aboutsummaryrefslogtreecommitdiff
path: root/flakes/private
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2021-09-13 01:00:43 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2021-10-15 23:15:02 +0200
commit27dd65fc95a91155367acbe15754dc22c8869552 (patch)
tree73e85423c5b359c87e51749f7791cda61a900315 /flakes/private
parentdef6ad9963ed6f3f81fddea854f2a7b110dd5183 (diff)
downloadNix-27dd65fc95a91155367acbe15754dc22c8869552.tar.gz
Nix-27dd65fc95a91155367acbe15754dc22c8869552.tar.zst
Nix-27dd65fc95a91155367acbe15754dc22c8869552.zip
Add filesWatcher flake
Diffstat (limited to 'flakes/private')
-rw-r--r--flakes/private/openarc/flake.lock44
-rw-r--r--flakes/private/openarc/flake.nix69
-rw-r--r--flakes/private/opendmarc/flake.lock44
-rw-r--r--flakes/private/opendmarc/flake.nix95
4 files changed, 179 insertions, 73 deletions
diff --git a/flakes/private/openarc/flake.lock b/flakes/private/openarc/flake.lock
index f15e441..76ddaed 100644
--- a/flakes/private/openarc/flake.lock
+++ b/flakes/private/openarc/flake.lock
@@ -1,5 +1,16 @@
1{ 1{
2 "nodes": { 2 "nodes": {
3 "files-watcher": {
4 "locked": {
5 "narHash": "sha256-6urOJuzXsu4HJHyVmrZHd40SMzzTeHiOiDOM40q53Y0=",
6 "path": "../../files-watcher",
7 "type": "path"
8 },
9 "original": {
10 "path": "../../files-watcher",
11 "type": "path"
12 }
13 },
3 "flake-utils": { 14 "flake-utils": {
4 "locked": { 15 "locked": {
5 "lastModified": 1609246779, 16 "lastModified": 1609246779,
@@ -15,6 +26,20 @@
15 "type": "github" 26 "type": "github"
16 } 27 }
17 }, 28 },
29 "my-lib": {
30 "inputs": {
31 "nixpkgs": "nixpkgs"
32 },
33 "locked": {
34 "narHash": "sha256-YJREl39cf4zrFdAULMu1Yjg7hIEZCLuCnP8qJvWbIvM=",
35 "path": "../../lib",
36 "type": "path"
37 },
38 "original": {
39 "path": "../../lib",
40 "type": "path"
41 }
42 },
18 "myuids": { 43 "myuids": {
19 "locked": { 44 "locked": {
20 "dir": "flakes/myuids", 45 "dir": "flakes/myuids",
@@ -49,6 +74,21 @@
49 }, 74 },
50 "nixpkgs": { 75 "nixpkgs": {
51 "locked": { 76 "locked": {
77 "lastModified": 1631570365,
78 "narHash": "sha256-vc6bfo0hijpicdUDiui2DvZXmpIP2iqOFZRcpMOuYPo=",
79 "owner": "NixOS",
80 "repo": "nixpkgs",
81 "rev": "df7113c0727881519248d4c7d080324e0ee3327b",
82 "type": "github"
83 },
84 "original": {
85 "owner": "NixOS",
86 "repo": "nixpkgs",
87 "type": "github"
88 }
89 },
90 "nixpkgs_2": {
91 "locked": {
52 "lastModified": 1597943282, 92 "lastModified": 1597943282,
53 "narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=", 93 "narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=",
54 "owner": "NixOS", 94 "owner": "NixOS",
@@ -66,7 +106,7 @@
66 "inputs": { 106 "inputs": {
67 "flake-utils": "flake-utils", 107 "flake-utils": "flake-utils",
68 "myuids": "myuids", 108 "myuids": "myuids",
69 "nixpkgs": "nixpkgs", 109 "nixpkgs": "nixpkgs_2",
70 "openarc": "openarc_2" 110 "openarc": "openarc_2"
71 }, 111 },
72 "locked": { 112 "locked": {
@@ -97,6 +137,8 @@
97 }, 137 },
98 "root": { 138 "root": {
99 "inputs": { 139 "inputs": {
140 "files-watcher": "files-watcher",
