+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+ cfg = config.services.openarc;
+
+ defaultSock = "local:/run/openarc/openarc.sock";
+
+ args = [ "-f"
+ "-p" cfg.socket
+ ] ++ optionals (cfg.configFile != null) [ "-c" cfg.configFile ];
+
+in {
+
+ ###### interface
+
+ options = {
+
+ services.openarc = {
+
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ description = "Whether to enable the OpenARC sender authentication system.";
+ };
+
+ socket = mkOption {
+ type = types.str;
+ default = defaultSock;
+ description = "Socket which is used for communication with OpenARC.";
+ };
+
+ user = mkOption {
+ type = types.str;
+ default = "opendmarc";
+ description = "User for the daemon.";
+ };
+
+ group = mkOption {
+ type = types.str;
+ default = "opendmarc";
+ description = "Group for the daemon.";
+ };
+
+ configFile = mkOption {
+ type = types.nullOr types.path;
+ default = null;
+ description = "Additional OpenARC configuration.";
+ };
+
+ };
+
+ };
+
+
+ ###### implementation
+
+ config = mkIf cfg.enable {
+
+ users.users = optionalAttrs (cfg.user == "openarc") (singleton
+ { name = "openarc";
+ group = cfg.group;
+ uid = config.ids.uids.openarc;
+ });
+
+ users.groups = optionalAttrs (cfg.group == "openarc") (singleton
+ { name = "openarc";
+ gid = config.ids.gids.openarc;
+ });
+
+ environment.systemPackages = [ pkgs.openarc ];
+
+ systemd.services.openarc = {
+ description = "OpenARC daemon";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+
+ serviceConfig = {
+ ExecStart = "${pkgs.openarc}/bin/openarc ${escapeShellArgs args}";
+ User = cfg.user;
+ Group = cfg.group;
+ RuntimeDirectory = optional (cfg.socket == defaultSock) "openarc";
+ PermissionsStartOnly = true;
+ };
+ };
+
+ };
+}