Refactor opendmarc/openarc flakes

8 files changed, 34 insertions, 25 deletions

diff --git a/flakes/openarc/flake.nix b/flakes/openarc/flake.nix
index f4ce653..6fd45bf 100644
--- a/flakes/openarc/flake.nix
+++ b/flakes/openarc/flake.nix
@@ -63,8 +63,8 @@
       nixosModule = { config, lib, pkgs, ... }:
         let
           cfg = config.services.openarc;
-          defaultSock = "local:/run/openarc/openarc.sock";
-          args = [ "-f" "-p" cfg.socket ] ++ lib.optionals (cfg.configFile != null) [ "-c" cfg.configFile ];
+          defaultSock = "/run/openarc/openarc.sock";
+          args = [ "-f" "-p" "local:${cfg.socket}" ] ++ lib.optionals (cfg.configFile != null) [ "-c" cfg.configFile ];
         in {
           options = {
             services.openarc = {
diff --git a/flakes/opendmarc/flake.nix b/flakes/opendmarc/flake.nix
index f1877b6..277fd25 100644
--- a/flakes/opendmarc/flake.nix
+++ b/flakes/opendmarc/flake.nix
@@ -48,8 +48,8 @@
      nixosModule = { config, lib, pkgs, ... }:
        let
          cfg = config.services.opendmarc;
-         defaultSock = "local:/run/opendmarc/opendmarc.sock";
-         args = [ "-f" "-l" "-p" cfg.socket ] ++ lib.optionals (cfg.configFile != null) [ "-c" cfg.configFile ];
+         defaultSock = "/run/opendmarc/opendmarc.sock";
+         args = [ "-f" "-l" "-p" "local:${cfg.socket}" ] ++ lib.optionals (cfg.configFile != null) [ "-c" cfg.configFile ];
        in {
          options = {
            services.opendmarc = {
diff --git a/flakes/private/openarc/flake.lock b/flakes/private/openarc/flake.lock
index 76ddaed..f0f56c7 100644
--- a/flakes/private/openarc/flake.lock
+++ b/flakes/private/openarc/flake.lock
@@ -31,7 +31,7 @@
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "narHash": "sha256-YJREl39cf4zrFdAULMu1Yjg7hIEZCLuCnP8qJvWbIvM=",
+        "narHash": "sha256-HGNP1eH7b42BxViYx/F3ZPO9CM1X+5qfA9JoP2ArN+s=",
         "path": "../../lib",
         "type": "path"
       },
@@ -59,11 +59,11 @@
     },
     "nix-lib": {
       "locked": {
-        "lastModified": 1629758329,
-        "narHash": "sha256-Qdno5vgP0pnc+nEB5DjYGseW+4MuXiJMfc6cHwalCXY=",
+        "lastModified": 1633008342,
+        "narHash": "sha256-wZV5YidnsqV/iufDIhaZip3LzwUGeIt8wtdiGS5+cXc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "99967a54d893b9742b38809ccfe3172b6918bdef",
+        "rev": "6eae8a116011f4db0aa5146f364820024411d6bb",
         "type": "github"
       },
       "original": {
@@ -110,7 +110,7 @@
         "openarc": "openarc_2"
       },
       "locked": {
-        "narHash": "sha256-w+MiC+2IBNsXJT9Ln5TBfipv0eCqZOdyY/BYGFVu+nk=",
+        "narHash": "sha256-ilrfNs6jpi1OceDE3y1atkovECx6PKNWubwLc0Sjx+s=",
         "path": "../../openarc",
         "type": "path"
       },
diff --git a/flakes/private/openarc/flake.nix b/flakes/private/openarc/flake.nix
index 9cc9aed..5c4b73c 100644
--- a/flakes/private/openarc/flake.nix
+++ b/flakes/private/openarc/flake.nix
@@ -17,12 +17,17 @@
   outputs = { self, nix-lib, my-lib, files-watcher, openarc }:
     let
       cfg = name': { config, lib, pkgs, name, ... }: {
-        imports = [ (my-lib.lib.withNarKey files-watcher "nixosModule") ];
+        imports = [
+          (my-lib.lib.withNarKey files-watcher "nixosModule")
+          (my-lib.lib.withNarKey openarc "nixosModule")
+          #FIXME:
+          #(my-lib.lib.withNarKey secrets "nixosModule")
+        ];
         config = lib.mkIf (name == name') {
           services.openarc = {
             enable = true;
             user = "opendkim";
-            socket = "local:${config.myServices.mail.milters.sockets.openarc}";
+            socket = "/run/openarc/openarc.sock";
             group = config.services.postfix.group;
             configFile = pkgs.writeText "openarc.conf" ''
               AuthservID              mail.immae.eu
@@ -35,12 +40,11 @@
               '';
           };
           systemd.services.openarc.serviceConfig.Slice = "mail.slice";
