Add private flake for openarc and opendmarc

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2021-01-21 09:56:28 +0100
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2021-01-21 10:07:19 +0100
commit: ef43c36272ca539cbfe803ded03949451b17b679 (patch)
tree: 3cf9412dbb2f407f3c8f97e7eaf208dfdb368bd4 /flakes
parent: 23f9fdf03a6673dbe334ae33be4f498cc4753191 (diff)
download: Nix-ef43c36272ca539cbfe803ded03949451b17b679.tar.gz
Nix-ef43c36272ca539cbfe803ded03949451b17b679.tar.zst
Nix-ef43c36272ca539cbfe803ded03949451b17b679.zip
8 files changed, 367 insertions, 86 deletions
diff --git a/flakes/openarc/flake.nix b/flakes/openarc/flake.nix
index d313f8e..fbb7fb1 100644
--- a/flakes/openarc/flake.nix
+++ b/flakes/openarc/flake.nix
@@ -75,7 +75,6 @@
          };
        };
    }) // {
-      nixosModules = (if builtins.pathExists ../private/openarc.nix then import ../private/openarc.nix nixpkgs else {});
      nixosModule = { config, lib, pkgs, ... }:
        let
          cfg = config.services.openarc;
diff --git a/flakes/opendmarc/flake.nix b/flakes/opendmarc/flake.nix
index 4d6354b..e80376f 100644
--- a/flakes/opendmarc/flake.nix
+++ b/flakes/opendmarc/flake.nix
@@ -70,7 +70,6 @@
          };
        };
    }) // {
-     nixosModules = (if builtins.pathExists ../private/opendmarc.nix then import ../private/opendmarc.nix nixpkgs else {});
     nixosModule = { config, lib, pkgs, ... }:
       let
         cfg = config.services.opendmarc;
diff --git a/flakes/private/openarc.nix b/flakes/private/openarc.nix
deleted file mode 100644
index 5244ca9..0000000
--- a/flakes/private/openarc.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-pkgs:
-let
-  cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
-    services.openarc = {
-      enable = true;
-      user = "opendkim";
-      socket = "local:${config.myServices.mail.milters.sockets.openarc}";
-      group = config.services.postfix.group;
-      configFile = pkgs.writeText "openarc.conf" ''
-        AuthservID              mail.immae.eu
-        Domain                  mail.immae.eu
-        KeyFile                 ${config.secrets.fullPaths."opendkim/eldiron.private"}
-        Mode                    sv
-        Selector                eldiron
-        SoftwareHeader          yes
-        Syslog                  Yes
-        '';
-    };
-    systemd.services.openarc.serviceConfig.Slice = "mail.slice";
-    systemd.services.openarc.postStart = lib.optionalString
-          (lib.strings.hasPrefix "local:" config.services.openarc.socket) ''
-      while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do
-        sleep 0.5
-      done
-      chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket}
-      '';
-    services.filesWatcher.openarc = {
-      restart = true;
-      paths = [
-        config.secrets.fullPaths."opendkim/eldiron.private"
-      ];
-    };
-  };
-in
-  pkgs.lib.genAttrs ["eldiron" "backup-2"] cfg
diff --git a/flakes/private/openarc/flake.lock b/flakes/private/openarc/flake.lock
new file mode 100644
index 0000000..69186fb
--- /dev/null
+++ b/flakes/private/openarc/flake.lock
@@ -0,0 +1,113 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1609246779,
+        "narHash": "sha256-eq6ZXE/VWo3EMC65jmIT6H/rrUc9UWOWVujkzav025k=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "08c7ad4a0844adc4a7f9f5bb3beae482e789afa4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "myuids": {
+      "locked": {
+        "dir": "flakes/myuids",
+        "lastModified": 1609281959,
+        "narHash": "sha256-SYNlHeobQAzTzK0pM5AqMn7M2WbTuzBeoD+Q3Mu+sho=",
+        "ref": "master",
+        "rev": "1be9e64bb4556676f65e6e5044e04426848849c0",
+        "revCount": 791,
+        "type": "git",
+        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+      },
