Add private flake for openarc and opendmarc

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2021-01-21 09:56:28 +0100
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2021-01-21 10:07:19 +0100
commit: ef43c36272ca539cbfe803ded03949451b17b679 (patch)
tree: 3cf9412dbb2f407f3c8f97e7eaf208dfdb368bd4 /flakes/private/openarc
parent: 23f9fdf03a6673dbe334ae33be4f498cc4753191 (diff)
download: Nix-ef43c36272ca539cbfe803ded03949451b17b679.tar.gz
Nix-ef43c36272ca539cbfe803ded03949451b17b679.tar.zst
Nix-ef43c36272ca539cbfe803ded03949451b17b679.zip
2 files changed, 159 insertions, 0 deletions
diff --git a/flakes/private/openarc/flake.lock b/flakes/private/openarc/flake.lock
new file mode 100644
index 0000000..69186fb
--- /dev/null
+++ b/flakes/private/openarc/flake.lock
@@ -0,0 +1,113 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1609246779,
+        "narHash": "sha256-eq6ZXE/VWo3EMC65jmIT6H/rrUc9UWOWVujkzav025k=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "08c7ad4a0844adc4a7f9f5bb3beae482e789afa4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "myuids": {
+      "locked": {
+        "dir": "flakes/myuids",
+        "lastModified": 1609281959,
+        "narHash": "sha256-SYNlHeobQAzTzK0pM5AqMn7M2WbTuzBeoD+Q3Mu+sho=",
+        "ref": "master",
+        "rev": "1be9e64bb4556676f65e6e5044e04426848849c0",
+        "revCount": 791,
+        "type": "git",
+        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+      },
+      "original": {
+        "dir": "flakes/myuids",
+        "type": "git",
+        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1611218116,
+        "narHash": "sha256-CcyGZ8cLlHgiViWyBjRIjdsdRZxJjP2MgtWeuqSv3CE=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "30ab92ea31f6b7e9095b1e7e4b56a5000823efdf",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1597943282,
+        "narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "openarc": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "myuids": "myuids",
+        "nixpkgs": "nixpkgs_2",
+        "openarc": "openarc_2"
+      },
+      "locked": {
+        "dir": "flakes/openarc",
+        "lastModified": 1611091761,
+        "narHash": "sha256-fE3FBeUxVaMezKjEpepdQW9apOza+0AfBALFhaaD0VA=",
+        "ref": "master",
+        "rev": "23f9fdf03a6673dbe334ae33be4f498cc4753191",
+        "revCount": 802,
+        "type": "git",
+        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+      },
+      "original": {
+        "dir": "flakes/openarc",
+        "type": "git",
+        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+      }
+    },
+    "openarc_2": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1537545083,
+        "narHash": "sha256-xUSRARC7875vFjtZ66t8KBlKmkEdIZblWHc4zqGZAQQ=",
+        "owner": "trusteddomainproject",
+        "repo": "OpenARC",
+        "rev": "355ee2a1ca85acccce494478991983b54f794f4e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "trusteddomainproject",
+        "repo": "OpenARC",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs",
+        "openarc": "openarc"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flakes/private/openarc/flake.nix b/flakes/private/openarc/flake.nix
new file mode 100644
index 0000000..6a2518b
--- /dev/null
+++ b/flakes/private/openarc/flake.nix
@@ -0,0 +1,46 @@
+{
+  inputs.openarc = {
+    url = "https://git.immae.eu/perso/Immae/Config/Nix.git";
