakeCompat ../flakes/paste).nixosModule; - opendmarc = (flakeCompat ../flakes/opendmarc).nixosModule; - openarc = (flakeCompat ../flakes/openarc).nixosModule; + opendmarc = flakeLib.withNarKeyCompat flakeCompat ../flakes/opendmarc "nixosModule"; + openarc = flakeLib.withNarKeyCompat flakeCompat ../flakes/openarc "nixosModule"; duplyBackup = ./duply_backup; rsyncBackup = ./rsync_backup; diff --git a/modules/private/mail/milters.nix b/modules/private/mail/milters.nix index e00a2f3..4291993 100644 --- a/modules/private/mail/milters.nix +++ b/modules/private/mail/milters.nix @@ -8,8 +8,8 @@ type = lib.types.attrsOf lib.types.path; default = { opendkim = "/run/opendkim/opendkim.sock"; - opendmarc = "/run/opendmarc/opendmarc.sock"; - openarc = "/run/openarc/openarc.sock"; + opendmarc = config.services.opendmarc.socket; + openarc = config.services.openarc.socket; }; readOnly = true; description = '' -- 2.41.0