From 27dd65fc95a91155367acbe15754dc22c8869552 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Mon, 13 Sep 2021 01:00:43 +0200 Subject: Add filesWatcher flake --- flakes/private/openarc/flake.lock | 44 ++++++++++++++++- flakes/private/openarc/flake.nix | 69 ++++++++++++++++----------- flakes/private/opendmarc/flake.lock | 44 ++++++++++++++++- flakes/private/opendmarc/flake.nix | 95 +++++++++++++++++++++---------------- 4 files changed, 179 insertions(+), 73 deletions(-) (limited to 'flakes/private') diff --git a/flakes/private/openarc/flake.lock b/flakes/private/openarc/flake.lock index f15e441..76ddaed 100644 --- a/flakes/private/openarc/flake.lock +++ b/flakes/private/openarc/flake.lock @@ -1,5 +1,16 @@ { "nodes": { + "files-watcher": { + "locked": { + "narHash": "sha256-6urOJuzXsu4HJHyVmrZHd40SMzzTeHiOiDOM40q53Y0=", + "path": "../../files-watcher", + "type": "path" + }, + "original": { + "path": "../../files-watcher", + "type": "path" + } + }, "flake-utils": { "locked": { "lastModified": 1609246779, @@ -15,6 +26,20 @@ "type": "github" } }, + "my-lib": { + "inputs": { + "nixpkgs": "nixpkgs" + }, + "locked": { + "narHash": "sha256-YJREl39cf4zrFdAULMu1Yjg7hIEZCLuCnP8qJvWbIvM=", + "path": "../../lib", + "type": "path" + }, + "original": { + "path": "../../lib", + "type": "path" + } + }, "myuids": { "locked": { "dir": "flakes/myuids", @@ -48,6 +73,21 @@ } }, "nixpkgs": { + "locked": { + "lastModified": 1631570365, + "narHash": "sha256-vc6bfo0hijpicdUDiui2DvZXmpIP2iqOFZRcpMOuYPo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "df7113c0727881519248d4c7d080324e0ee3327b", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { "locked": { "lastModified": 1597943282, "narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=", @@ -66,7 +106,7 @@ "inputs": { "flake-utils": "flake-utils", "myuids": "myuids", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "openarc": "openarc_2" }, "locked": { @@ -97,6 +137,8 @@ }, "root": { "inputs": { + "files-watcher": "files-watcher", + "my-lib": "my-lib", "nix-lib": "nix-lib", "openarc": "openarc" } diff --git a/flakes/private/openarc/flake.nix b/flakes/private/openarc/flake.nix index fd8ec56..9cc9aed 100644 --- a/flakes/private/openarc/flake.nix +++ b/flakes/private/openarc/flake.nix @@ -3,40 +3,51 @@ path = "../../openarc"; type = "path"; }; + inputs.files-watcher = { + path = "../../files-watcher"; + type = "path"; + }; + inputs.my-lib = { + path = "../../lib"; + type = "path"; + }; inputs.nix-lib.url = "github:NixOS/nixpkgs"; description = "Private configuration for openarc"; - outputs = { self, nix-lib, openarc }: + outputs = { self, nix-lib, my-lib, files-watcher, openarc }: let - cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') { - services.openarc = { - enable = true; - user = "opendkim"; - socket = "local:${config.myServices.mail.milters.sockets.openarc}"; - group = config.services.postfix.group; - configFile = pkgs.writeText "openarc.conf" '' - AuthservID mail.immae.eu - Domain mail.immae.eu - KeyFile ${config.secrets.fullPaths."opendkim/eldiron.private"} - Mode sv - Selector eldiron - SoftwareHeader yes - Syslog Yes + cfg = name': { config, lib, pkgs, name, ... }: { + imports = [ (my-lib.lib.withNarKey files-watcher "nixosModule") ]; + config = lib.mkIf (name == name') { + services.openarc = { + enable = true; + user = "opendkim"; + socket = "local:${config.myServices.mail.milters.sockets.openarc}"; + group = config.services.postfix.group; + configFile = pkgs.writeText "openarc.conf" '' + AuthservID mail.immae.eu + Domain mail.immae.eu + KeyFile ${config.secrets.fullPaths."opendkim/eldiron.private"} + Mode sv + Selector eldiron + SoftwareHeader yes + Syslog Yes + ''; + }; + systemd.services.openarc.serviceConfig.Slice = "mail.slice"; + systemd.services.openarc.postStart = lib.optionalString + (lib.strings.hasPrefix "local:" config.services.openarc.socket) '' + while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do + sleep 0.5 + done + chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket} ''; - }; - systemd.services.openarc.serviceConfig.Slice = "mail.slice"; - systemd.services.openarc.postStart = lib.optionalString - (lib.strings.hasPrefix "local:" config.services.openarc.socket) '' - while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do - sleep 0.5 - done - chmod g+w ${lib.strings.removePrefix "local:" config.services.openarc.socket} - ''; - services.filesWatcher.openarc = { - restart = true; - paths = [ - config.secrets.fullPaths."opendkim/eldiron.private" - ]; + services.filesWatcher.openarc = { + restart = true; + paths = [ + config.secrets.fullPaths."opendkim/eldiron.private" + ]; + }; }; }; in diff --git a/flakes/private/opendmarc/flake.lock b/flakes/private/opendmarc/flake.lock index 33e00a4..ea056e5 100644 --- a/flakes/private/opendmarc/flake.lock +++ b/flakes/private/opendmarc/flake.lock @@ -1,5 +1,16 @@ { "nodes": { + "files-watcher": { + "locked": { + "narHash": "sha256-6urOJuzXsu4HJHyVmrZHd40SMzzTeHiOiDOM40q53Y0=", + "path": "../../files-watcher", + "type": "path" + }, + "original": { + "path": "../../files-watcher", + "type": "path" + } + }, "flake-utils": { "locked": { "lastModified": 1609246779, @@ -15,6 +26,20 @@ "type": "github" } }, + "my-lib": { + "inputs": { + "nixpkgs": "nixpkgs" + }, + "locked": { + "narHash": "sha256-HGNP1eH7b42BxViYx/F3ZPO9CM1X+5qfA9JoP2ArN+s=", + "path": "../../lib", + "type": "path" + }, + "original": { + "path": "../../lib", + "type": "path" + } + }, "myuids": { "locked": { "dir": "flakes/myuids", @@ -48,6 +73,21 @@ } }, "nixpkgs": { + "locked": { + "lastModified": 1631570365, + "narHash": "sha256-vc6bfo0hijpicdUDiui2DvZXmpIP2iqOFZRcpMOuYPo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "df7113c0727881519248d4c7d080324e0ee3327b", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { "locked": { "lastModified": 1597943282, "narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=", @@ -66,7 +106,7 @@ "inputs": { "flake-utils": "flake-utils", "myuids": "myuids", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_2" }, "locked": { "narHash": "sha256-eIe5hzNsp1zz5m4ZMzORwdHuLkhEsKkS7WMpPOJE4ok=", @@ -80,6 +120,8 @@ }, "root": { "inputs": { + "files-watcher": "files-watcher", + "my-lib": "my-lib", "nix-lib": "nix-lib", "opendmarc": "opendmarc" } diff --git a/flakes/private/opendmarc/flake.nix b/flakes/private/opendmarc/flake.nix index ae96c30..4b54ccf 100644 --- a/flakes/private/opendmarc/flake.nix +++ b/flakes/private/opendmarc/flake.nix @@ -3,54 +3,65 @@ path = "../../opendmarc"; type = "path"; }; + inputs.files-watcher = { + path = "../../files-watcher"; + type = "path"; + }; + inputs.my-lib = { + path = "../../lib"; + type = "path"; + }; inputs.nix-lib.url = "github:NixOS/nixpkgs"; description = "Private configuration for opendmarc"; - outputs = { self, nix-lib, opendmarc }: + outputs = { self, nix-lib, opendmarc, my-lib, files-watcher }: let - cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') { - users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ]; - systemd.services.opendmarc.serviceConfig.Slice = "mail.slice"; - services.opendmarc = { - enable = true; - socket = "local:${config.myServices.mail.milters.sockets.opendmarc}"; - configFile = pkgs.writeText "opendmarc.conf" '' - AuthservID HOSTNAME - FailureReports false - FailureReportsBcc postmaster@immae.eu - FailureReportsOnNone true - FailureReportsSentBy postmaster@immae.eu - IgnoreAuthenticatedClients true - IgnoreHosts ${config.secrets.fullPaths."opendmarc/ignore.hosts"} - SoftwareHeader true - SPFIgnoreResults true - SPFSelfValidate true - UMask 002 - ''; - group = config.services.postfix.group; - }; - services.filesWatcher.opendmarc = { - restart = true; - paths = [ - config.secrets.fullPaths."opendmarc/ignore.hosts" + cfg = name': { config, lib, pkgs, name, ... }: { + imports = [ (my-lib.lib.withNarKey files-watcher "nixosModule") ]; + config = lib.mkIf (name == name') { + users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ]; + systemd.services.opendmarc.serviceConfig.Slice = "mail.slice"; + services.opendmarc = { + enable = true; + socket = "local:${config.myServices.mail.milters.sockets.opendmarc}"; + configFile = pkgs.writeText "opendmarc.conf" '' + AuthservID HOSTNAME + FailureReports false + FailureReportsBcc postmaster@immae.eu + FailureReportsOnNone true + FailureReportsSentBy postmaster@immae.eu + IgnoreAuthenticatedClients true + IgnoreHosts ${config.secrets.fullPaths."opendmarc/ignore.hosts"} + SoftwareHeader true + SPFIgnoreResults true + SPFSelfValidate true + UMask 002 + ''; + group = config.services.postfix.group; + }; + services.filesWatcher.opendmarc = { + restart = true; + paths = [ + config.secrets.fullPaths."opendmarc/ignore.hosts" + ]; + }; + secrets.keys = [ + { + dest = "opendmarc/ignore.hosts"; + user = config.services.opendmarc.user; + group = config.services.opendmarc.group; + permissions = "0400"; + text = let + mxes = lib.attrsets.filterAttrs + (n: v: v.mx.enable) + config.myEnv.servers; + in + builtins.concatStringsSep "\n" ([ + config.myEnv.mail.dmarc.ignore_hosts + ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes); + } ]; }; - secrets.keys = [ - { - dest = "opendmarc/ignore.hosts"; - user = config.services.opendmarc.user; - group = config.services.opendmarc.group; - permissions = "0400"; - text = let - mxes = lib.attrsets.filterAttrs - (n: v: v.mx.enable) - config.myEnv.servers; - in - builtins.concatStringsSep "\n" ([ - config.myEnv.mail.dmarc.ignore_hosts - ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes); - } - ]; }; in opendmarc.outputs // -- cgit v1.2.3