aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--flakes/openarc/flake.nix4
-rw-r--r--flakes/opendmarc/flake.nix4
-rw-r--r--flakes/private/openarc/flake.lock10
-rw-r--r--flakes/private/openarc/flake.nix16
-rw-r--r--flakes/private/opendmarc/flake.lock8
-rw-r--r--flakes/private/opendmarc/flake.nix9
-rw-r--r--modules/default.nix4
-rw-r--r--modules/private/mail/milters.nix4
8 files changed, 34 insertions, 25 deletions
diff --git a/flakes/openarc/flake.nix b/flakes/openarc/flake.nix
index f4ce653..6fd45bf 100644
--- a/flakes/openarc/flake.nix
+++ b/flakes/openarc/flake.nix
@@ -63,8 +63,8 @@
63 nixosModule = { config, lib, pkgs, ... }: 63 nixosModule = { config, lib, pkgs, ... }:
64 let 64 let
65 cfg = config.services.openarc; 65 cfg = config.services.openarc;
66 defaultSock = "local:/run/openarc/openarc.sock"; 66 defaultSock = "/run/openarc/openarc.sock";
67 args = [ "-f" "-p" cfg.socket ] ++ lib.optionals (cfg.configFile != null) [ "-c" cfg.configFile ]; 67 args = [ "-f" "-p" "local:${cfg.socket}" ] ++ lib.optionals (cfg.configFile != null) [ "-c" cfg.configFile ];
68 in { 68 in {
69 options = { 69 options = {
70 services.openarc = { 70 services.openarc = {
diff --git a/flakes/opendmarc/flake.nix b/flakes/opendmarc/flake.nix
index f1877b6..277fd25 100644
--- a/flakes/opendmarc/flake.nix
+++ b/flakes/opendmarc/flake.nix
@@ -48,8 +48,8 @@
48 nixosModule = { config, lib, pkgs, ... }: 48 nixosModule = { config, lib, pkgs, ... }:
49 let 49 let
50 cfg = config.services.opendmarc; 50 cfg = config.services.opendmarc;
51 defaultSock = "local:/run/opendmarc/opendmarc.sock"; 51 defaultSock = "/run/opendmarc/opendmarc.sock";
52 args = [ "-f" "-l" "-p" cfg.socket ] ++ lib.optionals (cfg.configFile != null) [ "-c" cfg.configFile ]; 52 args = [ "-f" "-l" "-p" "local:${cfg.socket}" ] ++ lib.optionals (cfg.configFile != null) [ "-c" cfg.configFile ];
53 in { 53 in {
54 options = { 54 options = {
55 services.opendmarc = { 55 services.opendmarc = {
diff --git a/flakes/private/openarc/flake.lock b/flakes/private/openarc/flake.lock
index 76ddaed..f0f56c7 100644
--- a/flakes/private/openarc/flake.lock
+++ b/flakes/private/openarc/flake.lock
@@ -31,7 +31,7 @@
31 "nixpkgs": "nixpkgs" 31 "nixpkgs": "nixpkgs"
32 }, 32 },
33 "locked": { 33 "locked": {
34 "narHash": "sha256-YJREl39cf4zrFdAULMu1Yjg7hIEZCLuCnP8qJvWbIvM=", 34 "narHash": "sha256-HGNP1eH7b42BxViYx/F3ZPO9CM1X+5qfA9JoP2ArN+s=",
35 "path": "../../lib", 35 "path": "../../lib",
36 "type": "path" 36 "type": "path"
37 }, 37 },
@@ -59,11 +59,11 @@
59 }, 59 },
60 "nix-lib": { 60 "nix-lib": {
61 "locked": { 61 "locked": {
62 "lastModified": 1629758329, 62 "lastModified": 1633008342,
63 "narHash": "sha256-Qdno5vgP0pnc+nEB5DjYGseW+4MuXiJMfc6cHwalCXY=", 63 "narHash": "sha256-wZV5YidnsqV/iufDIhaZip3LzwUGeIt8wtdiGS5+cXc=",
64 "owner": "NixOS", 64 "owner": "NixOS",
65 "repo": "nixpkgs", 65 "repo": "nixpkgs",
66 "rev": "99967a54d893b9742b38809ccfe3172b6918bdef", 66 "rev": "6eae8a116011f4db0aa5146f364820024411d6bb",
67 "type": "github" 67 "type": "github"
68 }, 68 },
69 "original": { 69 "original": {
@@ -110,7 +110,7 @@
110 "openarc": "openarc_2" 110 "openarc": "openarc_2"
111 }, 111 },