+      "original": {
+        "dir": "flakes/myuids",
+        "type": "git",
+        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1611218116,
+        "narHash": "sha256-CcyGZ8cLlHgiViWyBjRIjdsdRZxJjP2MgtWeuqSv3CE=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "30ab92ea31f6b7e9095b1e7e4b56a5000823efdf",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1597943282,
+        "narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "openarc": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "myuids": "myuids",
+        "nixpkgs": "nixpkgs_2",
+        "openarc": "openarc_2"
+      },
+      "locked": {
+        "dir": "flakes/openarc",
+        "lastModified": 1611091761,
+        "narHash": "sha256-fE3FBeUxVaMezKjEpepdQW9apOza+0AfBALFhaaD0VA=",
+        "ref": "master",
+        "rev": "23f9fdf03a6673dbe334ae33be4f498cc4753191",
+        "revCount": 802,
+        "type": "git",
+        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+      },
+      "original": {
+        "dir": "flakes/openarc",
+        "type": "git",
+        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+      }
+    },
+    "openarc_2": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1537545083,
+        "narHash": "sha256-xUSRARC7875vFjtZ66t8KBlKmkEdIZblWHc4zqGZAQQ=",
+        "owner": "trusteddomainproject",
+        "repo": "OpenARC",
+        "rev": "355ee2a1ca85acccce494478991983b54f794f4e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "trusteddomainproject",
+        "repo": "OpenARC",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs",
+        "openarc": "openarc"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flakes/private/openarc/flake.nix b/flakes/private/openarc/flake.nix
new file mode 100644
index 0000000..6a2518b
--- /dev/null
+++ b/flakes/private/openarc/flake.nix
@@ -0,0 +1,46 @@
+{
+  inputs.openarc = {
+    url = "https://git.immae.eu/perso/Immae/Config/Nix.git";
+    type = "git";
+    dir = "flakes/openarc";
+  };
+  inputs.nixpkgs.url = "github:NixOS/nixpkgs";
+  description = "Private configuration for openarc";
+  outputs = { self, nixpkgs, openarc }:
+    let
+      cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
+        services.openarc = {
+          enable = true;
+          user = "opendkim";
+          socket = "local:${config.myServices.mail.milters.sockets.openarc}";
+          group = config.services.postfix.group;
+          configFile = pkgs.writeText "openarc.conf" ''
+            AuthservID              mail.immae.eu
+            Domain                  mail.immae.eu
+            KeyFile                 ${config.secrets.fullPaths."opendkim/eldiron.private"}
+            Mode                    sv
+            Selector                eldiron
+            SoftwareHeader          yes
+            Syslog                  Yes
+            '';
+        };
+        systemd.services.openarc.serviceConfig.Slice = "mail.slice";
+        systemd.services.openarc.postStart = lib.optionalString
+              (lib.strings.hasPrefix "local:" config.services.openarc.socket) ''
+          while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do
+            sleep 0.5
+          done
+          chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket}
+          '';
+        services.filesWatcher.openarc = {
+          restart = true;
+          paths = [
+            config.secrets.fullPaths."opendkim/eldiron.private"
+          ];
+        };
+      };
+    in
+      openarc.outputs //
+      { nixosModules = openarc.nixosModules or {} // nixpkgs.lib.genAttrs ["eldiron" "backup-2"] cfg; };
+}
diff --git a/flakes/private/opendmarc.nix b/flakes/private/opendmarc.nix
deleted file mode 100644
index d6e8920..0000000
