]>
Commit | Line | Data |
---|---|---|
a1a2455f IB |
1 | { |
2 | description = "Open source ARC implementation"; | |
3 | ||
4 | inputs.myuids = { | |
1a64deeb | 5 | url = "path:../myuids"; |
a1a2455f | 6 | }; |
a1a2455f IB |
7 | inputs.flake-utils.url = "github:numtide/flake-utils"; |
8 | inputs.nixpkgs.url = "github:NixOS/nixpkgs"; | |
9 | ||
1009efb4 | 10 | outputs = { self, myuids, flake-utils, nixpkgs }: flake-utils.lib.eachSystem ["aarch64-linux" "i686-linux" "x86_64-linux"] (system: |
a1a2455f | 11 | let |
1009efb4 | 12 | pkgs = import nixpkgs { inherit system; overlays = []; }; |
a1a2455f | 13 | in rec { |
5e2ec9fb | 14 | packages.opendmarc = pkgs.callPackage ./. {}; |
a1a2455f IB |
15 | defaultPackage = packages.opendmarc; |
16 | legacyPackages.opendmarc = packages.opendmarc; | |
17 | apps.opendmarc = flake-utils.lib.mkApp { drv = packages.opendmarc; }; | |
18 | defaultApp = apps.opendmarc; | |
19 | hydraJobs = checks; | |
20 | checks = { | |
21 | build = defaultPackage; | |
22 | } // pkgs.lib.optionalAttrs (builtins.elem system pkgs.lib.systems.doubles.linux) { | |
23 | test = | |
24 | let testing = import (nixpkgs + "/nixos/lib/testing-python.nix") { inherit system; }; | |
25 | in testing.makeTest { | |
26 | nodes = { | |
27 | server = { pkgs, ... }: { | |
28 | imports = [ self.nixosModule ]; | |
29 | config.services.opendmarc.enable = true; | |
30 | }; | |
31 | }; | |
32 | testScript = '' | |
33 | start_all() | |
34 | server.wait_for_unit("opendmarc.service") | |
35 | server.succeed("[ -S /run/opendmarc/opendmarc.sock ]") | |
36 | ''; | |
37 | }; | |
38 | }; | |
5e2ec9fb IB |
39 | }) // rec { |
40 | overlays = { | |
41 | opendmarc = final: prev: { | |
42 | opendmarc = self.defaultPackage."${final.system}"; | |
43 | }; | |
44 | }; | |
45 | overlay = overlays.opendmarc; | |
a1a2455f IB |
46 | nixosModule = { config, lib, pkgs, ... }: |
47 | let | |
48 | cfg = config.services.opendmarc; | |
910c2e9e IB |
49 | defaultSock = "/run/opendmarc/opendmarc.sock"; |
50 | args = [ "-f" "-l" "-p" "local:${cfg.socket}" ] ++ lib.optionals (cfg.configFile != null) [ "-c" cfg.configFile ]; | |
a1a2455f | 51 | in { |
1a64deeb IB |
52 | # Necessary for situations where flake gets included multiple times |
53 | key = builtins.hashString "sha256" (builtins.path { path = self.sourceInfo.outPath; name = "source"; }); | |
54 | options = { | |
a1a2455f IB |
55 | services.opendmarc = { |
56 | enable = lib.mkOption { | |
57 | type = lib.types.bool; | |
58 | default = false; | |
59 | description = "Whether to enable the OpenDMARC sender authentication system."; | |
60 | }; | |
61 | ||
62 | socket = lib.mkOption { | |
63 | type = lib.types.str; | |
64 | default = defaultSock; | |
65 | description = "Socket which is used for communication with OpenDMARC."; | |
66 | }; | |
67 | ||
68 | user = lib.mkOption { | |
69 | type = lib.types.str; | |
70 | default = "opendmarc"; | |
71 | description = "User for the daemon."; | |
72 | }; | |
73 | ||
74 | group = lib.mkOption { | |
75 | type = lib.types.str; | |
76 | default = "opendmarc"; | |
77 | description = "Group for the daemon."; | |
78 | }; | |
79 | ||
80 | configFile = lib.mkOption { | |
81 | type = lib.types.nullOr lib.types.path; | |
82 | default = null; | |
83 | description = "Additional OpenDMARC configuration."; | |
84 | }; | |
85 | ||
86 | }; | |
87 | }; | |
88 | ||
89 | config = lib.mkIf cfg.enable { | |
f4721555 | 90 | nixpkgs.overlays = [ self.overlay ]; |
a1a2455f IB |
91 | users.users = lib.optionalAttrs (cfg.user == "opendmarc") { |
92 | opendmarc = { | |
93 | group = cfg.group; | |
94 | uid = myuids.lib.uids.opendmarc; | |
95 | }; | |
96 | }; | |
97 | ||
98 | users.groups = lib.optionalAttrs (cfg.group == "opendmarc") { | |
99 | opendmarc.gid = myuids.lib.gids.opendmarc; | |
100 | }; | |
101 | ||
f4721555 | 102 | environment.systemPackages = [ pkgs.opendmarc ]; |
a1a2455f IB |
103 | |
104 | systemd.services.opendmarc = { | |
105 | description = "OpenDMARC daemon"; | |
106 | after = [ "network.target" ]; | |
107 | wantedBy = [ "multi-user.target" ]; | |
108 | ||
109 | serviceConfig = { | |
110 | ExecStart = "${self.defaultApp."${pkgs.system}".program} ${lib.escapeShellArgs args}"; | |
111 | User = cfg.user; | |
112 | Group = cfg.group; | |
113 | RuntimeDirectory = lib.optional (cfg.socket == defaultSock) "opendmarc"; | |
114 | PermissionsStartOnly = true; | |
115 | }; | |
116 | }; | |
117 | }; | |
118 | }; | |
119 | }; | |
120 | } |