--- /dev/null
+{
+ inputs.opendmarc = {
+ url = "https://git.immae.eu/perso/Immae/Config/Nix.git";
+ type = "git";
+ dir = "flakes/opendmarc";
+ };
+ inputs.nixpkgs.url = "github:NixOS/nixpkgs";
+
+ description = "Private configuration for opendmarc";
+ outputs = { self, nixpkgs, opendmarc }:
+ let
+ cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
+ users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
+ systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
+ services.opendmarc = {
+ enable = true;
+ socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
+ configFile = pkgs.writeText "opendmarc.conf" ''
+ AuthservID HOSTNAME
+ FailureReports false
+ FailureReportsBcc postmaster@immae.eu
+ FailureReportsOnNone true
+ FailureReportsSentBy postmaster@immae.eu
+ IgnoreAuthenticatedClients true
+ IgnoreHosts ${config.secrets.fullPaths."opendmarc/ignore.hosts"}
+ SoftwareHeader true
+ SPFIgnoreResults true
+ SPFSelfValidate true
+ UMask 002
+ '';
+ group = config.services.postfix.group;
+ };
+ services.filesWatcher.opendmarc = {
+ restart = true;
+ paths = [
+ config.secrets.fullPaths."opendmarc/ignore.hosts"
+ ];
+ };
+ secrets.keys = [
+ {
+ dest = "opendmarc/ignore.hosts";
+ user = config.services.opendmarc.user;
+ group = config.services.opendmarc.group;
+ permissions = "0400";
+ text = let
+ mxes = lib.attrsets.filterAttrs
+ (n: v: v.mx.enable)
+ config.myEnv.servers;
+ in
+ builtins.concatStringsSep "\n" ([
+ config.myEnv.mail.dmarc.ignore_hosts
+ ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
+ }
+ ];
+ };
+ in
+ opendmarc.outputs //
+ { nixosModules = opendmarc.nixosModules or {} // nixpkgs.lib.genAttrs ["eldiron" "backup-2"] cfg; };
+}
+
projects / perso / Immae / Config / Nix.git / blobdiff