--- a/flakes/private/opendmarc.nix
+++ /dev/null
@@ -1,49 +0,0 @@
-pkgs:
-let
-  cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
-    users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
-    systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
-    services.opendmarc = {
-      enable = true;
-      socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
-      configFile = pkgs.writeText "opendmarc.conf" ''
-        AuthservID                  HOSTNAME
-        FailureReports              false
-        FailureReportsBcc           postmaster@immae.eu
-        FailureReportsOnNone        true
-        FailureReportsSentBy        postmaster@immae.eu
-        IgnoreAuthenticatedClients  true
-        IgnoreHosts                 ${config.secrets.fullPaths."opendmarc/ignore.hosts"}
-        SoftwareHeader              true
-        SPFIgnoreResults            true
-        SPFSelfValidate             true
-        UMask                       002
-        '';
-      group = config.services.postfix.group;
-    };
-    services.filesWatcher.opendmarc = {
-      restart = true;
-      paths = [
-        config.secrets.fullPaths."opendmarc/ignore.hosts"
-      ];
-    };
-    secrets.keys = [
-      {
-        dest = "opendmarc/ignore.hosts";
-        user = config.services.opendmarc.user;
-        group = config.services.opendmarc.group;
-        permissions = "0400";
-        text = let
-          mxes = lib.attrsets.filterAttrs
-            (n: v: v.mx.enable)
-            config.myEnv.servers;
-          in
-            builtins.concatStringsSep "\n" ([
-              config.myEnv.mail.dmarc.ignore_hosts
-            ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
-      }
-    ];
-  };
-in
-  pkgs.lib.genAttrs ["eldiron" "backup-2"] cfg
diff --git a/flakes/private/opendmarc/flake.lock b/flakes/private/opendmarc/flake.lock
new file mode 100644
index 0000000..867dcbc
--- /dev/null
+++ b/flakes/private/opendmarc/flake.lock
@@ -0,0 +1,148 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1609246779,
+        "narHash": "sha256-eq6ZXE/VWo3EMC65jmIT6H/rrUc9UWOWVujkzav025k=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "08c7ad4a0844adc4a7f9f5bb3beae482e789afa4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_2": {
+      "locked": {
+        "lastModified": 1609246779,
+        "narHash": "sha256-eq6ZXE/VWo3EMC65jmIT6H/rrUc9UWOWVujkzav025k=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "08c7ad4a0844adc4a7f9f5bb3beae482e789afa4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "libspf2": {
+      "inputs": {
+        "flake-utils": "flake-utils_2",
+        "nixpkgs": "nixpkgs_2"
+      },
+      "locked": {
+        "dir": "flakes/libspf2",
+        "lastModified": 1609548509,
+        "narHash": "sha256-d9gssVdKV0EaeDU/L5QgQpQwFuxWMbwNQ71i7z4LdDs=",
+        "ref": "master",
+        "rev": "749623765bef80615fc21e73aff89521d262e277",
+        "revCount": 796,
+        "type": "git",
+        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+      },
+      "original": {
+        "dir": "flakes/libspf2",
+        "type": "git",
+        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+      }
+    },
+    "myuids": {
+      "locked": {
+        "dir": "flakes/myuids",
+        "lastModified": 1609548509,
+        "narHash": "sha256-d9gssVdKV0EaeDU/L5QgQpQwFuxWMbwNQ71i7z4LdDs=",
+        "ref": "master",
+        "rev": "749623765bef80615fc21e73aff89521d262e277",
+        "revCount": 796,
+        "type": "git",
+        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+      },
+      "original": {
+        "dir": "flakes/myuids",
+        "type": "git",
+        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1611218116,
