diff options
-rw-r--r-- | flakes/openarc/flake.nix | 4 | ||||
-rw-r--r-- | flakes/opendmarc/flake.nix | 4 | ||||
-rw-r--r-- | flakes/private/openarc/flake.lock | 10 | ||||
-rw-r--r-- | flakes/private/openarc/flake.nix | 16 | ||||
-rw-r--r-- | flakes/private/opendmarc/flake.lock | 8 | ||||
-rw-r--r-- | flakes/private/opendmarc/flake.nix | 9 | ||||
-rw-r--r-- | modules/default.nix | 4 | ||||
-rw-r--r-- | modules/private/mail/milters.nix | 4 |
8 files changed, 34 insertions, 25 deletions
diff --git a/flakes/openarc/flake.nix b/flakes/openarc/flake.nix index f4ce653..6fd45bf 100644 --- a/flakes/openarc/flake.nix +++ b/flakes/openarc/flake.nix | |||
@@ -63,8 +63,8 @@ | |||
63 | nixosModule = { config, lib, pkgs, ... }: | 63 | nixosModule = { config, lib, pkgs, ... }: |
64 | let | 64 | let |
65 | cfg = config.services.openarc; | 65 | cfg = config.services.openarc; |
66 | defaultSock = "local:/run/openarc/openarc.sock"; | 66 | defaultSock = "/run/openarc/openarc.sock"; |
67 | args = [ "-f" "-p" cfg.socket ] ++ lib.optionals (cfg.configFile != null) [ "-c" cfg.configFile ]; | 67 | args = [ "-f" "-p" "local:${cfg.socket}" ] ++ lib.optionals (cfg.configFile != null) [ "-c" cfg.configFile ]; |
68 | in { | 68 | in { |
69 | options = { | 69 | options = { |
70 | services.openarc = { | 70 | services.openarc = { |
diff --git a/flakes/opendmarc/flake.nix b/flakes/opendmarc/flake.nix index f1877b6..277fd25 100644 --- a/flakes/opendmarc/flake.nix +++ b/flakes/opendmarc/flake.nix | |||
@@ -48,8 +48,8 @@ | |||
48 | nixosModule = { config, lib, pkgs, ... }: | 48 | nixosModule = { config, lib, pkgs, ... }: |
49 | let | 49 | let |
50 | cfg = config.services.opendmarc; | 50 | cfg = config.services.opendmarc; |
51 | defaultSock = "local:/run/opendmarc/opendmarc.sock"; | 51 | defaultSock = "/run/opendmarc/opendmarc.sock"; |
52 | args = [ "-f" "-l" "-p" cfg.socket ] ++ lib.optionals (cfg.configFile != null) [ "-c" cfg.configFile ]; | 52 | args = [ "-f" "-l" "-p" "local:${cfg.socket}" ] ++ lib.optionals (cfg.configFile != null) [ "-c" cfg.configFile ]; |
53 | in { | 53 | in { |
54 | options = { | 54 | options = { |
55 | services.opendmarc = { | 55 | services.opendmarc = { |
diff --git a/flakes/private/openarc/flake.lock b/flakes/private/openarc/flake.lock index 76ddaed..f0f56c7 100644 --- a/flakes/private/openarc/flake.lock +++ b/flakes/private/openarc/flake.lock | |||
@@ -31,7 +31,7 @@ | |||
31 | "nixpkgs": "nixpkgs" | 31 | "nixpkgs": "nixpkgs" |
32 | }, | 32 | }, |
33 | "locked": { | 33 | "locked": { |
34 | "narHash": "sha256-YJREl39cf4zrFdAULMu1Yjg7hIEZCLuCnP8qJvWbIvM=", | 34 | "narHash": "sha256-HGNP1eH7b42BxViYx/F3ZPO9CM1X+5qfA9JoP2ArN+s=", |
35 | "path": "../../lib", | 35 | "path": "../../lib", |
36 | "type": "path" | 36 | "type": "path" |
37 | }, | 37 | }, |
@@ -59,11 +59,11 @@ | |||
59 | }, | 59 | }, |
60 | "nix-lib": { | 60 | "nix-lib": { |
61 | "locked": { | 61 | "locked": { |
62 | "lastModified": 1629758329, | 62 | "lastModified": 1633008342, |
63 | "narHash": "sha256-Qdno5vgP0pnc+nEB5DjYGseW+4MuXiJMfc6cHwalCXY=", | 63 | "narHash": "sha256-wZV5YidnsqV/iufDIhaZip3LzwUGeIt8wtdiGS5+cXc=", |
64 | "owner": "NixOS", | 64 | "owner": "NixOS", |
65 | "repo": "nixpkgs", | 65 | "repo": "nixpkgs", |
66 | "rev": "99967a54d893b9742b38809ccfe3172b6918bdef", | 66 | "rev": "6eae8a116011f4db0aa5146f364820024411d6bb", |
67 | "type": "github" | 67 | "type": "github" |
68 | }, | 68 | }, |
69 | "original": { | 69 | "original": { |
@@ -110,7 +110,7 @@ | |||
110 | "openarc": "openarc_2" | 110 | "openarc": "openarc_2" |
111 | }, | 111 | }, |