-          systemd.services.openarc.postStart = lib.optionalString
-                (lib.strings.hasPrefix "local:" config.services.openarc.socket) ''
-            while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do
+          systemd.services.openarc.postStart = ''
+            while [ ! -S ${config.services.openarc.socket} ]; do
               sleep 0.5
             done
-            chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket}
+            chmod g+w ${config.services.openarc.socket}
             '';
           services.filesWatcher.openarc = {
             restart = true;
diff --git a/flakes/private/opendmarc/flake.lock b/flakes/private/opendmarc/flake.lock
index ea056e5..121f51d 100644
--- a/flakes/private/opendmarc/flake.lock
+++ b/flakes/private/opendmarc/flake.lock
@@ -59,11 +59,11 @@
     },
     "nix-lib": {
       "locked": {
-        "lastModified": 1630358951,
-        "narHash": "sha256-y6jh6YDWX6fX88tS9bSFOVSnckCL4qgt7UqUJhLPSx8=",
+        "lastModified": 1633008342,
+        "narHash": "sha256-wZV5YidnsqV/iufDIhaZip3LzwUGeIt8wtdiGS5+cXc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "2d786792ca69c98a8655858464e53698ad7311e2",
+        "rev": "6eae8a116011f4db0aa5146f364820024411d6bb",
         "type": "github"
       },
       "original": {
@@ -109,7 +109,7 @@
         "nixpkgs": "nixpkgs_2"
       },
       "locked": {
-        "narHash": "sha256-eIe5hzNsp1zz5m4ZMzORwdHuLkhEsKkS7WMpPOJE4ok=",
+        "narHash": "sha256-7jup/d3+WXXWsNMB7Sp5Py4rJQV30Z5+PJITBISbQ9o=",
         "path": "../../opendmarc",
         "type": "path"
       },
diff --git a/flakes/private/opendmarc/flake.nix b/flakes/private/opendmarc/flake.nix
index 4b54ccf..debcfbd 100644
--- a/flakes/private/opendmarc/flake.nix
+++ b/flakes/private/opendmarc/flake.nix
@@ -17,13 +17,18 @@
   outputs = { self, nix-lib, opendmarc, my-lib, files-watcher }:
     let
       cfg = name': { config, lib, pkgs, name, ... }: {
-        imports = [ (my-lib.lib.withNarKey files-watcher "nixosModule") ];
+        imports = [
+          (my-lib.lib.withNarKey files-watcher "nixosModule")
+          (my-lib.lib.withNarKey opendmarc "nixosModule")
+          #FIXME:
+          #(my-lib.lib.withNarKey secrets "nixosModule")
+        ];
         config = lib.mkIf (name == name') {
           users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
           systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
           services.opendmarc = {
             enable = true;
-            socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
+            socket = "/run/opendmarc/opendmarc.sock";
             configFile = pkgs.writeText "opendmarc.conf" ''
               AuthservID                  HOSTNAME
               FailureReports              false
diff --git a/modules/default.nix b/modules/default.nix
index 5359e9c..11b3081 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -16,8 +16,8 @@ in
   fiche = ./webapps/fiche.nix;
   paste = (flakeCompat ../flakes/paste).nixosModule;
 
-  opendmarc = (flakeCompat ../flakes/opendmarc).nixosModule;
-  openarc = (flakeCompat ../flakes/openarc).nixosModule;
+  opendmarc = flakeLib.withNarKeyCompat flakeCompat ../flakes/opendmarc "nixosModule";
+  openarc = flakeLib.withNarKeyCompat flakeCompat ../flakes/openarc "nixosModule";
 
   duplyBackup = ./duply_backup;
   rsyncBackup = ./rsync_backup;
diff --git a/modules/private/mail/milters.nix b/modules/private/mail/milters.nix
index e00a2f3..4291993 100644
--- a/modules/private/mail/milters.nix
+++ b/modules/private/mail/milters.nix
@@ -8,8 +8,8 @@
     type = lib.types.attrsOf lib.types.path;
     default = {
       opendkim = "/run/opendkim/opendkim.sock";
-      opendmarc = "/run/opendmarc/opendmarc.sock";
-      openarc = "/run/openarc/openarc.sock";
+      opendmarc = config.services.opendmarc.socket;
+      openarc = config.services.openarc.socket;
     };
     readOnly = true;
     description = ''