refactor

hive.nix

@@ -24,20 +24,6 @@ in
     # Import the per-host configuration file.
     imports = [ ./hosts/${name}/configuration.nix ];
 
-    deployment.keys.smtpd = {
-      # When non-null, contents of the specified file will be deployed to the specified key on the target machine.
-      # https://github.com/NixOS/nixops/blob/fc9b55c55da62f949028143b974f67fdc7f40c8b/nix/keys.nix#L58
-      keyFile = ./secrets/smtpd;
-
-      destDir = "/secrets";        # Default: /run/keys
-      # smtpd user. https://github.com/NixOS/nixpkgs/blob/360a7d31c30abefdc490d203f80e3221b7a24af2/nixos/modules/services/mail/opensmtpd.nix#L93C7-L93C12
-      user = "smtpd";              # Default: root
-      #group = "smtpd";            # Default: root
-      permissions = "0400";        # Default: 0600
-
-      uploadAt = "pre-activation"; # Default: pre-activation, Alternative: post-activation
-    };
-
     deployment = {
       # Local deployment.
       allowLocalDeployment = true;
@@ -49,20 +35,6 @@ in
     # Import the per-host configuration file.
     imports = [ ./hosts/${name}/configuration.nix ];
 
-    deployment.keys.smtpd = {
-      # When non-null, contents of the specified file will be deployed to the specified key on the target machine.
-      # https://github.com/NixOS/nixops/blob/fc9b55c55da62f949028143b974f67fdc7f40c8b/nix/keys.nix#L58
-      keyFile = ./secrets/smtpd;
-
-      destDir = "/secrets";        # Default: /run/keys
-      # smtpd user. https://github.com/NixOS/nixpkgs/blob/360a7d31c30abefdc490d203f80e3221b7a24af2/nixos/modules/services/mail/opensmtpd.nix#L93C7-L93C12
-      user = "smtpd";              # Default: root
-      #group = "smtpd";            # Default: root
-      permissions = "0400";        # Default: 0600
-
-      uploadAt = "pre-activation"; # Default: pre-activation, Alternative: post-activation
-    };
-
     deployment = {
       # Local deployment.
       allowLocalDeployment = true;
@@ -78,20 +50,6 @@ in
     # Import the per-host configuration file.
     imports = [ ./hosts/${name}/configuration.nix ];
 
-    deployment.keys.smtpd = {
-      # When non-null, contents of the specified file will be deployed to the specified key on the target machine.
-      # https://github.com/NixOS/nixops/blob/fc9b55c55da62f949028143b974f67fdc7f40c8b/nix/keys.nix#L58
-      keyFile = ./secrets/smtpd;
-
-      destDir = "/secrets";        # Default: /run/keys
-      # smtpd user. https://github.com/NixOS/nixpkgs/blob/360a7d31c30abefdc490d203f80e3221b7a24af2/nixos/modules/services/mail/opensmtpd.nix#L93C7-L93C12
-      user = "smtpd";              # Default: root
-      #group = "smtpd";            # Default: root
-      permissions = "0400";        # Default: 0600
-
-      uploadAt = "pre-activation"; # Default: pre-activation, Alternative: post-activation
-    };
-
     deployment = {
       # SSH deployment.
       targetHost = "p1st.de";

modules/sendmail-mta.nix

@@ -29,10 +29,19 @@
 
   # /secrets/smtpd is created by Colmena.
   # It contains one line `upstream langbein@mail.de:the-actual-password`.
-  assertions = [{
+  deployment.keys.smtpd = {
-    assertion = builtins.pathExists config.deployment.keys.smtpd.keyFile;
+    # When non-null, contents of the specified file will be deployed to the specified key on the target machine.
-    message = "Expected a keyfile to be deployed for smtpd, see hive.nix.";
+    # https://github.com/NixOS/nixops/blob/fc9b55c55da62f949028143b974f67fdc7f40c8b/nix/keys.nix#L58
-  }];
+    keyFile = ../secrets/smtpd;
+
+    destDir = "/secrets";        # Default: /run/keys
+    # smtpd user. https://github.com/NixOS/nixpkgs/blob/360a7d31c30abefdc490d203f80e3221b7a24af2/nixos/modules/services/mail/opensmtpd.nix#L93C7-L93C12
+    user = "smtpd";              # Default: root
+    #group = "smtpd";            # Default: root
+    permissions = "0400";        # Default: 0600
+
+    uploadAt = "pre-activation"; # Default: pre-activation, Alternative: post-activation
+  };
 
   # Create file /etc/aliases.
   # https://nixos.wiki/wiki/Msmtp#Aliases