112 | "locked": { | 112 | "locked": { |
113 | "narHash": "sha256-w+MiC+2IBNsXJT9Ln5TBfipv0eCqZOdyY/BYGFVu+nk=", | 113 | "narHash": "sha256-ilrfNs6jpi1OceDE3y1atkovECx6PKNWubwLc0Sjx+s=", |
114 | "path": "../../openarc", | 114 | "path": "../../openarc", |
115 | "type": "path" | 115 | "type": "path" |
116 | }, | 116 | }, |
diff --git a/flakes/private/openarc/flake.nix b/flakes/private/openarc/flake.nix index 9cc9aed..5c4b73c 100644 --- a/flakes/private/openarc/flake.nix +++ b/flakes/private/openarc/flake.nix | |||
@@ -17,12 +17,17 @@ | |||
17 | outputs = { self, nix-lib, my-lib, files-watcher, openarc }: | 17 | outputs = { self, nix-lib, my-lib, files-watcher, openarc }: |
18 | let | 18 | let |
19 | cfg = name': { config, lib, pkgs, name, ... }: { | 19 | cfg = name': { config, lib, pkgs, name, ... }: { |
20 | imports = [ (my-lib.lib.withNarKey files-watcher "nixosModule") ]; | 20 | imports = [ |
21 | (my-lib.lib.withNarKey files-watcher "nixosModule") | ||
22 | (my-lib.lib.withNarKey openarc "nixosModule") | ||
23 | #FIXME: | ||
24 | #(my-lib.lib.withNarKey secrets "nixosModule") | ||
25 | ]; | ||
21 | config = lib.mkIf (name == name') { | 26 | config = lib.mkIf (name == name') { |
22 | services.openarc = { | 27 | services.openarc = { |
23 | enable = true; | 28 | enable = true; |
24 | user = "opendkim"; | 29 | user = "opendkim"; |
25 | socket = "local:${config.myServices.mail.milters.sockets.openarc}"; | 30 | socket = "/run/openarc/openarc.sock"; |
26 | group = config.services.postfix.group; | 31 | group = config.services.postfix.group; |
27 | configFile = pkgs.writeText "openarc.conf" '' | 32 | configFile = pkgs.writeText "openarc.conf" '' |
28 | AuthservID mail.immae.eu | 33 | AuthservID mail.immae.eu |
@@ -35,12 +40,11 @@ | |||
35 | ''; | 40 | ''; |
36 | }; | 41 | }; |
37 | systemd.services.openarc.serviceConfig.Slice = "mail.slice"; | 42 | systemd.services.openarc.serviceConfig.Slice = "mail.slice"; |
38 | systemd.services.openarc.postStart = lib.optionalString | 43 | systemd.services.openarc.postStart = '' |
39 | (lib.strings.hasPrefix "local:" config.services.openarc.socket) '' | 44 | while [ ! -S ${config.services.openarc.socket} ]; do |
40 | while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do | ||
41 | sleep 0.5 | 45 | sleep 0.5 |
42 | done | 46 | done |
43 | chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket} | 47 | chmod g+w ${config.services.openarc.socket} |
44 | ''; | 48 | ''; |
45 | services.filesWatcher.openarc = { | 49 | services.filesWatcher.openarc = { |
46 | restart = true; | 50 | restart = true; |
diff --git a/flakes/private/opendmarc/flake.lock b/flakes/private/opendmarc/flake.lock index ea056e5..121f51d 100644 --- a/flakes/private/opendmarc/flake.lock +++ b/flakes/private/opendmarc/flake.lock | |||
@@ -59,11 +59,11 @@ | |||
59 | }, | 59 | }, |
60 | "nix-lib": { | 60 | "nix-lib": { |
61 | "locked": { | 61 | "locked": { |
62 | "lastModified": 1630358951, | 62 | "lastModified": 1633008342, |
63 | "narHash": "sha256-y6jh6YDWX6fX88tS9bSFOVSnckCL4qgt7UqUJhLPSx8=", | 63 | "narHash": "sha256-wZV5YidnsqV/iufDIhaZip3LzwUGeIt8wtdiGS5+cXc=", |
64 | "owner": "NixOS", | 64 | "owner": "NixOS", |
65 | "repo": "nixpkgs", | 65 | "repo": "nixpkgs", |
66 | "rev": "2d786792ca69c98a8655858464e53698ad7311e2", | 66 | "rev": "6eae8a116011f4db0aa5146f364820024411d6bb", |
67 | "type": "github" | 67 | "type": "github" |
68 | }, | 68 | }, |
69 | "original": { | 69 | "original": { |
@@ -109,7 +109,7 @@ | |||
109 | "nixpkgs": "nixpkgs_2" | 109 | "nixpkgs": "nixpkgs_2" |