141 "my-lib": "my-lib",
100 "nix-lib": "nix-lib", 142 "nix-lib": "nix-lib",
101 "openarc": "openarc" 143 "openarc": "openarc"
102 } 144 }
diff --git a/flakes/private/openarc/flake.nix b/flakes/private/openarc/flake.nix
index fd8ec56..9cc9aed 100644
--- a/flakes/private/openarc/flake.nix
+++ b/flakes/private/openarc/flake.nix
@@ -3,40 +3,51 @@
3 path = "../../openarc"; 3 path = "../../openarc";
4 type = "path"; 4 type = "path";
5 }; 5 };
6 inputs.files-watcher = {
7 path = "../../files-watcher";
8 type = "path";
9 };
10 inputs.my-lib = {
11 path = "../../lib";
12 type = "path";
13 };
6 inputs.nix-lib.url = "github:NixOS/nixpkgs"; 14 inputs.nix-lib.url = "github:NixOS/nixpkgs";
7 15
8 description = "Private configuration for openarc"; 16 description = "Private configuration for openarc";
9 outputs = { self, nix-lib, openarc }: 17 outputs = { self, nix-lib, my-lib, files-watcher, openarc }:
10 let 18 let
11 cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') { 19 cfg = name': { config, lib, pkgs, name, ... }: {
12 services.openarc = { 20 imports = [ (my-lib.lib.withNarKey files-watcher "nixosModule") ];
13 enable = true; 21 config = lib.mkIf (name == name') {
14 user = "opendkim"; 22 services.openarc = {
15 socket = "local:${config.myServices.mail.milters.sockets.openarc}"; 23 enable = true;
16 group = config.services.postfix.group; 24 user = "opendkim";
17 configFile = pkgs.writeText "openarc.conf" '' 25 socket = "local:${config.myServices.mail.milters.sockets.openarc}";
18 AuthservID mail.immae.eu 26 group = config.services.postfix.group;
19 Domain mail.immae.eu 27 configFile = pkgs.writeText "openarc.conf" ''
20 KeyFile ${config.secrets.fullPaths."opendkim/eldiron.private"} 28 AuthservID mail.immae.eu
21 Mode sv 29 Domain mail.immae.eu
22 Selector eldiron 30 KeyFile ${config.secrets.fullPaths."opendkim/eldiron.private"}
23 SoftwareHeader yes 31 Mode sv
24 Syslog Yes 32 Selector eldiron
33 SoftwareHeader yes
34 Syslog Yes
35 '';
36 };
37 systemd.services.openarc.serviceConfig.Slice = "mail.slice";
38 systemd.services.openarc.postStart = lib.optionalString
39 (lib.strings.hasPrefix "local:" config.services.openarc.socket) ''
40 while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do
41 sleep 0.5
42 done
43 chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket}
25 ''; 44 '';
26 }; 45 services.filesWatcher.openarc = {
27 systemd.services.openarc.serviceConfig.Slice = "mail.slice"; 46 restart = true;
28 systemd.services.openarc.postStart = lib.optionalString 47 paths = [
29 (lib.strings.hasPrefix "local:" config.services.openarc.socket) '' 48 config.secrets.fullPaths."opendkim/eldiron.private"
30 while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do 49 ];
31 sleep 0.5 50 };
32 done
33 chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket}
34 '';
35 services.filesWatcher.openarc = {
36 restart = true;
37 paths = [
38 config.secrets.fullPaths."opendkim/eldiron.private"
39 ];
40 }; 51 };
41 }; 52 };
42 in 53 in
