From ef43c36272ca539cbfe803ded03949451b17b679 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Thu, 21 Jan 2021 09:56:28 +0100
Subject: Add private flake for openarc and opendmarc

---
 flakes/private/openarc/flake.lock | 113 ++++++++++++++++++++++++++++++++++++++
 flakes/private/openarc/flake.nix  |  46 ++++++++++++++++
 2 files changed, 159 insertions(+)
 create mode 100644 flakes/private/openarc/flake.lock
 create mode 100644 flakes/private/openarc/flake.nix

(limited to 'flakes/private/openarc')

diff --git a/flakes/private/openarc/flake.lock b/flakes/private/openarc/flake.lock
new file mode 100644
index 0000000..69186fb
--- /dev/null
+++ b/flakes/private/openarc/flake.lock
@@ -0,0 +1,113 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1609246779,
+        "narHash": "sha256-eq6ZXE/VWo3EMC65jmIT6H/rrUc9UWOWVujkzav025k=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "08c7ad4a0844adc4a7f9f5bb3beae482e789afa4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "myuids": {
+      "locked": {
+        "dir": "flakes/myuids",
+        "lastModified": 1609281959,
+        "narHash": "sha256-SYNlHeobQAzTzK0pM5AqMn7M2WbTuzBeoD+Q3Mu+sho=",
+        "ref": "master",
+        "rev": "1be9e64bb4556676f65e6e5044e04426848849c0",
+        "revCount": 791,
+        "type": "git",
+        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+      },
+      "original": {
+        "dir": "flakes/myuids",
+        "type": "git",
+        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1611218116,
+        "narHash": "sha256-CcyGZ8cLlHgiViWyBjRIjdsdRZxJjP2MgtWeuqSv3CE=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "30ab92ea31f6b7e9095b1e7e4b56a5000823efdf",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1597943282,
+        "narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "openarc": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "myuids": "myuids",
+        "nixpkgs": "nixpkgs_2",
+        "openarc": "openarc_2"
+      },
+      "locked": {
+        "dir": "flakes/openarc",
+        "lastModified": 1611091761,
+        "narHash": "sha256-fE3FBeUxVaMezKjEpepdQW9apOza+0AfBALFhaaD0VA=",
+        "ref": "master",
+        "rev": "23f9fdf03a6673dbe334ae33be4f498cc4753191",
+        "revCount": 802,
+        "type": "git",
+        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+      },
+      "original": {
+        "dir": "flakes/openarc",
+        "type": "git",
+        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+      }
+    },
+    "openarc_2": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1537545083,
+        "narHash": "sha256-xUSRARC7875vFjtZ66t8KBlKmkEdIZblWHc4zqGZAQQ=",
+        "owner": "trusteddomainproject",
+        "repo": "OpenARC",
+        "rev": "355ee2a1ca85acccce494478991983b54f794f4e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "trusteddomainproject",
+        "repo": "OpenARC",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs",
+        "openarc": "openarc"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flakes/private/openarc/flake.nix b/flakes/private/openarc/flake.nix
new file mode 100644
index 0000000..6a2518b
--- /dev/null
+++ b/flakes/private/openarc/flake.nix
@@ -0,0 +1,46 @@
+{
+  inputs.openarc = {
+    url = "https://git.immae.eu/perso/Immae/Config/Nix.git";
+    type = "git";
+    dir = "flakes/openarc";
+  };
+  inputs.nixpkgs.url = "github:NixOS/nixpkgs";
+
+  description = "Private configuration for openarc";
+  outputs = { self, nixpkgs, openarc }:
+    let
+      cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
+        services.openarc = {
+          enable = true;
+          user = "opendkim";
+          socket = "local:${config.myServices.mail.milters.sockets.openarc}";
+          group = config.services.postfix.group;
+          configFile = pkgs.writeText "openarc.conf" ''
+            AuthservID              mail.immae.eu
+            Domain                  mail.immae.eu
+            KeyFile                 ${config.secrets.fullPaths."opendkim/eldiron.private"}
+            Mode                    sv
+            Selector                eldiron
+            SoftwareHeader          yes
+            Syslog                  Yes
+            '';
+        };
+        systemd.services.openarc.serviceConfig.Slice = "mail.slice";
+        systemd.services.openarc.postStart = lib.optionalString
+              (lib.strings.hasPrefix "local:" config.services.openarc.socket) ''
+          while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do
+            sleep 0.5
+          done
+          chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket}
+          '';
+        services.filesWatcher.openarc = {
+          restart = true;
+          paths = [
+            config.secrets.fullPaths."opendkim/eldiron.private"
+          ];
+        };
+      };
+    in
+      openarc.outputs //
+      { nixosModules = openarc.nixosModules or {} // nixpkgs.lib.genAttrs ["eldiron" "backup-2"] cfg; };
+}
-- 
cgit v1.2.3