--- /dev/null
+{
+ "nodes": {
+ "flake-utils": {
+ "locked": {
+ "lastModified": 1609246779,
+ "narHash": "sha256-eq6ZXE/VWo3EMC65jmIT6H/rrUc9UWOWVujkzav025k=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "08c7ad4a0844adc4a7f9f5bb3beae482e789afa4",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_2": {
+ "locked": {
+ "lastModified": 1609246779,
+ "narHash": "sha256-eq6ZXE/VWo3EMC65jmIT6H/rrUc9UWOWVujkzav025k=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "08c7ad4a0844adc4a7f9f5bb3beae482e789afa4",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "libspf2": {
+ "inputs": {
+ "flake-utils": "flake-utils_2",
+ "nixpkgs": "nixpkgs"
+ },
+ "locked": {
+ "dir": "flakes/libspf2",
+ "lastModified": 1609548509,
+ "narHash": "sha256-d9gssVdKV0EaeDU/L5QgQpQwFuxWMbwNQ71i7z4LdDs=",
+ "ref": "master",
+ "rev": "749623765bef80615fc21e73aff89521d262e277",
+ "revCount": 796,
+ "type": "git",
+ "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+ },
+ "original": {
+ "dir": "flakes/libspf2",
+ "type": "git",
+ "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+ }
+ },
+ "myuids": {
+ "locked": {
+ "dir": "flakes/myuids",
+ "lastModified": 1609548509,
+ "narHash": "sha256-d9gssVdKV0EaeDU/L5QgQpQwFuxWMbwNQ71i7z4LdDs=",
+ "ref": "master",
+ "rev": "749623765bef80615fc21e73aff89521d262e277",
+ "revCount": 796,
+ "type": "git",
+ "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+ },
+ "original": {
+ "dir": "flakes/myuids",
+ "type": "git",
+ "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+ }
+ },
+ "nixpkgs": {
+ "locked": {
+ "lastModified": 1597943282,
+ "narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_2": {
+ "locked": {
+ "lastModified": 1597943282,
+ "narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "root": {
+ "inputs": {
+ "flake-utils": "flake-utils",
+ "libspf2": "libspf2",
+ "myuids": "myuids",
+ "nixpkgs": "nixpkgs_2"
+ }
+ }
+ },
+ "root": "root",
+ "version": 7
+}
--- /dev/null
+{
+ description = "Open source ARC implementation";
+
+ inputs.myuids = {
+ url = "https://git.immae.eu/perso/Immae/Config/Nix.git";
+ type = "git";
+ dir = "flakes/myuids";
+ };
+ inputs.libspf2 = {
+ url = "https://git.immae.eu/perso/Immae/Config/Nix.git";
+ type = "git";
+ dir = "flakes/libspf2";
+ };
+ inputs.flake-utils.url = "github:numtide/flake-utils";
+ inputs.nixpkgs.url = "github:NixOS/nixpkgs";
+
+ outputs = { self, myuids, libspf2, flake-utils, nixpkgs }: flake-utils.lib.eachSystem ["aarch64-linux" "i686-linux" "x86_64-linux"] (system:
+ let
+ libspf2' = libspf2.defaultPackage."${system}";
+ pkgs = import nixpkgs { inherit system; overlays = []; };
+ inherit (pkgs) fetchurl stdenv libbsd perl openssl libmilter file libnsl;
+ in rec {
+ packages.opendmarc = stdenv.mkDerivation rec {
+ pname = "opendmarc";
+ version = "1.3.2";
+
+ src = fetchurl {
+ url = "mirror://sourceforge/opendmarc/files/${pname}-${version}.tar.gz";
+ sha256 = "1yrggj8yq0915y2i34gfz2xpl1w2lgb1vggp67rwspgzm40lng11";
+ };
+
+ configureFlags= [
+ "--with-spf"
+ "--with-spf2-include=${libspf2'}/include/spf2"
+ "--with-spf2-lib=${libspf2'}/lib/"
+ "--with-milter=${libmilter}"
+ ];
+
+ buildInputs = [ libspf2' libbsd openssl libmilter perl libnsl ];
+
+ meta = {
+ description = "Free open source software implementation of the DMARC specification";
+ homepage = "http://www.trusteddomain.org/opendmarc/";
+ platforms = stdenv.lib.platforms.unix;
+ };
