]>
Commit | Line | Data |
---|---|---|
a1a2455f IB |
1 | { |
2 | description = "Open source ARC implementation"; | |
3 | ||
4 | inputs.myuids = { | |
5 | url = "https://git.immae.eu/perso/Immae/Config/Nix.git"; | |
6 | type = "git"; | |
7 | dir = "flakes/myuids"; | |
8 | }; | |
9 | inputs.libspf2 = { | |
10 | url = "https://git.immae.eu/perso/Immae/Config/Nix.git"; | |
11 | type = "git"; | |
12 | dir = "flakes/libspf2"; | |
5e2ec9fb | 13 | inputs.nixpkgs.follows = "nixpkgs"; |
a1a2455f IB |
14 | }; |
15 | inputs.flake-utils.url = "github:numtide/flake-utils"; | |
16 | inputs.nixpkgs.url = "github:NixOS/nixpkgs"; | |
17 | ||
18 | outputs = { self, myuids, libspf2, flake-utils, nixpkgs }: flake-utils.lib.eachSystem ["aarch64-linux" "i686-linux" "x86_64-linux"] (system: | |
19 | let | |
5e2ec9fb | 20 | pkgs = import nixpkgs { inherit system; overlays = [ libspf2.overlay ]; }; |
a1a2455f | 21 | in rec { |
5e2ec9fb | 22 | packages.opendmarc = pkgs.callPackage ./. {}; |
a1a2455f IB |
23 | defaultPackage = packages.opendmarc; |
24 | legacyPackages.opendmarc = packages.opendmarc; | |
25 | apps.opendmarc = flake-utils.lib.mkApp { drv = packages.opendmarc; }; | |
26 | defaultApp = apps.opendmarc; | |
27 | hydraJobs = checks; | |
28 | checks = { | |
29 | build = defaultPackage; | |
30 | } // pkgs.lib.optionalAttrs (builtins.elem system pkgs.lib.systems.doubles.linux) { | |
31 | test = | |
32 | let testing = import (nixpkgs + "/nixos/lib/testing-python.nix") { inherit system; }; | |
33 | in testing.makeTest { | |
34 | nodes = { | |
35 | server = { pkgs, ... }: { | |
36 | imports = [ self.nixosModule ]; | |
37 | config.services.opendmarc.enable = true; | |
38 | }; | |
39 | }; | |
40 | testScript = '' | |
41 | start_all() | |
42 | server.wait_for_unit("opendmarc.service") | |
43 | server.succeed("[ -S /run/opendmarc/opendmarc.sock ]") | |
44 | ''; | |
45 | }; | |
46 | }; | |
5e2ec9fb IB |
47 | }) // rec { |
48 | overlays = { | |
49 | opendmarc = final: prev: { | |
50 | opendmarc = self.defaultPackage."${final.system}"; | |
51 | }; | |
52 | }; | |
53 | overlay = overlays.opendmarc; | |
a1a2455f IB |
54 | nixosModule = { config, lib, pkgs, ... }: |
55 | let | |
56 | cfg = config.services.opendmarc; | |
57 | defaultSock = "local:/run/opendmarc/opendmarc.sock"; | |
58 | args = [ "-f" "-l" "-p" cfg.socket ] ++ lib.optionals (cfg.configFile != null) [ "-c" cfg.configFile ]; | |
59 | in { | |
60 | options = { | |
61 | services.opendmarc = { | |
62 | enable = lib.mkOption { | |
63 | type = lib.types.bool; | |
64 | default = false; | |
65 | description = "Whether to enable the OpenDMARC sender authentication system."; | |
66 | }; | |
67 | ||
68 | socket = lib.mkOption { | |
69 | type = lib.types.str; | |
70 | default = defaultSock; | |
71 | description = "Socket which is used for communication with OpenDMARC."; | |
72 | }; | |
73 | ||
74 | user = lib.mkOption { | |
75 | type = lib.types.str; | |
76 | default = "opendmarc"; | |
77 | description = "User for the daemon."; | |
78 | }; | |
79 | ||
80 | group = lib.mkOption { | |
81 | type = lib.types.str; | |
82 | default = "opendmarc"; | |
83 | description = "Group for the daemon."; | |
84 | }; | |
85 | ||
86 | configFile = lib.mkOption { | |
87 | type = lib.types.nullOr lib.types.path; | |
88 | default = null; | |
89 | description = "Additional OpenDMARC configuration."; | |
90 | }; | |
91 | ||
92 | }; | |
93 | }; | |
94 | ||
95 | config = lib.mkIf cfg.enable { | |
96 | users.users = lib.optionalAttrs (cfg.user == "opendmarc") { | |
97 | opendmarc = { | |
98 | group = cfg.group; | |
99 | uid = myuids.lib.uids.opendmarc; | |
100 | }; | |
101 | }; | |
102 | ||
103 | users.groups = lib.optionalAttrs (cfg.group == "opendmarc") { | |
104 | opendmarc.gid = myuids.lib.gids.opendmarc; | |
105 | }; | |
106 | ||
107 | environment.systemPackages = [ self.defaultPackage."${pkgs.system}" ]; | |
108 | ||
109 | systemd.services.opendmarc = { | |
110 | description = "OpenDMARC daemon"; | |
111 | after = [ "network.target" ]; | |
112 | wantedBy = [ "multi-user.target" ]; | |
113 | ||
114 | serviceConfig = { | |
115 | ExecStart = "${self.defaultApp."${pkgs.system}".program} ${lib.escapeShellArgs args}"; | |
116 | User = cfg.user; | |
117 | Group = cfg.group; | |
118 | RuntimeDirectory = lib.optional (cfg.socket == defaultSock) "opendmarc"; | |
119 | PermissionsStartOnly = true; | |
120 | }; | |
121 | }; | |
122 | }; | |
123 | }; | |
124 | }; | |
125 | } |