diff options
Diffstat (limited to 'flakes/private/openarc')
-rw-r--r-- | flakes/private/openarc/flake.lock | 44 | ||||
-rw-r--r-- | flakes/private/openarc/flake.nix | 69 |
2 files changed, 83 insertions, 30 deletions
diff --git a/flakes/private/openarc/flake.lock b/flakes/private/openarc/flake.lock index f15e441..76ddaed 100644 --- a/flakes/private/openarc/flake.lock +++ b/flakes/private/openarc/flake.lock | |||
@@ -1,5 +1,16 @@ | |||
1 | { | 1 | { |
2 | "nodes": { | 2 | "nodes": { |
3 | "files-watcher": { | ||
4 | "locked": { | ||
5 | "narHash": "sha256-6urOJuzXsu4HJHyVmrZHd40SMzzTeHiOiDOM40q53Y0=", | ||
6 | "path": "../../files-watcher", | ||
7 | "type": "path" | ||
8 | }, | ||
9 | "original": { | ||
10 | "path": "../../files-watcher", | ||
11 | "type": "path" | ||
12 | } | ||
13 | }, | ||
3 | "flake-utils": { | 14 | "flake-utils": { |
4 | "locked": { | 15 | "locked": { |
5 | "lastModified": 1609246779, | 16 | "lastModified": 1609246779, |
@@ -15,6 +26,20 @@ | |||
15 | "type": "github" | 26 | "type": "github" |
16 | } | 27 | } |
17 | }, | 28 | }, |
29 | "my-lib": { | ||
30 | "inputs": { | ||
31 | "nixpkgs": "nixpkgs" | ||
32 | }, | ||
33 | "locked": { | ||
34 | "narHash": "sha256-YJREl39cf4zrFdAULMu1Yjg7hIEZCLuCnP8qJvWbIvM=", | ||
35 | "path": "../../lib", | ||
36 | "type": "path" | ||
37 | }, | ||
38 | "original": { | ||
39 | "path": "../../lib", | ||
40 | "type": "path" | ||
41 | } | ||
42 | }, | ||
18 | "myuids": { | 43 | "myuids": { |
19 | "locked": { | 44 | "locked": { |
20 | "dir": "flakes/myuids", | 45 | "dir": "flakes/myuids", |
@@ -49,6 +74,21 @@ | |||
49 | }, | 74 | }, |
50 | "nixpkgs": { | 75 | "nixpkgs": { |
51 | "locked": { | 76 | "locked": { |
77 | "lastModified": 1631570365, | ||
78 | "narHash": "sha256-vc6bfo0hijpicdUDiui2DvZXmpIP2iqOFZRcpMOuYPo=", | ||
79 | "owner": "NixOS", | ||
80 | "repo": "nixpkgs", | ||
81 | "rev": "df7113c0727881519248d4c7d080324e0ee3327b", | ||
82 | "type": "github" | ||
83 | }, | ||
84 | "original": { | ||
85 | "owner": "NixOS", | ||
86 | "repo": "nixpkgs", | ||
87 | "type": "github" | ||
88 | } | ||
89 | }, | ||
90 | "nixpkgs_2": { | ||
91 | "locked": { | ||
52 | "lastModified": 1597943282, | 92 | "lastModified": 1597943282, |
53 | "narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=", | 93 | "narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=", |
54 | "owner": "NixOS", | 94 | "owner": "NixOS", |
@@ -66,7 +106,7 @@ | |||
66 | "inputs": { | 106 | "inputs": { |
67 | "flake-utils": "flake-utils", | 107 | "flake-utils": "flake-utils", |
68 | "myuids": "myuids", | 108 | "myuids": "myuids", |
69 | "nixpkgs": "nixpkgs", | 109 | "nixpkgs": "nixpkgs_2", |
70 | "openarc": "openarc_2" | 110 | "openarc": "openarc_2" |
71 | }, | 111 | }, |
72 | "locked": { | 112 | "locked": { |
@@ -97,6 +137,8 @@ | |||
97 | }, | 137 | }, |
98 | "root": { | 138 | "root": { |
99 | "inputs": { | 139 | "inputs": { |
140 | "files-watcher": "files-watcher", | ||
141 | "my-lib": "my-lib", | ||
100 | "nix-lib": "nix-lib", | 142 | "nix-lib": "nix-lib", |
101 | "openarc": "openarc" | 143 | "openarc": "openarc" |
102 | } | 144 | } |
