]>
Commit | Line | Data |
---|---|---|
1 | { | |
2 | description = "Open source ARC implementation"; | |
3 | ||
4 | inputs.myuids = { | |
5 | url = "https://git.immae.eu/perso/Immae/Config/Nix.git"; | |
6 | type = "git"; | |
7 | dir = "flakes/myuids"; | |
8 | }; | |
9 | inputs.flake-utils.url = "github:numtide/flake-utils"; | |
10 | inputs.nixpkgs.url = "github:NixOS/nixpkgs"; | |
11 | inputs.openarc = { | |
12 | url = "github:trusteddomainproject/OpenARC"; | |
13 | flake = false; | |
14 | }; | |
15 | ||
16 | outputs = { self, myuids, openarc, flake-utils, nixpkgs }: flake-utils.lib.eachDefaultSystem (system: | |
17 | let | |
18 | lock = builtins.fromJSON (builtins.readFile ./flake.lock); | |
19 | pkgs = import nixpkgs { inherit system; overlays = []; }; | |
20 | inherit (pkgs) stdenv automake autoconf libbsd libtool openssl pkg-config libmilter file; | |
21 | in rec { | |
22 | packages.openarc = stdenv.mkDerivation rec { | |
23 | pname = "openarc"; | |
24 | version = "master-${builtins.substring 0 7 lock.nodes.openarc.locked.rev}"; | |
25 | src = openarc; | |
26 | buildInputs = [ automake autoconf libbsd libtool openssl pkg-config libmilter ]; | |
27 | ||
28 | configureFlags = [ | |
29 | "--with-milter=${libmilter}" | |
30 | ]; | |
31 | preConfigure = '' | |
32 | autoreconf --force --install | |
33 | sed -i -e "s@/usr/bin/file@${file}/bin/file@" ./configure | |
34 | ''; | |
35 | meta = { | |
36 | description = "Open source ARC implementation"; | |
37 | homepage = "https://github.com/trusteddomainproject/OpenARC"; | |
38 | platforms = stdenv.lib.platforms.unix; | |
39 | }; | |
40 | }; | |
41 | ||
42 | defaultPackage = packages.openarc; | |
43 | legacyPackages.openarc = packages.openarc; | |
44 | apps.openarc = flake-utils.lib.mkApp { drv = packages.openarc; }; | |
45 | defaultApp = apps.openarc; | |
46 | hydraJobs = checks; | |
47 | checks = { | |
48 | build = defaultPackage; | |
49 | } // pkgs.lib.optionalAttrs (builtins.elem system pkgs.lib.systems.doubles.linux) { | |
50 | test = | |
51 | let testing = import (nixpkgs + "/nixos/lib/testing-python.nix") { inherit system; }; | |
52 | in testing.makeTest { | |
53 | nodes = { | |
54 | server = { pkgs, ... }: { | |
55 | imports = [ self.nixosModule ]; | |
56 | config.services.openarc.enable = true; | |
57 | config.services.openarc.configFile = pkgs.writeText "openarc.conf" '' | |
58 | Domain foo.example.org | |
59 | KeyFile /etc/openarc/foo.key | |
60 | Selector foo | |
61 | ''; | |
62 | }; | |
63 | }; | |
64 | testScript = '' | |
65 | start_all() | |
66 | server.wait_until_fails("openarc.service") | |
67 | server.execute("install -m 0700 -o openarc -g openarc -d /etc/openarc") | |
68 | server.execute("echo some_key > /etc/openarc/foo.key") | |
69 | server.execute("chown openarc:openarc /etc/openarc/foo.key") | |
70 | server.execute("chmod 400 /etc/openarc/foo.key") | |
71 | server.systemctl("restart openarc") | |
72 | server.wait_for_unit("openarc.service") | |
73 | server.succeed("[ -S /run/openarc/openarc.sock ]") | |
74 | ''; | |
75 | }; | |
76 | }; | |
77 | }) // { | |
78 | nixosModules = (if builtins.pathExists ../private/openarc.nix then import ../private/openarc.nix nixpkgs else {}); | |
79 | nixosModule = { config, lib, pkgs, ... }: | |
80 | let | |
81 | cfg = config.services.openarc; | |
82 | defaultSock = "local:/run/openarc/openarc.sock"; | |
83 | args = [ "-f" "-p" cfg.socket ] ++ lib.optionals (cfg.configFile != null) [ "-c" cfg.configFile ]; | |
84 | in { | |
85 | options = { | |
86 | services.openarc = { | |
87 | enable = lib.mkOption { | |
88 | type = lib.types.bool; | |
89 | default = false; | |
90 | description = "Whether to enable the OpenARC sender authentication system."; | |
91 | }; | |
92 | ||
93 | socket = lib.mkOption { | |
94 | type = lib.types.str; | |
95 | default = defaultSock; | |
96 | description = "Socket which is used for communication with OpenARC."; | |
97 | }; | |
98 | ||
99 | user = lib.mkOption { | |
100 | type = lib.types.str; | |
101 | default = "openarc"; | |
102 | description = "User for the daemon."; | |
103 | }; | |
104 | ||
105 | group = lib.mkOption { | |
106 | type = lib.types.str; | |
107 | default = "openarc"; | |
108 | description = "Group for the daemon."; | |
109 | }; | |
110 | ||
111 | configFile = lib.mkOption { | |
112 | type = lib.types.nullOr lib.types.path; | |
113 | default = null; | |
114 | description = "Additional OpenARC configuration."; | |
115 | }; | |
116 | ||
117 | }; | |
118 | }; | |
119 | ||
120 | config = lib.mkIf cfg.enable { | |
121 | users.users = lib.optionalAttrs (cfg.user == "openarc") { | |
122 | openarc = { | |
123 | group = cfg.group; | |
124 | uid = myuids.lib.uids.openarc; | |
125 | }; | |
126 | }; | |
127 | ||
128 | users.groups = lib.optionalAttrs (cfg.group == "openarc") { | |
129 | openarc.gid = myuids.lib.gids.openarc; | |
130 | }; | |
131 | ||
132 | environment.systemPackages = [ self.defaultPackage."${pkgs.system}" ]; | |
133 | ||
134 | systemd.services.openarc = { | |
135 | description = "OpenARC daemon"; | |
136 | after = [ "network.target" ]; | |
137 | wantedBy = [ "multi-user.target" ]; | |
138 | ||
139 | serviceConfig = { | |
140 | ExecStart = "${self.defaultApp."${pkgs.system}".program} ${lib.escapeShellArgs args}"; | |
141 | User = cfg.user; | |
142 | Group = cfg.group; | |
143 | RuntimeDirectory = lib.optional (cfg.socket == defaultSock) "openarc"; | |
144 | PermissionsStartOnly = true; | |
145 | }; | |
146 | }; | |
147 | }; | |
148 | }; | |
149 | }; | |
150 | } |