diff options
Diffstat (limited to 'flakes')
-rw-r--r-- | flakes/openarc/flake.nix | 1 | ||||
-rw-r--r-- | flakes/openarc/private.nix | 35 |
2 files changed, 36 insertions, 0 deletions
diff --git a/flakes/openarc/flake.nix b/flakes/openarc/flake.nix index bdb0358..9bc104d 100644 --- a/flakes/openarc/flake.nix +++ b/flakes/openarc/flake.nix | |||
@@ -75,6 +75,7 @@ | |||
75 | }; | 75 | }; |
76 | }) // { | 76 | }) // { |
77 | hydraJobs.build = nixpkgs.lib.genAttrs flake-utils.lib.defaultSystems (system: self.defaultPackage."${system}"); | 77 | hydraJobs.build = nixpkgs.lib.genAttrs flake-utils.lib.defaultSystems (system: self.defaultPackage."${system}"); |
78 | nixosModules = (if builtins.pathExists ./private.nix then import ./private.nix nixpkgs else {}); | ||
78 | nixosModule = { config, lib, pkgs, ... }: | 79 | nixosModule = { config, lib, pkgs, ... }: |
79 | let | 80 | let |
80 | cfg = config.services.openarc; | 81 | cfg = config.services.openarc; |
diff --git a/flakes/openarc/private.nix b/flakes/openarc/private.nix new file mode 100644 index 0000000..5244ca9 --- /dev/null +++ b/flakes/openarc/private.nix | |||
@@ -0,0 +1,35 @@ | |||
1 | pkgs: | ||
2 | let | ||
3 | cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') { | ||
4 | services.openarc = { | ||
5 | enable = true; | ||
6 | user = "opendkim"; | ||
7 | socket = "local:${config.myServices.mail.milters.sockets.openarc}"; | ||
8 | group = config.services.postfix.group; | ||
9 | configFile = pkgs.writeText "openarc.conf" '' | ||
10 | AuthservID mail.immae.eu | ||
11 | Domain mail.immae.eu | ||
12 | KeyFile ${config.secrets.fullPaths."opendkim/eldiron.private"} | ||
13 | Mode sv | ||
14 | Selector eldiron | ||
15 | SoftwareHeader yes | ||
16 | Syslog Yes | ||
17 | ''; | ||
18 | }; | ||
19 | systemd.services.openarc.serviceConfig.Slice = "mail.slice"; | ||
20 | systemd.services.openarc.postStart = lib.optionalString | ||
21 | (lib.strings.hasPrefix "local:" config.services.openarc.socket) '' | ||
22 | while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do | ||
23 | sleep 0.5 | ||
24 | done | ||
25 | chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket} | ||
26 | ''; | ||
27 | services.filesWatcher.openarc = { | ||
28 | restart = true; | ||
29 | paths = [ | ||
30 | config.secrets.fullPaths."opendkim/eldiron.private" | ||
31 | ]; | ||
32 | }; | ||
33 | }; | ||
34 | in | ||
35 | pkgs.lib.genAttrs ["eldiron" "backup-2"] cfg | ||