]>
Commit | Line | Data |
---|---|---|
a1a2455f IB |
1 | { |
2 | description = "Open source ARC implementation"; | |
3 | ||
4 | inputs.myuids = { | |
5 | url = "https://git.immae.eu/perso/Immae/Config/Nix.git"; | |
6 | type = "git"; | |
7 | dir = "flakes/myuids"; | |
8 | }; | |
9 | inputs.libspf2 = { | |
10 | url = "https://git.immae.eu/perso/Immae/Config/Nix.git"; | |
11 | type = "git"; | |
12 | dir = "flakes/libspf2"; | |
13 | }; | |
14 | inputs.flake-utils.url = "github:numtide/flake-utils"; | |
15 | inputs.nixpkgs.url = "github:NixOS/nixpkgs"; | |
16 | ||
17 | outputs = { self, myuids, libspf2, flake-utils, nixpkgs }: flake-utils.lib.eachSystem ["aarch64-linux" "i686-linux" "x86_64-linux"] (system: | |
18 | let | |
19 | libspf2' = libspf2.defaultPackage."${system}"; | |
20 | pkgs = import nixpkgs { inherit system; overlays = []; }; | |
21 | inherit (pkgs) fetchurl stdenv libbsd perl openssl libmilter file libnsl; | |
22 | in rec { | |
23 | packages.opendmarc = stdenv.mkDerivation rec { | |
24 | pname = "opendmarc"; | |
25 | version = "1.3.2"; | |
26 | ||
27 | src = fetchurl { | |
28 | url = "mirror://sourceforge/opendmarc/files/${pname}-${version}.tar.gz"; | |
29 | sha256 = "1yrggj8yq0915y2i34gfz2xpl1w2lgb1vggp67rwspgzm40lng11"; | |
30 | }; | |
31 | ||
32 | configureFlags= [ | |
33 | "--with-spf" | |
34 | "--with-spf2-include=${libspf2'}/include/spf2" | |
35 | "--with-spf2-lib=${libspf2'}/lib/" | |
36 | "--with-milter=${libmilter}" | |
37 | ]; | |
38 | ||
39 | buildInputs = [ libspf2' libbsd openssl libmilter perl libnsl ]; | |
40 | ||
41 | meta = { | |
42 | description = "Free open source software implementation of the DMARC specification"; | |
43 | homepage = "http://www.trusteddomain.org/opendmarc/"; | |
44 | platforms = stdenv.lib.platforms.unix; | |
45 | }; | |
46 | }; | |
47 | ||
48 | defaultPackage = packages.opendmarc; | |
49 | legacyPackages.opendmarc = packages.opendmarc; | |
50 | apps.opendmarc = flake-utils.lib.mkApp { drv = packages.opendmarc; }; | |
51 | defaultApp = apps.opendmarc; | |
52 | hydraJobs = checks; | |
53 | checks = { | |
54 | build = defaultPackage; | |
55 | } // pkgs.lib.optionalAttrs (builtins.elem system pkgs.lib.systems.doubles.linux) { | |
56 | test = | |
57 | let testing = import (nixpkgs + "/nixos/lib/testing-python.nix") { inherit system; }; | |
58 | in testing.makeTest { | |
59 | nodes = { | |
60 | server = { pkgs, ... }: { | |
61 | imports = [ self.nixosModule ]; | |
62 | config.services.opendmarc.enable = true; | |
63 | }; | |
64 | }; | |
65 | testScript = '' | |
66 | start_all() | |
67 | server.wait_for_unit("opendmarc.service") | |
68 | server.succeed("[ -S /run/opendmarc/opendmarc.sock ]") | |
69 | ''; | |
70 | }; | |
71 | }; | |
72 | }) // { | |
a1a2455f IB |
73 | nixosModule = { config, lib, pkgs, ... }: |
74 | let | |
75 | cfg = config.services.opendmarc; | |
76 | defaultSock = "local:/run/opendmarc/opendmarc.sock"; | |
77 | args = [ "-f" "-l" "-p" cfg.socket ] ++ lib.optionals (cfg.configFile != null) [ "-c" cfg.configFile ]; | |
78 | in { | |
79 | options = { | |
80 | services.opendmarc = { | |
81 | enable = lib.mkOption { | |
82 | type = lib.types.bool; | |
83 | default = false; | |
84 | description = "Whether to enable the OpenDMARC sender authentication system."; | |
85 | }; | |
86 | ||
87 | socket = lib.mkOption { | |
88 | type = lib.types.str; | |
89 | default = defaultSock; | |
90 | description = "Socket which is used for communication with OpenDMARC."; | |
91 | }; | |
92 | ||
93 | user = lib.mkOption { | |
94 | type = lib.types.str; | |
95 | default = "opendmarc"; | |
96 | description = "User for the daemon."; | |
97 | }; | |
98 | ||
99 | group = lib.mkOption { | |
100 | type = lib.types.str; | |
101 | default = "opendmarc"; | |
102 | description = "Group for the daemon."; | |
103 | }; | |
104 | ||
105 | configFile = lib.mkOption { | |
106 | type = lib.types.nullOr lib.types.path; | |
107 | default = null; | |
108 | description = "Additional OpenDMARC configuration."; | |
109 | }; | |
110 | ||
111 | }; | |
112 | }; | |
113 | ||
114 | config = lib.mkIf cfg.enable { | |
115 | users.users = lib.optionalAttrs (cfg.user == "opendmarc") { | |
116 | opendmarc = { | |
117 | group = cfg.group; | |
118 | uid = myuids.lib.uids.opendmarc; | |
119 | }; | |
120 | }; | |
121 | ||
122 | users.groups = lib.optionalAttrs (cfg.group == "opendmarc") { | |
123 | opendmarc.gid = myuids.lib.gids.opendmarc; | |
124 | }; | |
125 | ||
126 | environment.systemPackages = [ self.defaultPackage."${pkgs.system}" ]; | |
127 | ||
128 | systemd.services.opendmarc = { | |
129 | description = "OpenDMARC daemon"; | |
130 | after = [ "network.target" ]; | |
131 | wantedBy = [ "multi-user.target" ]; | |
132 | ||
133 | serviceConfig = { | |
134 | ExecStart = "${self.defaultApp."${pkgs.system}".program} ${lib.escapeShellArgs args}"; | |
135 | User = cfg.user; | |
136 | Group = cfg.group; | |
137 | RuntimeDirectory = lib.optional (cfg.socket == defaultSock) "opendmarc"; | |
138 | PermissionsStartOnly = true; | |
139 | }; | |
140 | }; | |
141 | }; | |
142 | }; | |
143 | }; | |
144 | } |