[perso/Immae/Config/Nix.git] / modules / opendmarc.nix

{ config, lib, pkgs, ... }:

with lib;

let

  cfg = config.services.opendmarc;

  defaultSock = "local:/run/opendmarc/opendmarc.sock";

  args = [ "-f" "-l"
           "-p" cfg.socket
         ] ++ optionals (cfg.configFile != null) [ "-c" cfg.configFile ];

in {

  ###### interface

  options = {

    services.opendmarc = {

      enable = mkOption {
        type = types.bool;
        default = false;
        description = "Whether to enable the OpenDMARC sender authentication system.";
      };

      socket = mkOption {
        type = types.str;
        default = defaultSock;
        description = "Socket which is used for communication with OpenDMARC.";
      };

      user = mkOption {
        type = types.str;
        default = "opendmarc";
        description = "User for the daemon.";
      };

      group = mkOption {
        type = types.str;
        default = "opendmarc";
        description = "Group for the daemon.";
      };

      configFile = mkOption {
        type = types.nullOr types.path;
        default = null;
        description = "Additional OpenDMARC configuration.";
      };

    };

  };


  ###### implementation

  config = mkIf cfg.enable {

    users.users = optionalAttrs (cfg.user == "opendmarc") {
      opendmarc = {
        group = cfg.group;
        uid = config.ids.uids.opendmarc;
      };
    };

    users.groups = optionalAttrs (cfg.group == "opendmarc") {
      opendmarc = {
        gid = config.ids.gids.opendmarc;
      };
    };

    environment.systemPackages = [ pkgs.opendmarc ];

    systemd.services.opendmarc = {
      description = "OpenDMARC daemon";
      after = [ "network.target" ];
      wantedBy = [ "multi-user.target" ];

      serviceConfig = {
        ExecStart = "${pkgs.opendmarc}/bin/opendmarc ${escapeShellArgs args}";
        User = cfg.user;
        Group = cfg.group;
        RuntimeDirectory = optional (cfg.socket == defaultSock) "opendmarc";
        PermissionsStartOnly = true;
      };
    };

  };
}
Commit	Line	Data
	1	{ config, lib, pkgs, ... }:
	2
	3	with lib;
	4
	5	let
	6
	7	cfg = config.services.opendmarc;
	8
	9	defaultSock = "local:/run/opendmarc/opendmarc.sock";
	10
	11	args = [ "-f" "-l"
	12	"-p" cfg.socket
	13	] ++ optionals (cfg.configFile != null) [ "-c" cfg.configFile ];
	14
	15	in {
	16
	17	###### interface
	18
	19	options = {
	20
	21	services.opendmarc = {
	22
	23	enable = mkOption {
	24	type = types.bool;
	25	default = false;
	26	description = "Whether to enable the OpenDMARC sender authentication system.";
	27	};
	28
	29	socket = mkOption {
	30	type = types.str;
	31	default = defaultSock;
	32	description = "Socket which is used for communication with OpenDMARC.";
	33	};
	34
	35	user = mkOption {
	36	type = types.str;
	37	default = "opendmarc";
	38	description = "User for the daemon.";
	39	};
	40
	41	group = mkOption {
	42	type = types.str;
	43	default = "opendmarc";
	44	description = "Group for the daemon.";
	45	};
	46
	47	configFile = mkOption {
	48	type = types.nullOr types.path;
	49	default = null;
	50	description = "Additional OpenDMARC configuration.";
	51	};
	52
	53	};
	54
	55	};
	56
	57
	58	###### implementation
	59
	60	config = mkIf cfg.enable {
	61
	62	users.users = optionalAttrs (cfg.user == "opendmarc") {
	63	opendmarc = {
	64	group = cfg.group;
	65	uid = config.ids.uids.opendmarc;
	66	};
	67	};
	68
	69	users.groups = optionalAttrs (cfg.group == "opendmarc") {
	70	opendmarc = {
	71	gid = config.ids.gids.opendmarc;
	72	};
	73	};
	74
	75	environment.systemPackages = [ pkgs.opendmarc ];
	76
	77	systemd.services.opendmarc = {
	78	description = "OpenDMARC daemon";
	79	after = [ "network.target" ];
	80	wantedBy = [ "multi-user.target" ];
	81
	82	serviceConfig = {
	83	ExecStart = "${pkgs.opendmarc}/bin/opendmarc ${escapeShellArgs args}";
	84	User = cfg.user;
	85	Group = cfg.group;
	86	RuntimeDirectory = optional (cfg.socket == defaultSock) "opendmarc";
	87	PermissionsStartOnly = true;
	88	};
	89	};
	90
	91	};
	92	}