]>
Commit | Line | Data |
---|---|---|
ef43c362 IB |
1 | { |
2 | inputs.opendmarc = { | |
ada96f10 IB |
3 | path = "../../opendmarc"; |
4 | type = "path"; | |
ef43c362 | 5 | }; |
da30ae4f IB |
6 | inputs.secrets = { |
7 | path = "../../secrets"; | |
8 | type = "path"; | |
9 | }; | |
27dd65fc IB |
10 | inputs.files-watcher = { |
11 | path = "../../files-watcher"; | |
12 | type = "path"; | |
13 | }; | |
14 | inputs.my-lib = { | |
15 | path = "../../lib"; | |
16 | type = "path"; | |
17 | }; | |
5e2ec9fb IB |
18 | inputs.nix-lib.url = "github:NixOS/nixpkgs"; |
19 | ||
ef43c362 | 20 | description = "Private configuration for opendmarc"; |
da30ae4f | 21 | outputs = { self, nix-lib, opendmarc, my-lib, files-watcher, secrets }: |
ef43c362 | 22 | let |
27dd65fc | 23 | cfg = name': { config, lib, pkgs, name, ... }: { |
910c2e9e IB |
24 | imports = [ |
25 | (my-lib.lib.withNarKey files-watcher "nixosModule") | |
26 | (my-lib.lib.withNarKey opendmarc "nixosModule") | |
da30ae4f | 27 | (my-lib.lib.withNarKey secrets "nixosModule") |
910c2e9e | 28 | ]; |
27dd65fc IB |
29 | config = lib.mkIf (name == name') { |
30 | users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ]; | |
31 | systemd.services.opendmarc.serviceConfig.Slice = "mail.slice"; | |
32 | services.opendmarc = { | |
33 | enable = true; | |
910c2e9e | 34 | socket = "/run/opendmarc/opendmarc.sock"; |
27dd65fc IB |
35 | configFile = pkgs.writeText "opendmarc.conf" '' |
36 | AuthservID HOSTNAME | |
37 | FailureReports false | |
38 | FailureReportsBcc postmaster@immae.eu | |
39 | FailureReportsOnNone true | |
40 | FailureReportsSentBy postmaster@immae.eu | |
41 | IgnoreAuthenticatedClients true | |
42 | IgnoreHosts ${config.secrets.fullPaths."opendmarc/ignore.hosts"} | |
43 | SoftwareHeader true | |
44 | SPFIgnoreResults true | |
45 | SPFSelfValidate true | |
46 | UMask 002 | |
47 | ''; | |
48 | group = config.services.postfix.group; | |
49 | }; | |
50 | services.filesWatcher.opendmarc = { | |
51 | restart = true; | |
52 | paths = [ | |
53 | config.secrets.fullPaths."opendmarc/ignore.hosts" | |
54 | ]; | |
55 | }; | |
4c4652aa IB |
56 | secrets.keys = { |
57 | "opendmarc/ignore.hosts" = { | |
27dd65fc IB |
58 | user = config.services.opendmarc.user; |
59 | group = config.services.opendmarc.group; | |
60 | permissions = "0400"; | |
61 | text = let | |
62 | mxes = lib.attrsets.filterAttrs | |
63 | (n: v: v.mx.enable) | |
64 | config.myEnv.servers; | |
65 | in | |
66 | builtins.concatStringsSep "\n" ([ | |
67 | config.myEnv.mail.dmarc.ignore_hosts | |
68 | ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes); | |
4c4652aa IB |
69 | }; |
70 | }; | |
ef43c362 | 71 | }; |
ef43c362 IB |
72 | }; |
73 | in | |
74 | opendmarc.outputs // | |
5e2ec9fb | 75 | { nixosModules = opendmarc.nixosModules or {} // nix-lib.lib.genAttrs ["eldiron" "backup-2"] cfg; }; |
ef43c362 IB |
76 | } |
77 |