+ };
+
+ defaultPackage = packages.opendmarc;
+ legacyPackages.opendmarc = packages.opendmarc;
+ apps.opendmarc = flake-utils.lib.mkApp { drv = packages.opendmarc; };
+ defaultApp = apps.opendmarc;
+ hydraJobs = checks;
+ checks = {
+ build = defaultPackage;
+ } // pkgs.lib.optionalAttrs (builtins.elem system pkgs.lib.systems.doubles.linux) {
+ test =
+ let testing = import (nixpkgs + "/nixos/lib/testing-python.nix") { inherit system; };
+ in testing.makeTest {
+ nodes = {
+ server = { pkgs, ... }: {
+ imports = [ self.nixosModule ];
+ config.services.opendmarc.enable = true;
+ };
+ };
+ testScript = ''
+ start_all()
+ server.wait_for_unit("opendmarc.service")
+ server.succeed("[ -S /run/opendmarc/opendmarc.sock ]")
+ '';
+ };
+ };
+ }) // {
+ nixosModules = (if builtins.pathExists ../private/opendmarc.nix then import ../private/opendmarc.nix nixpkgs else {});
+ nixosModule = { config, lib, pkgs, ... }:
+ let
+ cfg = config.services.opendmarc;
+ defaultSock = "local:/run/opendmarc/opendmarc.sock";
+ args = [ "-f" "-l" "-p" cfg.socket ] ++ lib.optionals (cfg.configFile != null) [ "-c" cfg.configFile ];
+ in {
+ options = {
+ services.opendmarc = {
+ enable = lib.mkOption {
+ type = lib.types.bool;
+ default = false;
+ description = "Whether to enable the OpenDMARC sender authentication system.";
+ };
+
+ socket = lib.mkOption {
+ type = lib.types.str;
+ default = defaultSock;
+ description = "Socket which is used for communication with OpenDMARC.";
+ };
+
+ user = lib.mkOption {
+ type = lib.types.str;
+ default = "opendmarc";
+ description = "User for the daemon.";
+ };
+
+ group = lib.mkOption {
+ type = lib.types.str;
+ default = "opendmarc";
+ description = "Group for the daemon.";
+ };
+
+ configFile = lib.mkOption {
+ type = lib.types.nullOr lib.types.path;
+ default = null;
+ description = "Additional OpenDMARC configuration.";
+ };
+
+ };
+ };
+
+ config = lib.mkIf cfg.enable {
+ users.users = lib.optionalAttrs (cfg.user == "opendmarc") {
+ opendmarc = {
+ group = cfg.group;
+ uid = myuids.lib.uids.opendmarc;
+ };
+ };
+
+ users.groups = lib.optionalAttrs (cfg.group == "opendmarc") {
+ opendmarc.gid = myuids.lib.gids.opendmarc;
+ };
+
+ environment.systemPackages = [ self.defaultPackage."${pkgs.system}" ];
+
+ systemd.services.opendmarc = {
+ description = "OpenDMARC daemon";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+
+ serviceConfig = {
+ ExecStart = "${self.defaultApp."${pkgs.system}".program} ${lib.escapeShellArgs args}";
+ User = cfg.user;
+ Group = cfg.group;
+ RuntimeDirectory = lib.optional (cfg.socket == defaultSock) "opendmarc";
+ PermissionsStartOnly = true;
+ };
+ };
+ };
+ };
+ };
+ }
--- /dev/null
+pkgs:
+let
+ cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
+ users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
+ systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
+ services.opendmarc = {
+ enable = true;
+ socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
+ configFile = pkgs.writeText "opendmarc.conf" ''
+ AuthservID HOSTNAME
+ FailureReports false
+ FailureReportsBcc postmaster@immae.eu
+ FailureReportsOnNone true
+ FailureReportsSentBy postmaster@immae.eu
+ IgnoreAuthenticatedClients true
+ IgnoreHosts ${config.secrets.fullPaths."opendmarc/ignore.hosts"}
+ SoftwareHeader true
+ SPFIgnoreResults true
+ SPFSelfValidate true
+ UMask 002
+ '';
+ group = config.services.postfix.group;
+ };