+        "narHash": "sha256-CcyGZ8cLlHgiViWyBjRIjdsdRZxJjP2MgtWeuqSv3CE=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "30ab92ea31f6b7e9095b1e7e4b56a5000823efdf",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1597943282,
+        "narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
+      "locked": {
+        "lastModified": 1597943282,
+        "narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "opendmarc": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "libspf2": "libspf2",
+        "myuids": "myuids",
+        "nixpkgs": "nixpkgs_3"
+      },
+      "locked": {
+        "dir": "flakes/opendmarc",
+        "lastModified": 1611091761,
+        "narHash": "sha256-fE3FBeUxVaMezKjEpepdQW9apOza+0AfBALFhaaD0VA=",
+        "ref": "master",
+        "rev": "23f9fdf03a6673dbe334ae33be4f498cc4753191",
+        "revCount": 802,
+        "type": "git",
+        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+      },
+      "original": {
+        "dir": "flakes/opendmarc",
+        "type": "git",
+        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs",
+        "opendmarc": "opendmarc"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flakes/private/opendmarc/flake.nix b/flakes/private/opendmarc/flake.nix
new file mode 100644
index 0000000..9aeb3db
--- /dev/null
+++ b/flakes/private/opendmarc/flake.nix
@@ -0,0 +1,60 @@
+{
+  inputs.opendmarc = {
+    url = "https://git.immae.eu/perso/Immae/Config/Nix.git";
+    type = "git";
+    dir = "flakes/opendmarc";
+  };
+  inputs.nixpkgs.url = "github:NixOS/nixpkgs";
+  description = "Private configuration for opendmarc";
+  outputs = { self, nixpkgs, opendmarc }:
+    let
+      cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
+        users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
+        systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
+        services.opendmarc = {
+          enable = true;
+          socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
+          configFile = pkgs.writeText "opendmarc.conf" ''
+            AuthservID                  HOSTNAME
+            FailureReports              false
+            FailureReportsBcc           postmaster@immae.eu
+            FailureReportsOnNone        true
+            FailureReportsSentBy        postmaster@immae.eu
+            IgnoreAuthenticatedClients  true
+            IgnoreHosts                 ${config.secrets.fullPaths."opendmarc/ignore.hosts"}
+            SoftwareHeader              true
+            SPFIgnoreResults            true
+            SPFSelfValidate             true
+            UMask                       002
+            '';
+          group = config.services.postfix.group;
+        };
+        services.filesWatcher.opendmarc = {
+          restart = true;
+          paths = [
+            config.secrets.fullPaths."opendmarc/ignore.hosts"
+          ];
+        };
+        secrets.keys = [
+          {
+            dest = "opendmarc/ignore.hosts";
+            user = config.services.opendmarc.user;
+            group = config.services.opendmarc.group;
+            permissions = "0400";
+            text = let
+              mxes = lib.attrsets.filterAttrs
+                (n: v: v.mx.enable)
+                config.myEnv.servers;
+              in
+                builtins.concatStringsSep "\n" ([
+                  config.myEnv.mail.dmarc.ignore_hosts
+                ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
+          }
+        ];
+      };
+    in
+      opendmarc.outputs //
+      { nixosModules = opendmarc.nixosModules or {} // nixpkgs.lib.genAttrs ["eldiron" "backup-2"] cfg; };
+}
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2021-01-21 09:56:28 +0100
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2021-01-21 10:07:19 +0100
