modules/opendmarc.nix

   1 { config, lib, pkgs, ... }:
   2
   3 with lib;
   4
   5 let
   6
   7   cfg = config.services.opendmarc;
   8
   9   defaultSock = "local:/run/opendmarc/opendmarc.sock";
  10
  11   args = [ "-f" "-l"
  12            "-p" cfg.socket
  13          ] ++ optionals (cfg.configFile != null) [ "-c" cfg.configFile ];
  14
  15 in {
  16
  17   ###### interface
  18
  19   options = {
  20
  21     services.opendmarc = {
  22
  23       enable = mkOption {
  24         type = types.bool;
  25         default = false;
  26         description = "Whether to enable the OpenDMARC sender authentication system.";
  27       };
  28
  29       socket = mkOption {
  30         type = types.str;
  31         default = defaultSock;
  32         description = "Socket which is used for communication with OpenDMARC.";
  33       };
  34
  35       user = mkOption {
  36         type = types.str;
  37         default = "opendmarc";
  38         description = "User for the daemon.";
  39       };
  40
  41       group = mkOption {
  42         type = types.str;
  43         default = "opendmarc";
  44         description = "Group for the daemon.";
  45       };
  46
  47       configFile = mkOption {
  48         type = types.nullOr types.path;
  49         default = null;
  50         description = "Additional OpenDMARC configuration.";
  51       };
  52
  53     };
  54
  55   };
  56
  57
  58   ###### implementation
  59
  60   config = mkIf cfg.enable {
  61
  62     users.users = optionalAttrs (cfg.user == "opendmarc") {
  63       opendmarc = {
  64         group = cfg.group;
  65         uid = config.ids.uids.opendmarc;
  66       };
  67     };
  68
  69     users.groups = optionalAttrs (cfg.group == "opendmarc") {
  70       opendmarc = {
  71         gid = config.ids.gids.opendmarc;
  72       };
  73     };
  74
  75     environment.systemPackages = [ pkgs.opendmarc ];
  76
  77     systemd.services.opendmarc = {
  78       description = "OpenDMARC daemon";
  79       after = [ "network.target" ];
  80       wantedBy = [ "multi-user.target" ];
  81
  82       serviceConfig = {
  83         ExecStart = "${pkgs.opendmarc}/bin/opendmarc ${escapeShellArgs args}";
  84         User = cfg.user;
  85         Group = cfg.group;
  86         RuntimeDirectory = optional (cfg.socket == defaultSock) "opendmarc";
  87         PermissionsStartOnly = true;
  88       };
  89     };
  90
  91   };
  92 }