+ services.filesWatcher.opendmarc = {
+ restart = true;
+ paths = [
+ config.secrets.fullPaths."opendmarc/ignore.hosts"
+ ];
+ };
+ secrets.keys = [
+ {
+ dest = "opendmarc/ignore.hosts";
+ user = config.services.opendmarc.user;
+ group = config.services.opendmarc.group;
+ permissions = "0400";
+ text = let
+ mxes = lib.attrsets.filterAttrs
+ (n: v: v.mx.enable)
+ config.myEnv.servers;
+ in
+ builtins.concatStringsSep "\n" ([
+ config.myEnv.mail.dmarc.ignore_hosts
+ ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
+ }
+ ];
+ };
+in
+ pkgs.lib.genAttrs ["eldiron" "backup-2"] cfg
+
peertube = ./webapps/peertube.nix;
fiche = ./webapps/fiche.nix;
- opendmarc = ./opendmarc.nix;
+ opendmarc = (flakeCompat ../flakes/opendmarc).nixosModule;
openarc = (flakeCompat ../flakes/openarc).nixosModule;
duplyBackup = ./duply_backup;
+++ /dev/null
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-
- cfg = config.services.opendmarc;
-
- defaultSock = "local:/run/opendmarc/opendmarc.sock";
-
- args = [ "-f" "-l"
- "-p" cfg.socket
- ] ++ optionals (cfg.configFile != null) [ "-c" cfg.configFile ];
-
-in {
-
- ###### interface
-
- options = {
-
- services.opendmarc = {
-
- enable = mkOption {
- type = types.bool;
- default = false;
- description = "Whether to enable the OpenDMARC sender authentication system.";
- };
-
- socket = mkOption {
- type = types.str;
- default = defaultSock;
- description = "Socket which is used for communication with OpenDMARC.";
- };
-
- user = mkOption {
- type = types.str;
- default = "opendmarc";
- description = "User for the daemon.";
- };
-
- group = mkOption {
- type = types.str;
- default = "opendmarc";
- description = "Group for the daemon.";
- };
-
- configFile = mkOption {
- type = types.nullOr types.path;
- default = null;
- description = "Additional OpenDMARC configuration.";
- };
-
- };
-
- };
-
-
- ###### implementation
-
- config = mkIf cfg.enable {
-
- users.users = optionalAttrs (cfg.user == "opendmarc") {
- opendmarc = {
- group = cfg.group;
- uid = config.ids.uids.opendmarc;
- };
- };
-
- users.groups = optionalAttrs (cfg.group == "opendmarc") {
- opendmarc = {
- gid = config.ids.gids.opendmarc;
- };
- };
-
- environment.systemPackages = [ pkgs.opendmarc ];
-
- systemd.services.opendmarc = {
- description = "OpenDMARC daemon";
- after = [ "network.target" ];
- wantedBy = [ "multi-user.target" ];
-
- serviceConfig = {
- ExecStart = "${pkgs.opendmarc}/bin/opendmarc ${escapeShellArgs args}";
- User = cfg.user;
- Group = cfg.group;
- RuntimeDirectory = optional (cfg.socket == defaultSock) "opendmarc";
- PermissionsStartOnly = true;
- };
- };
-
- };
-}
{ lib, pkgs, config, name, ... }:
{
imports =
- builtins.attrValues (import ../../../lib/flake-compat.nix ../../../flakes/openarc).nixosModules;
+ builtins.attrValues (import ../../../lib/flake-compat.nix ../../../flakes/openarc).nixosModules
+ ++ builtins.attrValues (import ../../../lib/flake-compat.nix ../../../flakes/opendmarc).nixosModules;
options.myServices.mail.milters.sockets = lib.mkOption {
type = lib.types.attrsOf lib.types.path;
text = ''
eldiron._domainkey IN TXT ${config.myEnv.mail.dkim.eldiron.public}'';
}
- {
- dest = "opendmarc/ignore.hosts";
- user = config.services.opendmarc.user;
- group = config.services.opendmarc.group;
- permissions = "0400";
- text = let
- mxes = lib.attrsets.filterAttrs
- (n: v: v.mx.enable)
- config.myEnv.servers;
- in