diff --git a/flakes/private/openarc/flake.nix b/flakes/private/openarc/flake.nix index fd8ec56..9cc9aed 100644 --- a/flakes/private/openarc/flake.nix +++ b/flakes/private/openarc/flake.nix | |||
@@ -3,40 +3,51 @@ | |||
3 | path = "../../openarc"; | 3 | path = "../../openarc"; |
4 | type = "path"; | 4 | type = "path"; |
5 | }; | 5 | }; |
6 | inputs.files-watcher = { | ||
7 | path = "../../files-watcher"; | ||
8 | type = "path"; | ||
9 | }; | ||
10 | inputs.my-lib = { | ||
11 | path = "../../lib"; | ||
12 | type = "path"; | ||
13 | }; | ||
6 | inputs.nix-lib.url = "github:NixOS/nixpkgs"; | 14 | inputs.nix-lib.url = "github:NixOS/nixpkgs"; |
7 | 15 | ||
8 | description = "Private configuration for openarc"; | 16 | description = "Private configuration for openarc"; |
9 | outputs = { self, nix-lib, openarc }: | 17 | outputs = { self, nix-lib, my-lib, files-watcher, openarc }: |
10 | let | 18 | let |
11 | cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') { | 19 | cfg = name': { config, lib, pkgs, name, ... }: { |
12 | services.openarc = { | 20 | imports = [ (my-lib.lib.withNarKey files-watcher "nixosModule") ]; |
13 | enable = true; | 21 | config = lib.mkIf (name == name') { |
14 | user = "opendkim"; | 22 | services.openarc = { |
15 | socket = "local:${config.myServices.mail.milters.sockets.openarc}"; | 23 | enable = true; |
16 | group = config.services.postfix.group; | 24 | user = "opendkim"; |
17 | configFile = pkgs.writeText "openarc.conf" '' | 25 | socket = "local:${config.myServices.mail.milters.sockets.openarc}"; |
18 | AuthservID mail.immae.eu | 26 | group = config.services.postfix.group; |
19 | Domain mail.immae.eu | 27 | configFile = pkgs.writeText "openarc.conf" '' |
20 | KeyFile ${config.secrets.fullPaths."opendkim/eldiron.private"} | 28 | AuthservID mail.immae.eu |
21 | Mode sv | 29 | Domain mail.immae.eu |
22 | Selector eldiron | 30 | KeyFile ${config.secrets.fullPaths."opendkim/eldiron.private"} |
23 | SoftwareHeader yes | 31 | Mode sv |
24 | Syslog Yes | 32 | Selector eldiron |
33 | SoftwareHeader yes | ||
34 | Syslog Yes | ||
35 | ''; | ||
36 | }; | ||
37 | systemd.services.openarc.serviceConfig.Slice = "mail.slice"; | ||
38 | systemd.services.openarc.postStart = lib.optionalString | ||
39 | (lib.strings.hasPrefix "local:" config.services.openarc.socket) '' | ||
40 | while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do | ||
41 | sleep 0.5 | ||
42 | done | ||
43 | chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket} | ||
25 | ''; | 44 | ''; |
26 | }; | 45 | services.filesWatcher.openarc = { |
27 | systemd.services.openarc.serviceConfig.Slice = "mail.slice"; | 46 | restart = true; |
28 | systemd.services.openarc.postStart = lib.optionalString | 47 | paths = [ |
29 | (lib.strings.hasPrefix "local:" config.services.openarc.socket) '' | 48 | config.secrets.fullPaths."opendkim/eldiron.private" |
30 | while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do | 49 | ]; |
31 | sleep 0.5 | 50 | }; |
32 | done | ||
33 | chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket} | ||
34 | ''; | ||
35 | services.filesWatcher.openarc = { | ||
36 | restart = true; | ||
37 | paths = [ | ||
38 | config.secrets.fullPaths."opendkim/eldiron.private" | ||
39 | ]; | ||
40 | }; | 51 | }; |
41 | }; | 52 | }; |
42 | in | 53 | in |