Squash changes containing private information

There were a lot of changes since the previous commit, but a lot of them
contained personnal information about users. All thos changes got
stashed into a single commit (history is kept in a different place) and
private information was moved in a separate private repository

2 files changed, 80 insertions, 130 deletions

diff --git a/flakes/private/opendmarc/flake.lock b/flakes/private/opendmarc/flake.lock
index f40e1a9..fdd4d64 100644
--- a/flakes/private/opendmarc/flake.lock
+++ b/flakes/private/opendmarc/flake.lock
@@ -1,8 +1,21 @@
 {
   "nodes": {
+    "environment": {
+      "locked": {
+        "lastModified": 1,
+        "narHash": "sha256-rMKbM7fHqWQbI7y59BsPG8KwoDj2jyrvN2niPWB24uE=",
+        "path": "../environment",
+        "type": "path"
+      },
+      "original": {
+        "path": "../environment",
+        "type": "path"
+      }
+    },
     "files-watcher": {
       "locked": {
-        "narHash": "sha256-6urOJuzXsu4HJHyVmrZHd40SMzzTeHiOiDOM40q53Y0=",
+        "lastModified": 1,
+        "narHash": "sha256-ZsdumUVoSPkV/DB6gO6dNDttjzalye0ToVBF9bl5W0k=",
         "path": "../../files-watcher",
         "type": "path"
       },
@@ -26,69 +39,20 @@
         "type": "github"
       }
     },
-    "my-lib": {
-      "inputs": {
-        "nixpkgs": "nixpkgs"
-      },
+    "myuids": {
       "locked": {
-        "narHash": "sha256-HGNP1eH7b42BxViYx/F3ZPO9CM1X+5qfA9JoP2ArN+s=",
-        "path": "../../lib",
+        "lastModified": 1,
+        "narHash": "sha256-HkW9YCLQCNBX3Em7J7MjraVEZO3I3PizkVV2QrUdULQ=",
+        "path": "../myuids",
         "type": "path"
       },
       "original": {
-        "path": "../../lib",
+        "path": "../myuids",
         "type": "path"
       }
     },
-    "myuids": {
-      "locked": {
-        "dir": "flakes/myuids",
-        "lastModified": 1628207001,
-        "narHash": "sha256-7e12OfDv9zMOfqcAlsk1sZj2l3ZB03kcBdWUqhwVaWo=",
-        "ref": "master",
-        "rev": "dfe02d8fd52e33c7d4e1a209cf486696100b88f3",
-        "revCount": 865,
-        "type": "git",
-        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
-      },
-      "original": {
-        "dir": "flakes/myuids",
-        "type": "git",
-        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
-      }
-    },
-    "nix-lib": {
-      "locked": {
-        "lastModified": 1633008342,
-        "narHash": "sha256-wZV5YidnsqV/iufDIhaZip3LzwUGeIt8wtdiGS5+cXc=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "6eae8a116011f4db0aa5146f364820024411d6bb",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1631570365,
-        "narHash": "sha256-vc6bfo0hijpicdUDiui2DvZXmpIP2iqOFZRcpMOuYPo=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "df7113c0727881519248d4c7d080324e0ee3327b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_2": {
-      "locked": {
         "lastModified": 1597943282,
         "narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=",
         "owner": "NixOS",
@@ -106,10 +70,11 @@
       "inputs": {
         "flake-utils": "flake-utils",
         "myuids": "myuids",
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "narHash": "sha256-7jup/d3+WXXWsNMB7Sp5Py4rJQV30Z5+PJITBISbQ9o=",
+        "lastModified": 1,
+        "narHash": "sha256-dDS9a1XujZU6KVCgz2RKbx2T3yT1k7z0EknUh1OyMdQ=",
         "path": "../../opendmarc",
         "type": "path"
       },
@@ -120,16 +85,16 @@
     },
     "root": {
       "inputs": {
+        "environment": "environment",
         "files-watcher": "files-watcher",
-        "my-lib": "my-lib",
-        "nix-lib": "nix-lib",
         "opendmarc": "opendmarc",
         "secrets": "secrets"
       }
     },
     "secrets": {
       "locked": {
-        "narHash": "sha256-w3u1bMEJHCg9SqErJ5Qi0sTX2xx7mk+HrHZXzpjQd1w=",
+        "lastModified": 1,
+        "narHash": "sha256-5AakznhrJFmwCD7lr4JEh55MtdAJL6WA/YuBks6ISSE=",
         "path": "../../secrets",
         "type": "path"
       },
diff --git a/flakes/private/opendmarc/flake.nix b/flakes/private/opendmarc/flake.nix
index e2575e7..7e9e8eb 100644
--- a/flakes/private/opendmarc/flake.nix
+++ b/flakes/private/opendmarc/flake.nix
@@ -1,77 +1,62 @@
 {
-  inputs.opendmarc = {
-    path = "../../opendmarc";
-    type = "path";
-  };
-  inputs.secrets = {
-    path = "../../secrets";
-    type = "path";
-  };
-  inputs.files-watcher = {
-    path = "../../files-watcher";
-    type = "path";
-  };
-  inputs.my-lib = {
-    path = "../../lib";
-    type = "path";
-  };
-  inputs.nix-lib.url = "github:NixOS/nixpkgs";
+  inputs.opendmarc.url = "path:../../opendmarc";
+  inputs.environment.url = "path:../environment";
+  inputs.secrets.url = "path:../../secrets";
+  inputs.files-watcher.url = "path:../../files-watcher";
 