commit	ef43c36272ca539cbfe803ded03949451b17b679 (patch)
tree	3cf9412dbb2f407f3c8f97e7eaf208dfdb368bd4 /flakes
parent	23f9fdf03a6673dbe334ae33be4f498cc4753191 (diff)
download	Nix-ef43c36272ca539cbfe803ded03949451b17b679.tar.gz Nix-ef43c36272ca539cbfe803ded03949451b17b679.tar.zst Nix-ef43c36272ca539cbfe803ded03949451b17b679.zip

diff --git a/flakes/openarc/flake.nix b/flakes/openarc/flake.nix index d313f8e..fbb7fb1 100644 --- a/flakes/openarc/flake.nix +++ b/flakes/openarc/flake.nix
@@ -75,7 +75,6 @@
75	};	75	};
76	};	76	};
77	}) // {	77	}) // {
78	nixosModules = (if builtins.pathExists ../private/openarc.nix then import ../private/openarc.nix nixpkgs else {});
79	nixosModule = { config, lib, pkgs, ... }:	78	nixosModule = { config, lib, pkgs, ... }:
80	let	79	let
81	cfg = config.services.openarc;	80	cfg = config.services.openarc;


diff --git a/flakes/opendmarc/flake.nix b/flakes/opendmarc/flake.nix index 4d6354b..e80376f 100644 --- a/flakes/opendmarc/flake.nix +++ b/flakes/opendmarc/flake.nix
@@ -70,7 +70,6 @@
70	};	70	};
71	};	71	};
72	}) // {	72	}) // {
73	nixosModules = (if builtins.pathExists ../private/opendmarc.nix then import ../private/opendmarc.nix nixpkgs else {});
74	nixosModule = { config, lib, pkgs, ... }:	73	nixosModule = { config, lib, pkgs, ... }:
75	let	74	let
76	cfg = config.services.opendmarc;	75	cfg = config.services.opendmarc;


diff --git a/flakes/private/openarc.nix b/flakes/private/openarc.nix deleted file mode 100644 index 5244ca9..0000000 --- a/flakes/private/openarc.nix +++ /dev/null
@@ -1,35 +0,0 @@
1	pkgs:
2	let
3	cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
4	services.openarc = {
5	enable = true;
6	user = "opendkim";
7	socket = "local:${config.myServices.mail.milters.sockets.openarc}";
8	group = config.services.postfix.group;
9	configFile = pkgs.writeText "openarc.conf" ''
10	AuthservID mail.immae.eu
11	Domain mail.immae.eu
12	KeyFile ${config.secrets.fullPaths."opendkim/eldiron.private"}
13	Mode sv
14	Selector eldiron
15	SoftwareHeader yes
16	Syslog Yes
17	'';
18	};
19	systemd.services.openarc.serviceConfig.Slice = "mail.slice";
20	systemd.services.openarc.postStart = lib.optionalString
21	(lib.strings.hasPrefix "local:" config.services.openarc.socket) ''
22	while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do
23	sleep 0.5
24	done
25	chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket}
26	'';
27	services.filesWatcher.openarc = {
28	restart = true;
29	paths = [
30	config.secrets.fullPaths."opendkim/eldiron.private"
31	];
32	};
33	};
34	in
35	pkgs.lib.genAttrs ["eldiron" "backup-2"] cfg


diff --git a/flakes/private/openarc/flake.lock b/flakes/private/openarc/flake.lock new file mode 100644 index 0000000..69186fb --- /dev/null +++ b/flakes/private/openarc/flake.lock
@@ -0,0 +1,113 @@
		1	{
		2	"nodes": {
		3	"flake-utils": {
		4	"locked": {
		5	"lastModified": 1609246779,
		6	"narHash": "sha256-eq6ZXE/VWo3EMC65jmIT6H/rrUc9UWOWVujkzav025k=",
		7	"owner": "numtide",
		8	"repo": "flake-utils",
		9	"rev": "08c7ad4a0844adc4a7f9f5bb3beae482e789afa4",
		10	"type": "github"
		11	},
		12	"original": {
		13	"owner": "numtide",
		14	"repo": "flake-utils",
		15	"type": "github"
		16	}
		17	},
		18	"myuids": {
		19	"locked": {
		20	"dir": "flakes/myuids",
		21	"lastModified": 1609281959,
		22	"narHash": "sha256-SYNlHeobQAzTzK0pM5AqMn7M2WbTuzBeoD+Q3Mu+sho=",
		23	"ref": "master",
		24	"rev": "1be9e64bb4556676f65e6e5044e04426848849c0",
		25	"revCount": 791,
		26	"type": "git",
		27	"url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
		28	},
		29	"original": {
		30	"dir": "flakes/myuids",
		31	"type": "git",
		32	"url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
		33	}
		34	},
		35	"nixpkgs": {
		36	"locked": {
		37	"lastModified": 1611218116,
