blob: 56c3a1ae7b6ed64aec9a37bdd96e52e67685df4d (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
{
inputs.openarc.url = "path:../../openarc";
inputs.secrets.url = "path:../../secrets";
inputs.files-watcher.url = "path:../../files-watcher";
description = "Private configuration for openarc";
outputs = { self, files-watcher, openarc, secrets }: {
nixosModule = self.nixosModules.openarc;
nixosModules.openarc = { config, pkgs, ... }: {
imports = [
files-watcher.nixosModule
openarc.nixosModule
secrets.nixosModule
];
config = {
services.openarc = {
enable = true;
user = "opendkim";
socket = "/run/openarc/openarc.sock";
group = config.services.postfix.group;
configFile = pkgs.writeText "openarc.conf" ''
AuthservID mail.immae.eu
Domain mail.immae.eu
KeyFile ${config.secrets.fullPaths."opendkim/eldiron.private"}
Mode sv
Selector eldiron
SoftwareHeader yes
Syslog Yes
'';
};
systemd.services.openarc.serviceConfig.Slice = "mail.slice";
systemd.services.openarc.postStart = ''
while [ ! -S ${config.services.openarc.socket} ]; do
sleep 0.5
done
chmod g+w ${config.services.openarc.socket}
'';
services.filesWatcher.openarc = {
restart = true;
paths = [
config.secrets.fullPaths."opendkim/eldiron.private"
];
};
};
};
};
}
|