diff --git a/flakes/private/opendmarc/flake.lock b/flakes/private/opendmarc/flake.lock
index 33e00a4..ea056e5 100644
--- a/flakes/private/opendmarc/flake.lock
+++ b/flakes/private/opendmarc/flake.lock
@@ -1,5 +1,16 @@
1{ 1{
2 "nodes": { 2 "nodes": {
3 "files-watcher": {
4 "locked": {
5 "narHash": "sha256-6urOJuzXsu4HJHyVmrZHd40SMzzTeHiOiDOM40q53Y0=",
6 "path": "../../files-watcher",
7 "type": "path"
8 },
9 "original": {
10 "path": "../../files-watcher",
11 "type": "path"
12 }
13 },
3 "flake-utils": { 14 "flake-utils": {
4 "locked": { 15 "locked": {
5 "lastModified": 1609246779, 16 "lastModified": 1609246779,
@@ -15,6 +26,20 @@
15 "type": "github" 26 "type": "github"
16 } 27 }
17 }, 28 },
29 "my-lib": {
30 "inputs": {
31 "nixpkgs": "nixpkgs"
32 },
33 "locked": {
34 "narHash": "sha256-HGNP1eH7b42BxViYx/F3ZPO9CM1X+5qfA9JoP2ArN+s=",
35 "path": "../../lib",
36 "type": "path"
37 },
38 "original": {
39 "path": "../../lib",
40 "type": "path"
41 }
42 },
18 "myuids": { 43 "myuids": {
19 "locked": { 44 "locked": {
20 "dir": "flakes/myuids", 45 "dir": "flakes/myuids",
@@ -49,6 +74,21 @@
49 }, 74 },
50 "nixpkgs": { 75 "nixpkgs": {
51 "locked": { 76 "locked": {
77 "lastModified": 1631570365,
78 "narHash": "sha256-vc6bfo0hijpicdUDiui2DvZXmpIP2iqOFZRcpMOuYPo=",
79 "owner": "NixOS",
80 "repo": "nixpkgs",
81 "rev": "df7113c0727881519248d4c7d080324e0ee3327b",
82 "type": "github"
83 },
84 "original": {
85 "owner": "NixOS",
86 "repo": "nixpkgs",
87 "type": "github"
88 }
89 },
90 "nixpkgs_2": {
91 "locked": {
52 "lastModified": 1597943282, 92 "lastModified": 1597943282,
53 "narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=", 93 "narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=",
54 "owner": "NixOS", 94 "owner": "NixOS",
@@ -66,7 +106,7 @@
66 "inputs": { 106 "inputs": {
67 "flake-utils": "flake-utils", 107 "flake-utils": "flake-utils",
68 "myuids": "myuids", 108 "myuids": "myuids",
69 "nixpkgs": "nixpkgs" 109 "nixpkgs": "nixpkgs_2"
70 }, 110 },
71 "locked": { 111 "locked": {
72 "narHash": "sha256-eIe5hzNsp1zz5m4ZMzORwdHuLkhEsKkS7WMpPOJE4ok=", 112 "narHash": "sha256-eIe5hzNsp1zz5m4ZMzORwdHuLkhEsKkS7WMpPOJE4ok=",
@@ -80,6 +120,8 @@
80 }, 120 },
81 "root": { 121 "root": {
82 "inputs": { 122 "inputs": {
123 "files-watcher": "files-watcher",
124 "my-lib": "my-lib",
83 "nix-lib": "nix-lib", 125 "nix-lib": "nix-lib",
84 "opendmarc": "opendmarc" 126 "opendmarc": "opendmarc"
85 } 127 }
diff --git a/flakes/private/opendmarc/flake.nix b/flakes/private/opendmarc/flake.nix
index ae96c30..4b54ccf 100644
--- a/flakes/private/opendmarc/flake.nix
+++ b/flakes/private/opendmarc/flake.nix
@@ -3,54 +3,65 @@
3 path = "../../opendmarc"; 3 path = "../../opendmarc";
4 type = "path"; 4 type = "path";
5 }; 5 };
6 inputs.files-watcher = {
7 path = "../../files-watcher";
8 type = "path";
9 };
10 inputs.my-lib = {
11 path = "../../lib";
12 type = "path";
13 };
6 inputs.nix-lib.url = "github:NixOS/nixpkgs"; 14 inputs.nix-lib.url = "github:NixOS/nixpkgs";
7 15
8 description = "Private configuration for opendmarc"; 16 description = "Private configuration for opendmarc";