- builtins.concatStringsSep "\n" ([
- config.myEnv.mail.dmarc.ignore_hosts
- ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
- }
];
users.users."${config.services.opendkim.user}".extraGroups = [ "keys" ];
services.opendkim = {
];
};
- users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
- systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
- services.opendmarc = {
- enable = true;
- socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
- configFile = pkgs.writeText "opendmarc.conf" ''
- AuthservID HOSTNAME
- FailureReports false
- FailureReportsBcc postmaster@immae.eu
- FailureReportsOnNone true
- FailureReportsSentBy postmaster@immae.eu
- IgnoreAuthenticatedClients true
- IgnoreHosts ${config.secrets.fullPaths."opendmarc/ignore.hosts"}
- SoftwareHeader true
- SPFIgnoreResults true
- SPFSelfValidate true
- UMask 002
- '';
- group = config.services.postfix.group;
- };
- services.filesWatcher.opendmarc = {
- restart = true;
- paths = [
- config.secrets.fullPaths."opendmarc/ignore.hosts"
- ];
- };
-
systemd.services.milter_verify_from = {
description = "Verify from milter";
after = [ "network.target" ];
notmuch-python3 = callPackage ./notmuch/notmuch-python { pythonPackages = python3Packages; };
notmuch-vim = callPackage ./notmuch/notmuch-vim {};
openarc = (mylibs.flakeCompat ../flakes/openarc).default;
- opendmarc = callPackage ./opendmarc { libspf2 = callPackage ./opendmarc/libspf2.nix {}; };
+ opendmarc = (mylibs.flakeCompat ../flakes/opendmarc).default;
pg_activity = callPackage ./pg_activity { inherit mylibs; };
pgloader = callPackage ./pgloader {};
predixy = callPackage ./predixy { inherit mylibs; };
+++ /dev/null
-{ stdenv, fetchurl, pkgconfig, libbsd, openssl, libmilter , perl, makeWrapper, libspf2 }:
-
-stdenv.mkDerivation rec {
- name = "opendmarc-${version}";
- version = "1.3.2";
-
- src = fetchurl {
- url = "mirror://sourceforge/opendmarc/files/${name}.tar.gz";
- sha256 = "1yrggj8yq0915y2i34gfz2xpl1w2lgb1vggp67rwspgzm40lng11";
- };
-
- configureFlags= [
- "--with-spf"
- "--with-spf2-include=${libspf2}/include/spf2"
- "--with-spf2-lib=${libspf2}/lib/"
- "--with-milter=${libmilter}"
- ];
-
- buildInputs = [ libspf2 libbsd openssl libmilter perl ];
-
- meta = with stdenv.lib; {
- description = "Free open source software implementation of the DMARC specification";
- homepage = http://www.trusteddomain.org/opendmarc/;
- platforms = platforms.unix;
- };
-}
+++ /dev/null
-{ stdenv, file, fetchurl, fetchpatch, libnsl }:
-
-stdenv.mkDerivation rec {
- name = "libspf2-${version}";
- version = "1.2.10";
-
- patches = [
- (fetchpatch {
- name = "fix-variadic-macros.patch";
- url = "https://git.archlinux.org/svntogit/community.git/plain/trunk/fix-variadic-macros.patch?h=packages/libspf2";
- sha256 = "00dqpcgjr9jy2qprgqv2qiyvq8y3wlz4yns9xzabf2064jzqh2ic";
- })
- ];
- preConfigure = ''
- sed -i -e "s@/usr/bin/file@${file}/bin/file@" ./configure
- '';
- configureFlags = [
- "--enable-static"
- ];
- postInstall = ''
- rm $out/bin/*_static
- '';
- src = fetchurl {
- url = "https://www.libspf2.org/spf/${name}.tar.gz";
- sha256 = "1j91p0qiipzf89qxq4m1wqhdf01hpn1h5xj4djbs51z23bl3s7nr";
- };
-
- buildInputs = [ libnsl ];
-
- meta = with stdenv.lib; {
- description = "Sender Policy Framework record checking library";
- homepage = https://www.libspf2.org/;
- platforms = platforms.unix;
- };
-}
projects / perso / Immae / Config / Nix.git / commitdiff
