aboutsummaryrefslogtreecommitdiff
path: root/flakes/private/openarc
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2023-10-04 01:35:06 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2023-10-04 02:11:48 +0200
commit1a64deeb894dc95e2645a75771732c6cc53a79ad (patch)
tree1b9df4838f894577a09b9b260151756272efeb53 /flakes/private/openarc
parentfa25ffd4583cc362075cd5e1b4130f33306103f0 (diff)
downloadNix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.gz
Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.zst
Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.zip
Squash changes containing private information
There were a lot of changes since the previous commit, but a lot of them contained personnal information about users. All thos changes got stashed into a single commit (history is kept in a different place) and private information was moved in a separate private repository
Diffstat (limited to 'flakes/private/openarc')
-rw-r--r--flakes/private/openarc/flake.lock72
-rw-r--r--flakes/private/openarc/flake.nix96
2 files changed, 52 insertions, 116 deletions
diff --git a/flakes/private/openarc/flake.lock b/flakes/private/openarc/flake.lock
index be75993..60b0fdf 100644
--- a/flakes/private/openarc/flake.lock
+++ b/flakes/private/openarc/flake.lock
@@ -2,7 +2,8 @@
2 "nodes": { 2 "nodes": {
3 "files-watcher": { 3 "files-watcher": {
4 "locked": { 4 "locked": {
5 "narHash": "sha256-6urOJuzXsu4HJHyVmrZHd40SMzzTeHiOiDOM40q53Y0=", 5 "lastModified": 1,
6 "narHash": "sha256-ZsdumUVoSPkV/DB6gO6dNDttjzalye0ToVBF9bl5W0k=",
6 "path": "../../files-watcher", 7 "path": "../../files-watcher",
7 "type": "path" 8 "type": "path"
8 }, 9 },
@@ -26,69 +27,20 @@
26 "type": "github" 27 "type": "github"
27 } 28 }
28 }, 29 },
29 "my-lib": { 30 "myuids": {
30 "inputs": {
31 "nixpkgs": "nixpkgs"
32 },
33 "locked": { 31 "locked": {
34 "narHash": "sha256-HGNP1eH7b42BxViYx/F3ZPO9CM1X+5qfA9JoP2ArN+s=", 32 "lastModified": 1,
35 "path": "../../lib", 33 "narHash": "sha256-HkW9YCLQCNBX3Em7J7MjraVEZO3I3PizkVV2QrUdULQ=",
34 "path": "../myuids",
36 "type": "path" 35 "type": "path"
37 }, 36 },
38 "original": { 37 "original": {
39 "path": "../../lib", 38 "path": "../myuids",
40 "type": "path" 39 "type": "path"
41 } 40 }
42 }, 41 },
43 "myuids": {
44 "locked": {
45 "dir": "flakes/myuids",
46 "lastModified": 1628207001,
47 "narHash": "sha256-7e12OfDv9zMOfqcAlsk1sZj2l3ZB03kcBdWUqhwVaWo=",
48 "ref": "master",
49 "rev": "dfe02d8fd52e33c7d4e1a209cf486696100b88f3",
50 "revCount": 865,
51 "type": "git",
52 "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
53 },
54 "original": {
55 "dir": "flakes/myuids",
56 "type": "git",
57 "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
58 }
59 },
60 "nix-lib": {
61 "locked": {
62 "lastModified": 1633008342,
63 "narHash": "sha256-wZV5YidnsqV/iufDIhaZip3LzwUGeIt8wtdiGS5+cXc=",
64 "owner": "NixOS",
65 "repo": "nixpkgs",
66 "rev": "6eae8a116011f4db0aa5146f364820024411d6bb",
67 "type": "github"
68 },
69 "original": {
70 "owner": "NixOS",
71 "repo": "nixpkgs",
72 "type": "github"
73 }
74 },
75 "nixpkgs": { 42 "nixpkgs": {
76 "locked": { 43 "locked": {
77 "lastModified": 1631570365,
78 "narHash": "sha256-vc6bfo0hijpicdUDiui2DvZXmpIP2iqOFZRcpMOuYPo=",
79 "owner": "NixOS",
80 "repo": "nixpkgs",
81 "rev": "df7113c0727881519248d4c7d080324e0ee3327b",
82 "type": "github"
83 },
84 "original": {
85 "owner": "NixOS",
86 "repo": "nixpkgs",
87 "type": "github"
88 }
89 },
90 "nixpkgs_2": {
91 "locked": {
92 "lastModified": 1597943282, 44 "lastModified": 1597943282,
93 "narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=", 45 "narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=",
94 "owner": "NixOS", 46 "owner": "NixOS",
@@ -106,11 +58,12 @@
106 "inputs": { 58 "inputs": {
107 "flake-utils": "flake-utils", 59 "flake-utils": "flake-utils",
108 "myuids": "myuids", 60 "myuids": "myuids",
109 "nixpkgs": "nixpkgs_2", 61 "nixpkgs": "nixpkgs",
110 "openarc": "openarc_2" 62 "openarc": "openarc_2"
111 }, 63 },
112 "locked": { 64 "locked": {