9 outputs = { self, nix-lib, opendmarc }: 17 outputs = { self, nix-lib, opendmarc, my-lib, files-watcher }:
10 let 18 let
11 cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') { 19 cfg = name': { config, lib, pkgs, name, ... }: {
12 users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ]; 20 imports = [ (my-lib.lib.withNarKey files-watcher "nixosModule") ];
13 systemd.services.opendmarc.serviceConfig.Slice = "mail.slice"; 21 config = lib.mkIf (name == name') {
14 services.opendmarc = { 22 users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
15 enable = true; 23 systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
16 socket = "local:${config.myServices.mail.milters.sockets.opendmarc}"; 24 services.opendmarc = {
17 configFile = pkgs.writeText "opendmarc.conf" '' 25 enable = true;
18 AuthservID HOSTNAME 26 socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
19 FailureReports false 27 configFile = pkgs.writeText "opendmarc.conf" ''
20 FailureReportsBcc postmaster@immae.eu 28 AuthservID HOSTNAME
21 FailureReportsOnNone true 29 FailureReports false
22 FailureReportsSentBy postmaster@immae.eu 30 FailureReportsBcc postmaster@immae.eu
23 IgnoreAuthenticatedClients true 31 FailureReportsOnNone true
24 IgnoreHosts ${config.secrets.fullPaths."opendmarc/ignore.hosts"} 32 FailureReportsSentBy postmaster@immae.eu
25 SoftwareHeader true 33 IgnoreAuthenticatedClients true
26 SPFIgnoreResults true 34 IgnoreHosts ${config.secrets.fullPaths."opendmarc/ignore.hosts"}
27 SPFSelfValidate true 35 SoftwareHeader true
28 UMask 002 36 SPFIgnoreResults true
29 ''; 37 SPFSelfValidate true
30 group = config.services.postfix.group; 38 UMask 002
31 }; 39 '';
32 services.filesWatcher.opendmarc = { 40 group = config.services.postfix.group;
33 restart = true; 41 };
34 paths = [ 42 services.filesWatcher.opendmarc = {
35 config.secrets.fullPaths."opendmarc/ignore.hosts" 43 restart = true;
44 paths = [
45 config.secrets.fullPaths."opendmarc/ignore.hosts"
46 ];
47 };
48 secrets.keys = [
49 {
50 dest = "opendmarc/ignore.hosts";
51 user = config.services.opendmarc.user;
52 group = config.services.opendmarc.group;
53 permissions = "0400";
54 text = let
55 mxes = lib.attrsets.filterAttrs
56 (n: v: v.mx.enable)
57 config.myEnv.servers;
58 in
59 builtins.concatStringsSep "\n" ([
60 config.myEnv.mail.dmarc.ignore_hosts
61 ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
62 }
36 ]; 63 ];
37 }; 64 };
38 secrets.keys = [
39 {
40 dest = "opendmarc/ignore.hosts";
41 user = config.services.opendmarc.user;
42 group = config.services.opendmarc.group;
43 permissions = "0400";
44 text = let
45 mxes = lib.attrsets.filterAttrs
46 (n: v: v.mx.enable)
47 config.myEnv.servers;
48 in
49 builtins.concatStringsSep "\n" ([
50 config.myEnv.mail.dmarc.ignore_hosts
51 ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
52 }
53 ];
54 }; 65 };
55 in 66 in
56 opendmarc.outputs // 67 opendmarc.outputs //
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-24 20:12:18 +0000