110 | }, | 110 | }, |
111 | "locked": { | 111 | "locked": { |
112 | "narHash": "sha256-eIe5hzNsp1zz5m4ZMzORwdHuLkhEsKkS7WMpPOJE4ok=", | 112 | "narHash": "sha256-7jup/d3+WXXWsNMB7Sp5Py4rJQV30Z5+PJITBISbQ9o=", |
113 | "path": "../../opendmarc", | 113 | "path": "../../opendmarc", |
114 | "type": "path" | 114 | "type": "path" |
115 | }, | 115 | }, |
diff --git a/flakes/private/opendmarc/flake.nix b/flakes/private/opendmarc/flake.nix index 4b54ccf..debcfbd 100644 --- a/flakes/private/opendmarc/flake.nix +++ b/flakes/private/opendmarc/flake.nix | |||
@@ -17,13 +17,18 @@ | |||
17 | outputs = { self, nix-lib, opendmarc, my-lib, files-watcher }: | 17 | outputs = { self, nix-lib, opendmarc, my-lib, files-watcher }: |
18 | let | 18 | let |
19 | cfg = name': { config, lib, pkgs, name, ... }: { | 19 | cfg = name': { config, lib, pkgs, name, ... }: { |
20 | imports = [ (my-lib.lib.withNarKey files-watcher "nixosModule") ]; | 20 | imports = [ |
21 | (my-lib.lib.withNarKey files-watcher "nixosModule") | ||
22 | (my-lib.lib.withNarKey opendmarc "nixosModule") | ||
23 | #FIXME: | ||
24 | #(my-lib.lib.withNarKey secrets "nixosModule") | ||
25 | ]; | ||
21 | config = lib.mkIf (name == name') { | 26 | config = lib.mkIf (name == name') { |
22 | users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ]; | 27 | users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ]; |
23 | systemd.services.opendmarc.serviceConfig.Slice = "mail.slice"; | 28 | systemd.services.opendmarc.serviceConfig.Slice = "mail.slice"; |
24 | services.opendmarc = { | 29 | services.opendmarc = { |
25 | enable = true; | 30 | enable = true; |
26 | socket = "local:${config.myServices.mail.milters.sockets.opendmarc}"; | 31 | socket = "/run/opendmarc/opendmarc.sock"; |
27 | configFile = pkgs.writeText "opendmarc.conf" '' | 32 | configFile = pkgs.writeText "opendmarc.conf" '' |
28 | AuthservID HOSTNAME | 33 | AuthservID HOSTNAME |
29 | FailureReports false | 34 | FailureReports false |
diff --git a/modules/default.nix b/modules/default.nix index 5359e9c..11b3081 100644 --- a/modules/default.nix +++ b/modules/default.nix | |||
@@ -16,8 +16,8 @@ in | |||
16 | fiche = ./webapps/fiche.nix; | 16 | fiche = ./webapps/fiche.nix; |
17 | paste = (flakeCompat ../flakes/paste).nixosModule; | 17 | paste = (flakeCompat ../flakes/paste).nixosModule; |
18 | 18 | ||
19 | opendmarc = (flakeCompat ../flakes/opendmarc).nixosModule; | 19 | opendmarc = flakeLib.withNarKeyCompat flakeCompat ../flakes/opendmarc "nixosModule"; |
20 | openarc = (flakeCompat ../flakes/openarc).nixosModule; | 20 | openarc = flakeLib.withNarKeyCompat flakeCompat ../flakes/openarc "nixosModule"; |
21 | 21 | ||
22 | duplyBackup = ./duply_backup; | 22 | duplyBackup = ./duply_backup; |
23 | rsyncBackup = ./rsync_backup; | 23 | rsyncBackup = ./rsync_backup; |
diff --git a/modules/private/mail/milters.nix b/modules/private/mail/milters.nix index e00a2f3..4291993 100644 --- a/modules/private/mail/milters.nix +++ b/modules/private/mail/milters.nix | |||
@@ -8,8 +8,8 @@ | |||
8 | type = lib.types.attrsOf lib.types.path; | 8 | type = lib.types.attrsOf lib.types.path; |
9 | default = { | 9 | default = { |
10 | opendkim = "/run/opendkim/opendkim.sock"; | 10 | opendkim = "/run/opendkim/opendkim.sock"; |
11 | opendmarc = "/run/opendmarc/opendmarc.sock"; | 11 | opendmarc = config.services.opendmarc.socket; |
12 | openarc = "/run/openarc/openarc.sock"; | 12 | openarc = config.services.openarc.socket; |
13 | }; | 13 | }; |
14 | readOnly = true; | 14 | readOnly = true; |
15 | description = '' | 15 | description = '' |