112 "locked": { 112 "locked": {
113 "narHash": "sha256-w+MiC+2IBNsXJT9Ln5TBfipv0eCqZOdyY/BYGFVu+nk=", 113 "narHash": "sha256-ilrfNs6jpi1OceDE3y1atkovECx6PKNWubwLc0Sjx+s=",
114 "path": "../../openarc", 114 "path": "../../openarc",
115 "type": "path" 115 "type": "path"
116 }, 116 },
diff --git a/flakes/private/openarc/flake.nix b/flakes/private/openarc/flake.nix
index 9cc9aed..5c4b73c 100644
--- a/flakes/private/openarc/flake.nix
+++ b/flakes/private/openarc/flake.nix
@@ -17,12 +17,17 @@
17 outputs = { self, nix-lib, my-lib, files-watcher, openarc }: 17 outputs = { self, nix-lib, my-lib, files-watcher, openarc }:
18 let 18 let
19 cfg = name': { config, lib, pkgs, name, ... }: { 19 cfg = name': { config, lib, pkgs, name, ... }: {
20 imports = [ (my-lib.lib.withNarKey files-watcher "nixosModule") ]; 20 imports = [
21 (my-lib.lib.withNarKey files-watcher "nixosModule")
22 (my-lib.lib.withNarKey openarc "nixosModule")
23 #FIXME:
24 #(my-lib.lib.withNarKey secrets "nixosModule")
25 ];
21 config = lib.mkIf (name == name') { 26 config = lib.mkIf (name == name') {
22 services.openarc = { 27 services.openarc = {
23 enable = true; 28 enable = true;
24 user = "opendkim"; 29 user = "opendkim";
25 socket = "local:${config.myServices.mail.milters.sockets.openarc}"; 30 socket = "/run/openarc/openarc.sock";
26 group = config.services.postfix.group; 31 group = config.services.postfix.group;
27 configFile = pkgs.writeText "openarc.conf" '' 32 configFile = pkgs.writeText "openarc.conf" ''
28 AuthservID mail.immae.eu 33 AuthservID mail.immae.eu
@@ -35,12 +40,11 @@
35 ''; 40 '';
36 }; 41 };
37 systemd.services.openarc.serviceConfig.Slice = "mail.slice"; 42 systemd.services.openarc.serviceConfig.Slice = "mail.slice";
38 systemd.services.openarc.postStart = lib.optionalString 43 systemd.services.openarc.postStart = ''
39 (lib.strings.hasPrefix "local:" config.services.openarc.socket) '' 44 while [ ! -S ${config.services.openarc.socket} ]; do
40 while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do
41 sleep 0.5 45 sleep 0.5
42 done 46 done
43 chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket} 47 chmod g+w ${config.services.openarc.socket}
44 ''; 48 '';
45 services.filesWatcher.openarc = { 49 services.filesWatcher.openarc = {
46 restart = true; 50 restart = true;
diff --git a/flakes/private/opendmarc/flake.lock b/flakes/private/opendmarc/flake.lock
index ea056e5..121f51d 100644
--- a/flakes/private/opendmarc/flake.lock
+++ b/flakes/private/opendmarc/flake.lock
@@ -59,11 +59,11 @@
59 }, 59 },
60 "nix-lib": { 60 "nix-lib": {
61 "locked": { 61 "locked": {
62 "lastModified": 1630358951, 62 "lastModified": 1633008342,
63 "narHash": "sha256-y6jh6YDWX6fX88tS9bSFOVSnckCL4qgt7UqUJhLPSx8=", 63 "narHash": "sha256-wZV5YidnsqV/iufDIhaZip3LzwUGeIt8wtdiGS5+cXc=",
64 "owner": "NixOS", 64 "owner": "NixOS",
65 "repo": "nixpkgs", 65 "repo": "nixpkgs",
66 "rev": "2d786792ca69c98a8655858464e53698ad7311e2", 66 "rev": "6eae8a116011f4db0aa5146f364820024411d6bb",
67 "type": "github" 67 "type": "github"
68 }, 68 },
69 "original": { 69 "original": {
@@ -109,7 +109,7 @@
109 "nixpkgs": "nixpkgs_2" 109 "nixpkgs": "nixpkgs_2"
110 }, 110 },
111 "locked": { 111 "locked": {
