]>
Commit | Line | Data |
---|---|---|
1 | { | |
2 | inputs.opendmarc.url = "path:../../opendmarc"; | |
3 | inputs.environment.url = "path:../environment"; | |
4 | inputs.secrets.url = "path:../../secrets"; | |
5 | inputs.files-watcher.url = "path:../../files-watcher"; | |
6 | ||
7 | description = "Private configuration for opendmarc"; | |
8 | outputs = { self, environment, opendmarc, files-watcher, secrets }: { | |
9 | nixosModule = self.nixosModules.opendmarc; | |
10 | nixosModules.opendmarc = { config, lib, pkgs, ... }: { | |
11 | imports = [ | |
12 | environment.nixosModule | |
13 | files-watcher.nixosModule | |
14 | opendmarc.nixosModule | |
15 | secrets.nixosModule | |
16 | ]; | |
17 | config = { | |
18 | users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ]; | |
19 | systemd.services.opendmarc.serviceConfig.Slice = "mail.slice"; | |
20 | services.opendmarc = { | |
21 | enable = true; | |
22 | socket = "/run/opendmarc/opendmarc.sock"; | |
23 | configFile = pkgs.writeText "opendmarc.conf" '' | |
24 | AuthservID HOSTNAME | |
25 | FailureReports false | |
26 | FailureReportsBcc postmaster@immae.eu | |
27 | FailureReportsOnNone true | |
28 | FailureReportsSentBy postmaster@immae.eu | |
29 | IgnoreAuthenticatedClients true | |
30 | IgnoreHosts ${config.secrets.fullPaths."opendmarc/ignore.hosts"} | |
31 | SoftwareHeader true | |
32 | SPFIgnoreResults true | |
33 | SPFSelfValidate true | |
34 | UMask 002 | |
35 | ''; | |
36 | group = config.services.postfix.group; | |
37 | }; | |
38 | services.filesWatcher.opendmarc = { | |
39 | restart = true; | |
40 | paths = [ | |
41 | config.secrets.fullPaths."opendmarc/ignore.hosts" | |
42 | ]; | |
43 | }; | |
44 | secrets.keys = { | |
45 | "opendmarc/ignore.hosts" = { | |
46 | user = config.services.opendmarc.user; | |
47 | group = config.services.opendmarc.group; | |
48 | permissions = "0400"; | |
49 | text = let | |
50 | mxes = lib.attrsets.filterAttrs | |
51 | (n: v: v.mx.enable) | |
52 | config.myEnv.servers; | |
53 | in | |
54 | builtins.concatStringsSep "\n" ([ | |
55 | config.myEnv.mail.dmarc.ignore_hosts | |
56 | ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes); | |
57 | }; | |
58 | }; | |
59 | }; | |
60 | }; | |
61 | }; | |
62 | } |