[perso/Immae/Config/Nix.git] / flakes / private / opendmarc.nix

pkgs:
let
  cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
    users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
    systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
    services.opendmarc = {
      enable = true;
      socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
      configFile = pkgs.writeText "opendmarc.conf" ''
        AuthservID                  HOSTNAME
        FailureReports              false
        FailureReportsBcc           postmaster@immae.eu
        FailureReportsOnNone        true
        FailureReportsSentBy        postmaster@immae.eu
        IgnoreAuthenticatedClients  true
        IgnoreHosts                 ${config.secrets.fullPaths."opendmarc/ignore.hosts"}
        SoftwareHeader              true
        SPFIgnoreResults            true
        SPFSelfValidate             true
        UMask                       002
        '';
      group = config.services.postfix.group;
    };
    services.filesWatcher.opendmarc = {
      restart = true;
      paths = [
        config.secrets.fullPaths."opendmarc/ignore.hosts"
      ];
    };
    secrets.keys = [
      {
        dest = "opendmarc/ignore.hosts";
        user = config.services.opendmarc.user;
        group = config.services.opendmarc.group;
        permissions = "0400";
        text = let
          mxes = lib.attrsets.filterAttrs
            (n: v: v.mx.enable)
            config.myEnv.servers;
          in
            builtins.concatStringsSep "\n" ([
              config.myEnv.mail.dmarc.ignore_hosts
            ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
      }
    ];
  };
in
  pkgs.lib.genAttrs ["eldiron" "backup-2"] cfg
Commit	Line	Data
a1a2455f IB	1	pkgs:
	2	let
	3	cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
	4	users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
	5	systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
	6	services.opendmarc = {
	7	enable = true;
	8	socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
	9	configFile = pkgs.writeText "opendmarc.conf" ''
	10	AuthservID HOSTNAME
	11	FailureReports false
	12	FailureReportsBcc postmaster@immae.eu
	13	FailureReportsOnNone true
	14	FailureReportsSentBy postmaster@immae.eu
	15	IgnoreAuthenticatedClients true
	16	IgnoreHosts ${config.secrets.fullPaths."opendmarc/ignore.hosts"}
	17	SoftwareHeader true
	18	SPFIgnoreResults true
	19	SPFSelfValidate true
	20	UMask 002
	21	'';
	22	group = config.services.postfix.group;
	23	};
	24	services.filesWatcher.opendmarc = {
	25	restart = true;
	26	paths = [
	27	config.secrets.fullPaths."opendmarc/ignore.hosts"
	28	];
	29	};
	30	secrets.keys = [
	31	{
	32	dest = "opendmarc/ignore.hosts";
	33	user = config.services.opendmarc.user;
	34	group = config.services.opendmarc.group;
	35	permissions = "0400";
	36	text = let
	37	mxes = lib.attrsets.filterAttrs
	38	(n: v: v.mx.enable)
	39	config.myEnv.servers;
	40	in
	41	builtins.concatStringsSep "\n" ([
	42	config.myEnv.mail.dmarc.ignore_hosts
	43	] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
	44	}
	45	];
	46	};
	47	in
	48	pkgs.lib.genAttrs ["eldiron" "backup-2"] cfg
	49