nix: update switch from julm-nix
[sourcephile-nix.git] / hosts / mermet / rspamd / sourcephile.fr.nix
index 4f16b2067666a1f59aaa86c39f1690d7ed9f44a4..4a5778c13076cdaa65aa6d8b337a858e743bb54f 100644 (file)
@@ -1,33 +1,29 @@
-{ pkgs, lib, config, ... }:
+{ config, inputs, hostName, ... }:
 let
-  inherit (config.security) gnupg;
   inherit (config.services) rspamd;
   domain = "sourcephile.fr";
   selector = "20200101";
 in
 {
-services.rspamd.dkimSelectorMap = ''
-  mermet    ${selector}
-  ${domain} ${selector}
-'';
-# rspamadm dkim_keygen -d sourcephile.fr -s 20200101 -b 4096 -t rsa -k /proc/self/fd/3 3>&1 >>hosts/mermet/rspamd/sourcephile.fr.nix |
-# pass insert -m hosts/mermet/rspamd/dkim/sourcephile.fr/20200101.key
-services.knot.zones."${domain}".data = ''
-  20200101._domainkey IN TXT ( "v=DKIM1; k=rsa; "
-    "p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA7EKzverbG+5JF+yFjH3MrxLyauiHyLqBbV/8LEMunoKXF8sqhBpQtAQXruLqsyUkxR/4CAyPMyzmcdrU43boMj9yFqLrg/kEz2RIvai9jXBqRoWRW1y7F0LbZmdtOTncuDSP8Zzo02XUzsOC4f/C3tEQHS5rc"
-    "hzfhU5FY1CeO6eBMV79qKBOvGMKahQTrrtU6olAAJxOhn6wRuwSf"
-    "+m3on1OqiuXYYIgNHKdRhJ8gDwIm/3LEpYMD0gTgJiyclCLoLGHGtKZy1Wf9xV9/7V6fHE4JW5SDivwslVTL+KPXOlIpo5NDHpMxPYOcIg2K4Rj/j7jhavo+fG43q1LhwaPkEMQMbplgnjeMY8300odRiklTkMMpH0m35ZNeHQJSRpEtV8y5xUNxVaGzfqX5iStwV/mQ1Kn"
-    "ZSe8ORTNq+eTTFnDk6zdUXjagcf0wO6QsSTeAz/G8CqOBbwmrU+q"
-    "F8WbGAeRnhz51mH6fTTfsQ1nwjAiF4ou+eQGTkTMN23KkCKpuozJnxqx4DCEr6J1bL83fhXw7CgcfgKgTOk/HFJpeiGhqodw18r4DWBA6G57z9utm7Mr/9SoVnMq6iK9iEcbCllLR8Sz4viatLSRzhodbk7hfvXS3jmCFjILAjFmA7aMTemDMBDQhpAGF9F8sjFUbEJIZjK"
-    "rWWtSTdO8DilDqN8CAwEAAQ=="
-  )
-'';
-security.gnupg.secrets."rspamd/dkim/${domain}/${selector}.key" = {
-  user = rspamd.user;
-  systemdConfig.postStart = "systemctl try-restart --no-block rspamd";
-};
-systemd.services.rspamd = {
-  after = [ gnupg.secrets."rspamd/dkim/${domain}/${selector}.key".service ];
-  wants = [ gnupg.secrets."rspamd/dkim/${domain}/${selector}.key".service ];
-};
+  services.rspamd.dkimSelectorMap = ''
+    mermet    ${selector}
+    ${domain} ${selector}
+  '';
+  # rspamadm dkim_keygen -d sourcephile.fr -s 20200101 -b 4096 -t rsa -k /proc/self/fd/3 3>&1 >>hosts/mermet/rspamd/sourcephile.fr.nix |
+  # pass insert -m hosts/mermet/rspamd/dkim/sourcephile.fr/20200101.key
+  services.knot.zones."${domain}".data = ''
+    20200101._domainkey IN TXT ( "v=DKIM1; k=rsa; "
+      "p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA7EKzverbG+5JF+yFjH3MrxLyauiHyLqBbV/8LEMunoKXF8sqhBpQtAQXruLqsyUkxR/4CAyPMyzmcdrU43boMj9yFqLrg/kEz2RIvai9jXBqRoWRW1y7F0LbZmdtOTncuDSP8Zzo02XUzsOC4f/C3tEQHS5rc"
+      "hzfhU5FY1CeO6eBMV79qKBOvGMKahQTrrtU6olAAJxOhn6wRuwSf"
+      "+m3on1OqiuXYYIgNHKdRhJ8gDwIm/3LEpYMD0gTgJiyclCLoLGHGtKZy1Wf9xV9/7V6fHE4JW5SDivwslVTL+KPXOlIpo5NDHpMxPYOcIg2K4Rj/j7jhavo+fG43q1LhwaPkEMQMbplgnjeMY8300odRiklTkMMpH0m35ZNeHQJSRpEtV8y5xUNxVaGzfqX5iStwV/mQ1Kn"
+      "ZSe8ORTNq+eTTFnDk6zdUXjagcf0wO6QsSTeAz/G8CqOBbwmrU+q"
+      "F8WbGAeRnhz51mH6fTTfsQ1nwjAiF4ou+eQGTkTMN23KkCKpuozJnxqx4DCEr6J1bL83fhXw7CgcfgKgTOk/HFJpeiGhqodw18r4DWBA6G57z9utm7Mr/9SoVnMq6iK9iEcbCllLR8Sz4viatLSRzhodbk7hfvXS3jmCFjILAjFmA7aMTemDMBDQhpAGF9F8sjFUbEJIZjK"
+      "rWWtSTdO8DilDqN8CAwEAAQ=="
+    )
+  '';
+  systemd.services.rspamd.serviceConfig = {
+    LoadCredentialEncrypted = [
+      "${domain}.${selector}.key:${./. + "/${domain}/${selector}.dkim.key.cred"}"
+    ];
+  };
 }