pkgs:
let
  cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
    users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
    systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
    services.opendmarc = {
      enable = true;
      socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
      configFile = pkgs.writeText "opendmarc.conf" ''
        AuthservID                  HOSTNAME
        FailureReports              false
        FailureReportsBcc           postmaster@immae.eu
        FailureReportsOnNone        true
        FailureReportsSentBy        postmaster@immae.eu
        IgnoreAuthenticatedClients  true
        IgnoreHosts                 ${config.secrets.fullPaths."opendmarc/ignore.hosts"}
        SoftwareHeader              true
        SPFIgnoreResults            true
        SPFSelfValidate             true
        UMask                       002
        '';
      group = config.services.postfix.group;
    };
    services.filesWatcher.opendmarc = {
      restart = true;
      paths = [
        config.secrets.fullPaths."opendmarc/ignore.hosts"
      ];
    };
    secrets.keys = [
      {
        dest = "opendmarc/ignore.hosts";
        user = config.services.opendmarc.user;
        group = config.services.opendmarc.group;
        permissions = "0400";
        text = let
          mxes = lib.attrsets.filterAttrs
            (n: v: v.mx.enable)
            config.myEnv.servers;
          in
            builtins.concatStringsSep "\n" ([
              config.myEnv.mail.dmarc.ignore_hosts
            ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
      }
    ];
  };
in
  pkgs.lib.genAttrs ["eldiron" "backup-2"] cfg