+    type = "git";
+    dir = "flakes/openarc";
+  };
+  inputs.nixpkgs.url = "github:NixOS/nixpkgs";
+  description = "Private configuration for openarc";
+  outputs = { self, nixpkgs, openarc }:
+    let
+      cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
+        services.openarc = {
+          enable = true;
+          user = "opendkim";
+          socket = "local:${config.myServices.mail.milters.sockets.openarc}";
+          group = config.services.postfix.group;
+          configFile = pkgs.writeText "openarc.conf" ''
+            AuthservID              mail.immae.eu
+            Domain                  mail.immae.eu
+            KeyFile                 ${config.secrets.fullPaths."opendkim/eldiron.private"}
+            Mode                    sv
+            Selector                eldiron
+            SoftwareHeader          yes
+            Syslog                  Yes
+            '';
+        };
+        systemd.services.openarc.serviceConfig.Slice = "mail.slice";
+        systemd.services.openarc.postStart = lib.optionalString
+              (lib.strings.hasPrefix "local:" config.services.openarc.socket) ''
+          while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do
+            sleep 0.5
+          done
+          chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket}
+          '';
+        services.filesWatcher.openarc = {
+          restart = true;
+          paths = [
+            config.secrets.fullPaths."opendkim/eldiron.private"
+          ];
+        };
+      };
+    in
+      openarc.outputs //
+      { nixosModules = openarc.nixosModules or {} // nixpkgs.lib.genAttrs ["eldiron" "backup-2"] cfg; };
+}
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2021-01-21 09:56:28 +0100
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2021-01-21 10:07:19 +0100
commit	ef43c36272ca539cbfe803ded03949451b17b679 (patch)
tree	3cf9412dbb2f407f3c8f97e7eaf208dfdb368bd4 /flakes/private/openarc
parent	23f9fdf03a6673dbe334ae33be4f498cc4753191 (diff)
download	Nix-ef43c36272ca539cbfe803ded03949451b17b679.tar.gz Nix-ef43c36272ca539cbfe803ded03949451b17b679.tar.zst Nix-ef43c36272ca539cbfe803ded03949451b17b679.zip

diff --git a/flakes/private/openarc/flake.lock b/flakes/private/openarc/flake.lock new file mode 100644 index 0000000..69186fb --- /dev/null +++ b/flakes/private/openarc/flake.lock
@@ -0,0 +1,113 @@
	1	{
	2	"nodes": {
	3	"flake-utils": {
	4	"locked": {
	5	"lastModified": 1609246779,
	6	"narHash": "sha256-eq6ZXE/VWo3EMC65jmIT6H/rrUc9UWOWVujkzav025k=",
	7	"owner": "numtide",
	8	"repo": "flake-utils",
	9	"rev": "08c7ad4a0844adc4a7f9f5bb3beae482e789afa4",
	10	"type": "github"
	11	},
	12	"original": {
	13	"owner": "numtide",
	14	"repo": "flake-utils",
	15	"type": "github"
	16	}
	17	},
	18	"myuids": {
	19	"locked": {
	20	"dir": "flakes/myuids",
	21	"lastModified": 1609281959,
	22	"narHash": "sha256-SYNlHeobQAzTzK0pM5AqMn7M2WbTuzBeoD+Q3Mu+sho=",
	23	"ref": "master",
	24	"rev": "1be9e64bb4556676f65e6e5044e04426848849c0",
	25	"revCount": 791,
	26	"type": "git",
	27	"url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
	28	},
	29	"original": {
	30	"dir": "flakes/myuids",
	31	"type": "git",
	32	"url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
	33	}
	34	},
	35	"nixpkgs": {
	36	"locked": {
	37	"lastModified": 1611218116,
	38	"narHash": "sha256-CcyGZ8cLlHgiViWyBjRIjdsdRZxJjP2MgtWeuqSv3CE=",
	39	"owner": "NixOS",
