3 files changed, 40 insertions, 31 deletions

diff --git a/flakes/openarc/flake.nix b/flakes/openarc/flake.nix
index bdb0358..9bc104d 100644
--- a/flakes/openarc/flake.nix
+++ b/flakes/openarc/flake.nix
@@ -75,6 +75,7 @@
         };
     }) // {
       hydraJobs.build = nixpkgs.lib.genAttrs flake-utils.lib.defaultSystems (system: self.defaultPackage."${system}");
+      nixosModules = (if builtins.pathExists ./private.nix then import ./private.nix nixpkgs else {});
       nixosModule = { config, lib, pkgs, ... }:
         let
           cfg = config.services.openarc;
diff --git a/flakes/openarc/private.nix b/flakes/openarc/private.nix
new file mode 100644
index 0000000..5244ca9
--- /dev/null
+++ b/flakes/openarc/private.nix
@@ -0,0 +1,35 @@
+pkgs:
+let
+  cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
+    services.openarc = {
+      enable = true;
+      user = "opendkim";
+      socket = "local:${config.myServices.mail.milters.sockets.openarc}";
+      group = config.services.postfix.group;
+      configFile = pkgs.writeText "openarc.conf" ''
+        AuthservID              mail.immae.eu
+        Domain                  mail.immae.eu
+        KeyFile                 ${config.secrets.fullPaths."opendkim/eldiron.private"}
+        Mode                    sv
+        Selector                eldiron
+        SoftwareHeader          yes
+        Syslog                  Yes
+        '';
+    };
+    systemd.services.openarc.serviceConfig.Slice = "mail.slice";
+    systemd.services.openarc.postStart = lib.optionalString
+          (lib.strings.hasPrefix "local:" config.services.openarc.socket) ''
+      while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do
+        sleep 0.5
+      done
+      chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket}
+      '';
+    services.filesWatcher.openarc = {
+      restart = true;
+      paths = [
+        config.secrets.fullPaths."opendkim/eldiron.private"
+      ];
+    };
+  };
+in
+  pkgs.lib.genAttrs ["eldiron" "backup-2"] cfg
diff --git a/modules/private/mail/milters.nix b/modules/private/mail/milters.nix
index 02c35c8..96c2800 100644
--- a/modules/private/mail/milters.nix
+++ b/modules/private/mail/milters.nix
@@ -1,5 +1,8 @@
-{ lib, pkgs, config, ... }:
+{ lib, pkgs, config, name, ... }:
 {
+  imports =
+    builtins.attrValues (import ../../../lib/flake-compat.nix ../../../flakes/openarc).nixosModules;
+
   options.myServices.mail.milters.sockets = lib.mkOption {
     type = lib.types.attrsOf lib.types.path;
     default = {
@@ -103,36 +106,6 @@
       ];
     };
 
-    services.openarc = {
-      enable = true;
-      user = "opendkim";
-      socket = "local:${config.myServices.mail.milters.sockets.openarc}";
-      group = config.services.postfix.group;
-      configFile = pkgs.writeText "openarc.conf" ''
-        AuthservID              mail.immae.eu
-        Domain                  mail.immae.eu
-        KeyFile                 ${config.secrets.fullPaths."opendkim/eldiron.private"}
-        Mode                    sv
-        Selector                eldiron
-        SoftwareHeader          yes
-        Syslog                  Yes
-        '';
-    };
-    systemd.services.openarc.serviceConfig.Slice = "mail.slice";
-    systemd.services.openarc.postStart = lib.optionalString
-          (lib.strings.hasPrefix "local:" config.services.openarc.socket) ''
-      while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do
-        sleep 0.5
-      done
-      chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket}
-      '';
-    services.filesWatcher.openarc = {
-      restart = true;
-      paths = [
-        config.secrets.fullPaths."opendkim/eldiron.private"
-      ];
-    };
-
     systemd.services.milter_verify_from = {
       description  = "Verify from milter";
       after = [ "network.target" ];