   description = "Private configuration for opendmarc";
-  outputs = { self, nix-lib, opendmarc, my-lib, files-watcher, secrets }:
-    let
-      cfg = name': { config, lib, pkgs, name, ... }: {
-        imports = [
-          (my-lib.lib.withNarKey files-watcher "nixosModule")
-          (my-lib.lib.withNarKey opendmarc "nixosModule")
-          (my-lib.lib.withNarKey secrets "nixosModule")
-        ];
-        config = lib.mkIf (name == name') {
-          users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
-          systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
-          services.opendmarc = {
-            enable = true;
-            socket = "/run/opendmarc/opendmarc.sock";
-            configFile = pkgs.writeText "opendmarc.conf" ''
-              AuthservID                  HOSTNAME
-              FailureReports              false
-              FailureReportsBcc           postmaster@immae.eu
-              FailureReportsOnNone        true
-              FailureReportsSentBy        postmaster@immae.eu
-              IgnoreAuthenticatedClients  true
-              IgnoreHosts                 ${config.secrets.fullPaths."opendmarc/ignore.hosts"}
-              SoftwareHeader              true
-              SPFIgnoreResults            true
-              SPFSelfValidate             true
-              UMask                       002
-              '';
-            group = config.services.postfix.group;
-          };
-          services.filesWatcher.opendmarc = {
-            restart = true;
-            paths = [
-              config.secrets.fullPaths."opendmarc/ignore.hosts"
-            ];
-          };
-          secrets.keys = {
-            "opendmarc/ignore.hosts" = {
-              user = config.services.opendmarc.user;
-              group = config.services.opendmarc.group;
-              permissions = "0400";
-              text = let
-                mxes = lib.attrsets.filterAttrs
-                  (n: v: v.mx.enable)
-                  config.myEnv.servers;
-                in
-                  builtins.concatStringsSep "\n" ([
-                    config.myEnv.mail.dmarc.ignore_hosts
-                  ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
-            };
+  outputs = { self, environment, opendmarc, files-watcher, secrets }: {
+    nixosModule = self.nixosModules.opendmarc;
+    nixosModules.opendmarc = { config, lib, pkgs, ... }: {
+      imports = [
+        environment.nixosModule
+        files-watcher.nixosModule
+        opendmarc.nixosModule
+        secrets.nixosModule
+      ];
+      config = {
+        users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
+        systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
+        services.opendmarc = {
+          enable = true;
+          socket = "/run/opendmarc/opendmarc.sock";
+          configFile = pkgs.writeText "opendmarc.conf" ''
+            AuthservID                  HOSTNAME
+            FailureReports              false
+            FailureReportsBcc           postmaster@immae.eu
+            FailureReportsOnNone        true
+            FailureReportsSentBy        postmaster@immae.eu
+            IgnoreAuthenticatedClients  true
+            IgnoreHosts                 ${config.secrets.fullPaths."opendmarc/ignore.hosts"}
+            SoftwareHeader              true
+            SPFIgnoreResults            true
+            SPFSelfValidate             true
+            UMask                       002
+            '';
+          group = config.services.postfix.group;
+        };
+        services.filesWatcher.opendmarc = {
+          restart = true;
+          paths = [
+            config.secrets.fullPaths."opendmarc/ignore.hosts"
+          ];
+        };
+        secrets.keys = {
+          "opendmarc/ignore.hosts" = {
+            user = config.services.opendmarc.user;
+            group = config.services.opendmarc.group;
+            permissions = "0400";
+            text = let
+              mxes = lib.attrsets.filterAttrs
+                (n: v: v.mx.enable)
+                config.myEnv.servers;
+              in
+                builtins.concatStringsSep "\n" ([
+                  config.myEnv.mail.dmarc.ignore_hosts
+                ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
           };
         };
       };
-    in
-      opendmarc.outputs //
-      { nixosModules = opendmarc.nixosModules or {} // nix-lib.lib.genAttrs ["eldiron" "backup-2"] cfg; };
+    };
+  };
 }
-