From 1e9d5f05b350cec8568b6c2eb4fb4d124e73e926 Mon Sep 17 00:00:00 2001
From: Azat Bahawi <azat@bahawi.net>
Date: Tue, 2 May 2023 01:27:41 +0300
Subject: 2023-05-02

---
 nixosConfigurations/manwe/mailserver.nix | 40 ++++++++++++++++++++------------
 1 file changed, 25 insertions(+), 15 deletions(-)

(limited to 'nixosConfigurations/manwe/mailserver.nix')

diff --git a/nixosConfigurations/manwe/mailserver.nix b/nixosConfigurations/manwe/mailserver.nix
index 0667a49..acd625b 100644
--- a/nixosConfigurations/manwe/mailserver.nix
+++ b/nixosConfigurations/manwe/mailserver.nix
@@ -7,36 +7,46 @@
 with lib; {
   imports = [inputs.simple-nixos-mailserver.nixosModule];
 
-  nixfiles.modules.redis.enable = true;
+  ark.directories = with config.mailserver; [
+    "/var/lib/dovecot"
+    "/var/lib/postfix"
+    config.security.dhparams.params.dovecot2.path
+    dkimKeyDirectory
+    mailDirectory
+    sieveDirectory
+  ];
 
-  secrets = {
+  secrets = with config.mailserver; {
     dkim-key-azahi-cc = {
       file = "${inputs.self}/secrets/dkim-key-azahi-cc";
-      path = "/var/dkim/${my.domain.azahi}.${config.mailserver.dkimSelector}.key";
-      owner = "opendkim";
-      group = "opendkim";
+      path = "${dkimKeyDirectory}/${my.domain.azahi}.${dkimSelector}.key";
+      owner = config.services.opendkim.user;
+      inherit (config.services.opendkim) group;
     };
     dkim-key-rohan-net = {
       file = "${inputs.self}/secrets/dkim-key-rohan-net";
-      path = "/var/dkim/${my.domain.rohan}.${config.mailserver.dkimSelector}.key";
-      owner = "opendkim";
-      group = "opendkim";
+      path = "${dkimKeyDirectory}/${my.domain.rohan}.${dkimSelector}.key";
+      owner = config.services.opendkim.user;
+      inherit (config.services.opendkim) group;
     };
     dkim-key-gondor-net = {
       file = "${inputs.self}/secrets/dkim-key-gondor-net";
-      path = "/var/dkim/${my.domain.gondor}.${config.mailserver.dkimSelector}.key";
-      owner = "opendkim";
-      group = "opendkim";
+      path = "${dkimKeyDirectory}/${my.domain.gondor}.${dkimSelector}.key";
+      owner = config.services.opendkim.user;
+      inherit (config.services.opendkim) group;
     };
     dkim-key-shire-net = {
       file = "${inputs.self}/secrets/dkim-key-shire-net";
-      path = "/var/dkim/${my.domain.shire}.${config.mailserver.dkimSelector}.key";
-      owner = "opendkim";
-      group = "opendkim";
+      path = "${dkimKeyDirectory}/${my.domain.shire}.${dkimSelector}.key";
+      owner = config.services.opendkim.user;
+      inherit (config.services.opendkim) group;
     };
   };
 
-  nixfiles.modules.acme.enable = true;
+  nixfiles.modules = {
+    acme.enable = true;
+    redis.enable = true;
+  };
 
   mailserver = let
     cert = config.certs.${my.domain.shire};
-- 
cgit 1.4.1