aboutsummaryrefslogtreecommitdiff
path: root/flakes/private/openarc
diff options
context:
space:
mode:
Diffstat (limited to 'flakes/private/openarc')
-rw-r--r--flakes/private/openarc/flake.lock44
-rw-r--r--flakes/private/openarc/flake.nix69
2 files changed, 83 insertions, 30 deletions
diff --git a/flakes/private/openarc/flake.lock b/flakes/private/openarc/flake.lock
index f15e441..76ddaed 100644
--- a/flakes/private/openarc/flake.lock
+++ b/flakes/private/openarc/flake.lock
@@ -1,5 +1,16 @@
1{ 1{
2 "nodes": { 2 "nodes": {
3 "files-watcher": {
4 "locked": {
5 "narHash": "sha256-6urOJuzXsu4HJHyVmrZHd40SMzzTeHiOiDOM40q53Y0=",
6 "path": "../../files-watcher",
7 "type": "path"
8 },
9 "original": {
10 "path": "../../files-watcher",
11 "type": "path"
12 }
13 },
3 "flake-utils": { 14 "flake-utils": {
4 "locked": { 15 "locked": {
5 "lastModified": 1609246779, 16 "lastModified": 1609246779,
@@ -15,6 +26,20 @@
15 "type": "github" 26 "type": "github"
16 } 27 }
17 }, 28 },
29 "my-lib": {
30 "inputs": {
31 "nixpkgs": "nixpkgs"
32 },
33 "locked": {
34 "narHash": "sha256-YJREl39cf4zrFdAULMu1Yjg7hIEZCLuCnP8qJvWbIvM=",
35 "path": "../../lib",
36 "type": "path"
37 },
38 "original": {
39 "path": "../../lib",
40 "type": "path"
41 }
42 },
18 "myuids": { 43 "myuids": {
19 "locked": { 44 "locked": {
20 "dir": "flakes/myuids", 45 "dir": "flakes/myuids",
@@ -49,6 +74,21 @@
49 }, 74 },
50 "nixpkgs": { 75 "nixpkgs": {
51 "locked": { 76 "locked": {
77 "lastModified": 1631570365,
78 "narHash": "sha256-vc6bfo0hijpicdUDiui2DvZXmpIP2iqOFZRcpMOuYPo=",
79 "owner": "NixOS",
80 "repo": "nixpkgs",
81 "rev": "df7113c0727881519248d4c7d080324e0ee3327b",
82 "type": "github"
83 },
84 "original": {
85 "owner": "NixOS",
86 "repo": "nixpkgs",
87 "type": "github"
88 }
89 },
90 "nixpkgs_2": {
91 "locked": {
52 "lastModified": 1597943282, 92 "lastModified": 1597943282,
53 "narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=", 93 "narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=",
54 "owner": "NixOS", 94 "owner": "NixOS",
@@ -66,7 +106,7 @@
66 "inputs": { 106 "inputs": {
67 "flake-utils": "flake-utils", 107 "flake-utils": "flake-utils",
68 "myuids": "myuids", 108 "myuids": "myuids",
69 "nixpkgs": "nixpkgs", 109 "nixpkgs": "nixpkgs_2",
70 "openarc": "openarc_2" 110 "openarc": "openarc_2"
71 }, 111 },
72 "locked": { 112 "locked": {
@@ -97,6 +137,8 @@
97 }, 137 },
98 "root": { 138 "root": {
99 "inputs": { 139 "inputs": {
140 "files-watcher": "files-watcher",
141 "my-lib": "my-lib",
100 "nix-lib": "nix-lib", 142 "nix-lib": "nix-lib",
101 "openarc": "openarc" 143 "openarc": "openarc"
102 } 144 }
diff --git a/flakes/private/openarc/flake.nix b/flakes/private/openarc/flake.nix
index fd8ec56..9cc9aed 100644
--- a/flakes/private/openarc/flake.nix
+++ b/flakes/private/openarc/flake.nix
@@ -3,40 +3,51 @@
3 path = "../../openarc"; 3 path = "../../openarc";
4 type = "path"; 4 type = "path";
5 }; 5 };
6 inputs.files-watcher = {
7 path = "../../files-watcher";
8 type = "path";
9 };
10 inputs.my-lib = {
11 path = "../../lib";
12 type = "path";
13 };
6 inputs.nix-lib.url = "github:NixOS/nixpkgs"; 14 inputs.nix-lib.url = "github:NixOS/nixpkgs";
7 15
8 description = "Private configuration for openarc"; 16 description = "Private configuration for openarc";
9 outputs = { self, nix-lib, openarc }: 17 outputs = { self, nix-lib, my-lib, files-watcher, openarc }:
10 let 18 let
11 cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') { 19 cfg = name': { config, lib, pkgs, name, ... }: {
12 services.openarc = { 20 imports = [ (my-lib.lib.withNarKey files-watcher "nixosModule") ];
13 enable = true; 21 config = lib.mkIf (name == name') {
14 user = "opendkim"; 22 services.openarc = {
15 socket = "local:${config.myServices.mail.milters.sockets.openarc}"; 23 enable = true;
16 group = config.services.postfix.group; 24 user = "opendkim";
17 configFile = pkgs.writeText "openarc.conf" '' 25 socket = "local:${config.myServices.mail.milters.sockets.openarc}";
18 AuthservID mail.immae.eu 26 group = config.services.postfix.group;
19 Domain mail.immae.eu 27 configFile = pkgs.writeText "openarc.conf" ''
20 KeyFile ${config.secrets.fullPaths."opendkim/eldiron.private"} 28 AuthservID mail.immae.eu
21 Mode sv 29 Domain mail.immae.eu
22 Selector eldiron 30 KeyFile ${config.secrets.fullPaths."opendkim/eldiron.private"}
23 SoftwareHeader yes 31 Mode sv
24 Syslog Yes 32 Selector eldiron
33 SoftwareHeader yes
34 Syslog Yes
35 '';
36 };
37 systemd.services.openarc.serviceConfig.Slice = "mail.slice";
38 systemd.services.openarc.postStart = lib.optionalString
39 (lib.strings.hasPrefix "local:" config.services.openarc.socket) ''
40 while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do
41 sleep 0.5
42 done
43 chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket}
25 ''; 44 '';
26 }; 45 services.filesWatcher.openarc = {
27 systemd.services.openarc.serviceConfig.Slice = "mail.slice"; 46 restart = true;
28 systemd.services.openarc.postStart = lib.optionalString 47 paths = [
29 (lib.strings.hasPrefix "local:" config.services.openarc.socket) '' 48 config.secrets.fullPaths."opendkim/eldiron.private"
30 while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do 49 ];
31 sleep 0.5 50 };
32 done
33 chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket}
34 '';
35 services.filesWatcher.openarc = {
36 restart = true;
37 paths = [
38 config.secrets.fullPaths."opendkim/eldiron.private"
39 ];
40 }; 51 };
41 }; 52 };
42 in 53 in