diff options
Diffstat (limited to 'flakes/private/openarc/flake.nix')
-rw-r--r-- | flakes/private/openarc/flake.nix | 96 |
1 files changed, 40 insertions, 56 deletions
diff --git a/flakes/private/openarc/flake.nix b/flakes/private/openarc/flake.nix index b4ab4c8..56c3a1a 100644 --- a/flakes/private/openarc/flake.nix +++ b/flakes/private/openarc/flake.nix | |||
@@ -1,63 +1,47 @@ | |||
1 | { | 1 | { |
2 | inputs.openarc = { | 2 | inputs.openarc.url = "path:../../openarc"; |
3 | path = "../../openarc"; | 3 | inputs.secrets.url = "path:../../secrets"; |
4 | type = "path"; | 4 | inputs.files-watcher.url = "path:../../files-watcher"; |
5 | }; | ||
6 | inputs.secrets = { | ||
7 | path = "../../secrets"; | ||
8 | type = "path"; | ||
9 | }; | ||
10 | inputs.files-watcher = { | ||
11 | path = "../../files-watcher"; | ||
12 | type = "path"; | ||
13 | }; | ||
14 | inputs.my-lib = { | ||
15 | path = "../../lib"; | ||
16 | type = "path"; | ||
17 | }; | ||
18 | inputs.nix-lib.url = "github:NixOS/nixpkgs"; | ||
19 | 5 | ||
20 | description = "Private configuration for openarc"; | 6 | description = "Private configuration for openarc"; |
21 | outputs = { self, nix-lib, my-lib, files-watcher, openarc, secrets }: | 7 | outputs = { self, files-watcher, openarc, secrets }: { |
22 | let | 8 | nixosModule = self.nixosModules.openarc; |
23 | cfg = name': { config, lib, pkgs, name, ... }: { | 9 | nixosModules.openarc = { config, pkgs, ... }: { |
24 | imports = [ | 10 | imports = [ |
25 | (my-lib.lib.withNarKey files-watcher "nixosModule") | 11 | files-watcher.nixosModule |
26 | (my-lib.lib.withNarKey openarc "nixosModule") | 12 | openarc.nixosModule |
27 | (my-lib.lib.withNarKey secrets "nixosModule") | 13 | secrets.nixosModule |
28 | ]; | 14 | ]; |
29 | config = lib.mkIf (name == name') { | 15 | config = { |
30 | services.openarc = { | 16 | services.openarc = { |
31 | enable = true; | 17 | enable = true; |
32 | user = "opendkim"; | 18 | user = "opendkim"; |
33 | socket = "/run/openarc/openarc.sock"; | 19 | socket = "/run/openarc/openarc.sock"; |
34 | group = config.services.postfix.group; | 20 | group = config.services.postfix.group; |
35 | configFile = pkgs.writeText "openarc.conf" '' | 21 | configFile = pkgs.writeText "openarc.conf" '' |
36 | AuthservID mail.immae.eu | 22 | AuthservID mail.immae.eu |
37 | Domain mail.immae.eu | 23 | Domain mail.immae.eu |
38 | KeyFile ${config.secrets.fullPaths."opendkim/eldiron.private"} | 24 | KeyFile ${config.secrets.fullPaths."opendkim/eldiron.private"} |
39 | Mode sv | 25 | Mode sv |
40 | Selector eldiron | 26 | Selector eldiron |
41 | SoftwareHeader yes | 27 | SoftwareHeader yes |
42 | Syslog Yes | 28 | Syslog Yes |
43 | ''; | ||
44 | }; | ||
45 | systemd.services.openarc.serviceConfig.Slice = "mail.slice"; | ||
46 | systemd.services.openarc.postStart = '' | ||
47 | while [ ! -S ${config.services.openarc.socket} ]; do | ||
48 | sleep 0.5 | ||
49 | done | ||
50 | chmod g+w ${config.services.openarc.socket} | ||
51 | ''; | 29 | ''; |
52 | services.filesWatcher.openarc = { | 30 | }; |
53 | restart = true; | 31 | systemd.services.openarc.serviceConfig.Slice = "mail.slice"; |
54 | paths = [ | 32 | systemd.services.openarc.postStart = '' |
55 | config.secrets.fullPaths."opendkim/eldiron.private" | 33 | while [ ! -S ${config.services.openarc.socket} ]; do |
56 | ]; | 34 | sleep 0.5 |
57 | }; | 35 | done |
36 | chmod g+w ${config.services.openarc.socket} | ||
37 | ''; | ||
38 | services.filesWatcher.openarc = { | ||
39 | restart = true; | ||
40 | paths = [ | ||
41 | config.secrets.fullPaths."opendkim/eldiron.private" | ||
42 | ]; | ||
58 | }; | 43 | }; |
59 | }; | 44 | }; |
60 | in | 45 | }; |
61 | openarc.outputs // | 46 | }; |
62 | { nixosModules = openarc.nixosModules or {} // nix-lib.lib.genAttrs ["eldiron" "backup-2"] cfg; }; | ||
63 | } | 47 | } |