		38	"narHash": "sha256-CcyGZ8cLlHgiViWyBjRIjdsdRZxJjP2MgtWeuqSv3CE=",
		39	"owner": "NixOS",
		40	"repo": "nixpkgs",
		41	"rev": "30ab92ea31f6b7e9095b1e7e4b56a5000823efdf",
		42	"type": "github"
		43	},
		44	"original": {
		45	"owner": "NixOS",
		46	"repo": "nixpkgs",
		47	"type": "github"
		48	}
		49	},
		50	"nixpkgs_2": {
		51	"locked": {
		52	"lastModified": 1597943282,
		53	"narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=",
		54	"owner": "NixOS",
		55	"repo": "nixpkgs",
		56	"rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38",
		57	"type": "github"
		58	},
		59	"original": {
		60	"owner": "NixOS",
		61	"repo": "nixpkgs",
		62	"type": "github"
		63	}
		64	},
		65	"openarc": {
		66	"inputs": {
		67	"flake-utils": "flake-utils",
		68	"myuids": "myuids",
		69	"nixpkgs": "nixpkgs_2",
		70	"openarc": "openarc_2"
		71	},
		72	"locked": {
		73	"dir": "flakes/openarc",
		74	"lastModified": 1611091761,
		75	"narHash": "sha256-fE3FBeUxVaMezKjEpepdQW9apOza+0AfBALFhaaD0VA=",
		76	"ref": "master",
		77	"rev": "23f9fdf03a6673dbe334ae33be4f498cc4753191",
		78	"revCount": 802,
		79	"type": "git",
		80	"url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
		81	},
		82	"original": {
		83	"dir": "flakes/openarc",
		84	"type": "git",
		85	"url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
		86	}
		87	},
		88	"openarc_2": {
		89	"flake": false,
		90	"locked": {
		91	"lastModified": 1537545083,
		92	"narHash": "sha256-xUSRARC7875vFjtZ66t8KBlKmkEdIZblWHc4zqGZAQQ=",
		93	"owner": "trusteddomainproject",
		94	"repo": "OpenARC",
		95	"rev": "355ee2a1ca85acccce494478991983b54f794f4e",
		96	"type": "github"
		97	},
		98	"original": {
		99	"owner": "trusteddomainproject",
		100	"repo": "OpenARC",
		101	"type": "github"
		102	}
		103	},
		104	"root": {
		105	"inputs": {
		106	"nixpkgs": "nixpkgs",
		107	"openarc": "openarc"
		108	}
		109	}
		110	},
		111	"root": "root",
		112	"version": 7
		113	}


diff --git a/flakes/private/openarc/flake.nix b/flakes/private/openarc/flake.nix new file mode 100644 index 0000000..6a2518b --- /dev/null +++ b/flakes/private/openarc/flake.nix
@@ -0,0 +1,46 @@
		1	{
		2	inputs.openarc = {
		3	url = "https://git.immae.eu/perso/Immae/Config/Nix.git";
		4	type = "git";
		5	dir = "flakes/openarc";
		6	};
		7	inputs.nixpkgs.url = "github:NixOS/nixpkgs";
		8
		9	description = "Private configuration for openarc";
		10	outputs = { self, nixpkgs, openarc }:
		11	let
		12	cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
		13	services.openarc = {
		14	enable = true;
		15	user = "opendkim";
		16	socket = "local:${config.myServices.mail.milters.sockets.openarc}";
		17	group = config.services.postfix.group;
		18	configFile = pkgs.writeText "openarc.conf" ''
		19	AuthservID mail.immae.eu
		20	Domain mail.immae.eu
		21	KeyFile ${config.secrets.fullPaths."opendkim/eldiron.private"}
		22	Mode sv
		23	Selector eldiron
		24	SoftwareHeader yes
		25	Syslog Yes
		26	'';
		27	};
		28	systemd.services.openarc.serviceConfig.Slice = "mail.slice";
		29	systemd.services.openarc.postStart = lib.optionalString
		30	(lib.strings.hasPrefix "local:" config.services.openarc.socket) ''
		31	while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do
		32	sleep 0.5
		33	done
		34	chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket}
		35	'';
		36	services.filesWatcher.openarc = {
		37	restart = true;
		38	paths = [
		39	config.secrets.fullPaths."opendkim/eldiron.private"
		40	];
		41	};
		42	};
		43	in
		44	openarc.outputs //
		45	{ nixosModules = openarc.nixosModules or {} // nixpkgs.lib.genAttrs ["eldiron" "backup-2"] cfg; };
		46	}


diff --git a/flakes/private/opendmarc.nix b/flakes/private/opendmarc.nix deleted file mode 100644 index d6e8920..0000000 --- a/flakes/private/opendmarc.nix +++ /dev/null