	40	"repo": "nixpkgs",
	41	"rev": "30ab92ea31f6b7e9095b1e7e4b56a5000823efdf",
	42	"type": "github"
	43	},
	44	"original": {
	45	"owner": "NixOS",
	46	"repo": "nixpkgs",
	47	"type": "github"
	48	}
	49	},
	50	"nixpkgs_2": {
	51	"locked": {
	52	"lastModified": 1597943282,
	53	"narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=",
	54	"owner": "NixOS",
	55	"repo": "nixpkgs",
	56	"rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38",
	57	"type": "github"
	58	},
	59	"original": {
	60	"owner": "NixOS",
	61	"repo": "nixpkgs",
	62	"type": "github"
	63	}
	64	},
	65	"openarc": {
	66	"inputs": {
	67	"flake-utils": "flake-utils",
	68	"myuids": "myuids",
	69	"nixpkgs": "nixpkgs_2",
	70	"openarc": "openarc_2"
	71	},
	72	"locked": {
	73	"dir": "flakes/openarc",
	74	"lastModified": 1611091761,
	75	"narHash": "sha256-fE3FBeUxVaMezKjEpepdQW9apOza+0AfBALFhaaD0VA=",
	76	"ref": "master",
	77	"rev": "23f9fdf03a6673dbe334ae33be4f498cc4753191",
	78	"revCount": 802,
	79	"type": "git",
	80	"url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
	81	},
	82	"original": {
	83	"dir": "flakes/openarc",
	84	"type": "git",
	85	"url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
	86	}
	87	},
	88	"openarc_2": {
	89	"flake": false,
	90	"locked": {
	91	"lastModified": 1537545083,
	92	"narHash": "sha256-xUSRARC7875vFjtZ66t8KBlKmkEdIZblWHc4zqGZAQQ=",
	93	"owner": "trusteddomainproject",
	94	"repo": "OpenARC",
	95	"rev": "355ee2a1ca85acccce494478991983b54f794f4e",
	96	"type": "github"
	97	},
	98	"original": {
	99	"owner": "trusteddomainproject",
	100	"repo": "OpenARC",
	101	"type": "github"
	102	}
	103	},
	104	"root": {
	105	"inputs": {
	106	"nixpkgs": "nixpkgs",
	107	"openarc": "openarc"
	108	}
	109	}
	110	},
	111	"root": "root",
	112	"version": 7
	113	}


diff --git a/flakes/private/openarc/flake.nix b/flakes/private/openarc/flake.nix new file mode 100644 index 0000000..6a2518b --- /dev/null +++ b/flakes/private/openarc/flake.nix
@@ -0,0 +1,46 @@
	1	{
	2	inputs.openarc = {
	3	url = "https://git.immae.eu/perso/Immae/Config/Nix.git";
	4	type = "git";
	5	dir = "flakes/openarc";
	6	};
	7	inputs.nixpkgs.url = "github:NixOS/nixpkgs";
	8
	9	description = "Private configuration for openarc";
	10	outputs = { self, nixpkgs, openarc }:
	11	let
	12	cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
	13	services.openarc = {
	14	enable = true;
	15	user = "opendkim";
	16	socket = "local:${config.myServices.mail.milters.sockets.openarc}";
	17	group = config.services.postfix.group;
	18	configFile = pkgs.writeText "openarc.conf" ''
	19	AuthservID mail.immae.eu
	20	Domain mail.immae.eu
	21	KeyFile ${config.secrets.fullPaths."opendkim/eldiron.private"}
	22	Mode sv
	23	Selector eldiron
	24	SoftwareHeader yes
	25	Syslog Yes
	26	'';
	27	};
	28	systemd.services.openarc.serviceConfig.Slice = "mail.slice";
	29	systemd.services.openarc.postStart = lib.optionalString
	30	(lib.strings.hasPrefix "local:" config.services.openarc.socket) ''
	31	while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do
	32	sleep 0.5
	33	done
	34	chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket}
	35	'';
	36	services.filesWatcher.openarc = {
	37	restart = true;
	38	paths = [
	39	config.secrets.fullPaths."opendkim/eldiron.private"
	40	];
	41	};
	42	};
	43	in
	44	openarc.outputs //
	45	{ nixosModules = openarc.nixosModules or {} // nixpkgs.lib.genAttrs ["eldiron" "backup-2"] cfg; };
	46	}