112 "narHash": "sha256-eIe5hzNsp1zz5m4ZMzORwdHuLkhEsKkS7WMpPOJE4ok=", 112 "narHash": "sha256-7jup/d3+WXXWsNMB7Sp5Py4rJQV30Z5+PJITBISbQ9o=",
113 "path": "../../opendmarc", 113 "path": "../../opendmarc",
114 "type": "path" 114 "type": "path"
115 }, 115 },
diff --git a/flakes/private/opendmarc/flake.nix b/flakes/private/opendmarc/flake.nix
index 4b54ccf..debcfbd 100644
--- a/flakes/private/opendmarc/flake.nix
+++ b/flakes/private/opendmarc/flake.nix
@@ -17,13 +17,18 @@
17 outputs = { self, nix-lib, opendmarc, my-lib, files-watcher }: 17 outputs = { self, nix-lib, opendmarc, my-lib, files-watcher }:
18 let 18 let
19 cfg = name': { config, lib, pkgs, name, ... }: { 19 cfg = name': { config, lib, pkgs, name, ... }: {
20 imports = [ (my-lib.lib.withNarKey files-watcher "nixosModule") ]; 20 imports = [
21 (my-lib.lib.withNarKey files-watcher "nixosModule")
22 (my-lib.lib.withNarKey opendmarc "nixosModule")
23 #FIXME:
24 #(my-lib.lib.withNarKey secrets "nixosModule")
25 ];
21 config = lib.mkIf (name == name') { 26 config = lib.mkIf (name == name') {
22 users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ]; 27 users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
23 systemd.services.opendmarc.serviceConfig.Slice = "mail.slice"; 28 systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
24 services.opendmarc = { 29 services.opendmarc = {
25 enable = true; 30 enable = true;
26 socket = "local:${config.myServices.mail.milters.sockets.opendmarc}"; 31 socket = "/run/opendmarc/opendmarc.sock";
27 configFile = pkgs.writeText "opendmarc.conf" '' 32 configFile = pkgs.writeText "opendmarc.conf" ''
28 AuthservID HOSTNAME 33 AuthservID HOSTNAME
29 FailureReports false 34 FailureReports false
diff --git a/modules/default.nix b/modules/default.nix
index 5359e9c..11b3081 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -16,8 +16,8 @@ in
16 fiche = ./webapps/fiche.nix; 16 fiche = ./webapps/fiche.nix;
17 paste = (flakeCompat ../flakes/paste).nixosModule; 17 paste = (flakeCompat ../flakes/paste).nixosModule;
18 18
19 opendmarc = (flakeCompat ../flakes/opendmarc).nixosModule; 19 opendmarc = flakeLib.withNarKeyCompat flakeCompat ../flakes/opendmarc "nixosModule";
20 openarc = (flakeCompat ../flakes/openarc).nixosModule; 20 openarc = flakeLib.withNarKeyCompat flakeCompat ../flakes/openarc "nixosModule";
21 21
22 duplyBackup = ./duply_backup; 22 duplyBackup = ./duply_backup;
23 rsyncBackup = ./rsync_backup; 23 rsyncBackup = ./rsync_backup;
diff --git a/modules/private/mail/milters.nix b/modules/private/mail/milters.nix
index e00a2f3..4291993 100644
--- a/modules/private/mail/milters.nix
+++ b/modules/private/mail/milters.nix
@@ -8,8 +8,8 @@
8 type = lib.types.attrsOf lib.types.path; 8 type = lib.types.attrsOf lib.types.path;
9 default = { 9 default = {
10 opendkim = "/run/opendkim/opendkim.sock"; 10 opendkim = "/run/opendkim/opendkim.sock";
11 opendmarc = "/run/opendmarc/opendmarc.sock"; 11 opendmarc = config.services.opendmarc.socket;
12 openarc = "/run/openarc/openarc.sock"; 12 openarc = config.services.openarc.socket;
13 }; 13 };
14 readOnly = true; 14 readOnly = true;
15 description = '' 15 description = ''