@@ -1,49 +0,0 @@
1	pkgs:
2	let
3	cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
4	users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
5	systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
6	services.opendmarc = {
7	enable = true;
8	socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
9	configFile = pkgs.writeText "opendmarc.conf" ''
10	AuthservID HOSTNAME
11	FailureReports false
12	FailureReportsBcc postmaster@immae.eu
13	FailureReportsOnNone true
14	FailureReportsSentBy postmaster@immae.eu
15	IgnoreAuthenticatedClients true
16	IgnoreHosts ${config.secrets.fullPaths."opendmarc/ignore.hosts"}
17	SoftwareHeader true
18	SPFIgnoreResults true
19	SPFSelfValidate true
20	UMask 002
21	'';
22	group = config.services.postfix.group;
23	};
24	services.filesWatcher.opendmarc = {
25	restart = true;
26	paths = [
27	config.secrets.fullPaths."opendmarc/ignore.hosts"
28	];
29	};
30	secrets.keys = [
31	{
32	dest = "opendmarc/ignore.hosts";
33	user = config.services.opendmarc.user;
34	group = config.services.opendmarc.group;
35	permissions = "0400";
36	text = let
37	mxes = lib.attrsets.filterAttrs
38	(n: v: v.mx.enable)
39	config.myEnv.servers;
40	in
41	builtins.concatStringsSep "\n" ([
42	config.myEnv.mail.dmarc.ignore_hosts
43	] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
44	}
45	];
46	};
47	in
48	pkgs.lib.genAttrs ["eldiron" "backup-2"] cfg
49


diff --git a/flakes/private/opendmarc/flake.lock b/flakes/private/opendmarc/flake.lock new file mode 100644 index 0000000..867dcbc --- /dev/null +++ b/flakes/private/opendmarc/flake.lock
@@ -0,0 +1,148 @@
		1	{
		2	"nodes": {
		3	"flake-utils": {
		4	"locked": {
		5	"lastModified": 1609246779,
		6	"narHash": "sha256-eq6ZXE/VWo3EMC65jmIT6H/rrUc9UWOWVujkzav025k=",
		7	"owner": "numtide",
		8	"repo": "flake-utils",
		9	"rev": "08c7ad4a0844adc4a7f9f5bb3beae482e789afa4",
		10	"type": "github"
		11	},
		12	"original": {
		13	"owner": "numtide",
		14	"repo": "flake-utils",
		15	"type": "github"
		16	}
		17	},
		18	"flake-utils_2": {
		19	"locked": {
		20	"lastModified": 1609246779,
		21	"narHash": "sha256-eq6ZXE/VWo3EMC65jmIT6H/rrUc9UWOWVujkzav025k=",
		22	"owner": "numtide",
		23	"repo": "flake-utils",
		24	"rev": "08c7ad4a0844adc4a7f9f5bb3beae482e789afa4",
		25	"type": "github"
		26	},
		27	"original": {
		28	"owner": "numtide",
		29	"repo": "flake-utils",
		30	"type": "github"
		31	}
		32	},
		33	"libspf2": {
		34	"inputs": {
		35	"flake-utils": "flake-utils_2",
		36	"nixpkgs": "nixpkgs_2"
		37	},
		38	"locked": {
		39	"dir": "flakes/libspf2",
		40	"lastModified": 1609548509,
		41	"narHash": "sha256-d9gssVdKV0EaeDU/L5QgQpQwFuxWMbwNQ71i7z4LdDs=",
		42	"ref": "master",
		43	"rev": "749623765bef80615fc21e73aff89521d262e277",
		44	"revCount": 796,
		45	"type": "git",
		46	"url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
		47	},
		48	"original": {
		49	"dir": "flakes/libspf2",
		50	"type": "git",
		51	"url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
		52	}
		53	},
		54	"myuids": {
		55	"locked": {
		56	"dir": "flakes/myuids",
		57	"lastModified": 1609548509,
		58	"narHash": "sha256-d9gssVdKV0EaeDU/L5QgQpQwFuxWMbwNQ71i7z4LdDs=",
		59	"ref": "master",
		60	"rev": "749623765bef80615fc21e73aff89521d262e277",
		61	"revCount": 796,
		62	"type": "git",
		63	"url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
		64	},
		65	"original": {
		66	"dir": "flakes/myuids",
		67	"type": "git",
		68	"url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
		69	}
		70	},
		71	"nixpkgs": {
		72	"locked": {
		73	"lastModified": 1611218116,
		74	"narHash": "sha256-CcyGZ8cLlHgiViWyBjRIjdsdRZxJjP2MgtWeuqSv3CE=",
		75	"owner": "NixOS",
		76	"repo": "nixpkgs",
		77	"rev": "30ab92ea31f6b7e9095b1e7e4b56a5000823efdf",
		78	"type": "github"
		79	},