113 "narHash": "sha256-ilrfNs6jpi1OceDE3y1atkovECx6PKNWubwLc0Sjx+s=", 65 "lastModified": 1,
66 "narHash": "sha256-+X3x0t7DSYBvgFAUGNnMV4F/vQOUWE+9Q4Az6V8/iTw=",
114 "path": "../../openarc", 67 "path": "../../openarc",
115 "type": "path" 68 "type": "path"
116 }, 69 },
@@ -138,15 +91,14 @@
138 "root": { 91 "root": {
139 "inputs": { 92 "inputs": {
140 "files-watcher": "files-watcher", 93 "files-watcher": "files-watcher",
141 "my-lib": "my-lib",
142 "nix-lib": "nix-lib",
143 "openarc": "openarc", 94 "openarc": "openarc",
144 "secrets": "secrets" 95 "secrets": "secrets"
145 } 96 }
146 }, 97 },
147 "secrets": { 98 "secrets": {
148 "locked": { 99 "locked": {
149 "narHash": "sha256-w3u1bMEJHCg9SqErJ5Qi0sTX2xx7mk+HrHZXzpjQd1w=", 100 "lastModified": 1,
101 "narHash": "sha256-5AakznhrJFmwCD7lr4JEh55MtdAJL6WA/YuBks6ISSE=",
150 "path": "../../secrets", 102 "path": "../../secrets",
151 "type": "path" 103 "type": "path"
152 }, 104 },
diff --git a/flakes/private/openarc/flake.nix b/flakes/private/openarc/flake.nix
index b4ab4c8..56c3a1a 100644
--- a/flakes/private/openarc/flake.nix
+++ b/flakes/private/openarc/flake.nix
@@ -1,63 +1,47 @@
1{ 1{
2 inputs.openarc = { 2 inputs.openarc.url = "path:../../openarc";
3 path = "../../openarc"; 3 inputs.secrets.url = "path:../../secrets";
4 type = "path"; 4 inputs.files-watcher.url = "path:../../files-watcher";
5 };
6 inputs.secrets = {
7 path = "../../secrets";
8 type = "path";
9 };
10 inputs.files-watcher = {
11 path = "../../files-watcher";
12 type = "path";
13 };
14 inputs.my-lib = {
15 path = "../../lib";
16 type = "path";
17 };
18 inputs.nix-lib.url = "github:NixOS/nixpkgs";
19 5
20 description = "Private configuration for openarc"; 6 description = "Private configuration for openarc";
21 outputs = { self, nix-lib, my-lib, files-watcher, openarc, secrets }: 7 outputs = { self, files-watcher, openarc, secrets }: {
22 let 8 nixosModule = self.nixosModules.openarc;
23 cfg = name': { config, lib, pkgs, name, ... }: { 9 nixosModules.openarc = { config, pkgs, ... }: {
24 imports = [ 10 imports = [
25 (my-lib.lib.withNarKey files-watcher "nixosModule") 11 files-watcher.nixosModule
26 (my-lib.lib.withNarKey openarc "nixosModule") 12 openarc.nixosModule
27 (my-lib.lib.withNarKey secrets "nixosModule") 13 secrets.nixosModule
28 ]; 14 ];
29 config = lib.mkIf (name == name') { 15 config = {
30 services.openarc = { 16 services.openarc = {
31 enable = true; 17 enable = true;
32 user = "opendkim"; 18 user = "opendkim";
33 socket = "/run/openarc/openarc.sock"; 19 socket = "/run/openarc/openarc.sock";
34 group = config.services.postfix.group; 20 group = config.services.postfix.group;
35 configFile = pkgs.writeText "openarc.conf" '' 21 configFile = pkgs.writeText "openarc.conf" ''
36 AuthservID mail.immae.eu 22 AuthservID mail.immae.eu
37 Domain mail.immae.eu 23 Domain mail.immae.eu
38 KeyFile ${config.secrets.fullPaths."opendkim/eldiron.private"} 24 KeyFile ${config.secrets.fullPaths."opendkim/eldiron.private"}
39 Mode sv 25 Mode sv
40 Selector eldiron 26 Selector eldiron
41 SoftwareHeader yes 27 SoftwareHeader yes
42 Syslog Yes 28 Syslog Yes
43 '';
44 };
45 systemd.services.openarc.serviceConfig.Slice = "mail.slice";
46 systemd.services.openarc.postStart = ''
47 while [ ! -S ${config.services.openarc.socket} ]; do
48 sleep 0.5
49 done
50 chmod g+w ${config.services.openarc.socket}
51 ''; 29 '';
52 services.filesWatcher.openarc = { 30 };
53 restart = true; 31 systemd.services.openarc.serviceConfig.Slice = "mail.slice";
54 paths = [ 32 systemd.services.openarc.postStart = ''
55 config.secrets.fullPaths."opendkim/eldiron.private" 33 while [ ! -S ${config.services.openarc.socket} ]; do
56 ]; 34 sleep 0.5
57 }; 35 done
36 chmod g+w ${config.services.openarc.socket}
37 '';
38 services.filesWatcher.openarc = {
39 restart = true;
40 paths = [
41 config.secrets.fullPaths."opendkim/eldiron.private"
42 ];
58 }; 43 };
59 }; 44 };
60 in 45 };
61 openarc.outputs // 46 };
62 { nixosModules = openarc.nixosModules or {} // nix-lib.lib.genAttrs ["eldiron" "backup-2"] cfg; };
63} 47}