		80	"original": {
		81	"owner": "NixOS",
		82	"repo": "nixpkgs",
		83	"type": "github"
		84	}
		85	},
		86	"nixpkgs_2": {
		87	"locked": {
		88	"lastModified": 1597943282,
		89	"narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=",
		90	"owner": "NixOS",
		91	"repo": "nixpkgs",
		92	"rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38",
		93	"type": "github"
		94	},
		95	"original": {
		96	"owner": "NixOS",
		97	"repo": "nixpkgs",
		98	"type": "github"
		99	}
		100	},
		101	"nixpkgs_3": {
		102	"locked": {
		103	"lastModified": 1597943282,
		104	"narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=",
		105	"owner": "NixOS",
		106	"repo": "nixpkgs",
		107	"rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38",
		108	"type": "github"
		109	},
		110	"original": {
		111	"owner": "NixOS",
		112	"repo": "nixpkgs",
		113	"type": "github"
		114	}
		115	},
		116	"opendmarc": {
		117	"inputs": {
		118	"flake-utils": "flake-utils",
		119	"libspf2": "libspf2",
		120	"myuids": "myuids",
		121	"nixpkgs": "nixpkgs_3"
		122	},
		123	"locked": {
		124	"dir": "flakes/opendmarc",
		125	"lastModified": 1611091761,
		126	"narHash": "sha256-fE3FBeUxVaMezKjEpepdQW9apOza+0AfBALFhaaD0VA=",
		127	"ref": "master",
		128	"rev": "23f9fdf03a6673dbe334ae33be4f498cc4753191",
		129	"revCount": 802,
		130	"type": "git",
		131	"url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
		132	},
		133	"original": {
		134	"dir": "flakes/opendmarc",
		135	"type": "git",
		136	"url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
		137	}
		138	},
		139	"root": {
		140	"inputs": {
		141	"nixpkgs": "nixpkgs",
		142	"opendmarc": "opendmarc"
		143	}
		144	}
		145	},
		146	"root": "root",
		147	"version": 7
		148	}


diff --git a/flakes/private/opendmarc/flake.nix b/flakes/private/opendmarc/flake.nix new file mode 100644 index 0000000..9aeb3db --- /dev/null +++ b/flakes/private/opendmarc/flake.nix
@@ -0,0 +1,60 @@
		1	{
		2	inputs.opendmarc = {
		3	url = "https://git.immae.eu/perso/Immae/Config/Nix.git";
		4	type = "git";
		5	dir = "flakes/opendmarc";
		6	};
		7	inputs.nixpkgs.url = "github:NixOS/nixpkgs";
		8
		9	description = "Private configuration for opendmarc";
		10	outputs = { self, nixpkgs, opendmarc }:
		11	let
		12	cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
		13	users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
		14	systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
		15	services.opendmarc = {
		16	enable = true;
		17	socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
		18	configFile = pkgs.writeText "opendmarc.conf" ''
		19	AuthservID HOSTNAME
		20	FailureReports false
		21	FailureReportsBcc postmaster@immae.eu
		22	FailureReportsOnNone true
		23	FailureReportsSentBy postmaster@immae.eu
		24	IgnoreAuthenticatedClients true
		25	IgnoreHosts ${config.secrets.fullPaths."opendmarc/ignore.hosts"}
		26	SoftwareHeader true
		27	SPFIgnoreResults true
		28	SPFSelfValidate true
		29	UMask 002
		30	'';
		31	group = config.services.postfix.group;
		32	};
		33	services.filesWatcher.opendmarc = {
		34	restart = true;
		35	paths = [
		36	config.secrets.fullPaths."opendmarc/ignore.hosts"
		37	];
		38	};
		39	secrets.keys = [
		40	{
		41	dest = "opendmarc/ignore.hosts";
		42	user = config.services.opendmarc.user;
		43	group = config.services.opendmarc.group;
		44	permissions = "0400";
		45	text = let
		46	mxes = lib.attrsets.filterAttrs
		47	(n: v: v.mx.enable)
		48	config.myEnv.servers;
		49	in
		50	builtins.concatStringsSep "\n" ([
		51	config.myEnv.mail.dmarc.ignore_hosts
		52	] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
		53	}
		54	];
		55	};
		56	in
		57	opendmarc.outputs //
		58	{ nixosModules = opendmarc.nixosModules or {} // nixpkgs.lib.genAttrs ["eldiron" "backup-2"] cfg; };
		59	}
		60