path = "../../opendmarc";
type = "path";
};
+ inputs.files-watcher = {
+ path = "../../files-watcher";
+ type = "path";
+ };
+ inputs.my-lib = {
+ path = "../../lib";
+ type = "path";
+ };
inputs.nix-lib.url = "github:NixOS/nixpkgs";
description = "Private configuration for opendmarc";
- outputs = { self, nix-lib, opendmarc }:
+ outputs = { self, nix-lib, opendmarc, my-lib, files-watcher }:
let
- cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
- users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
- systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
- services.opendmarc = {
- enable = true;
- socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
- configFile = pkgs.writeText "opendmarc.conf" ''
- AuthservID HOSTNAME
- FailureReports false
- FailureReportsBcc postmaster@immae.eu
- FailureReportsOnNone true
- FailureReportsSentBy postmaster@immae.eu
- IgnoreAuthenticatedClients true
- IgnoreHosts ${config.secrets.fullPaths."opendmarc/ignore.hosts"}
- SoftwareHeader true
- SPFIgnoreResults true
- SPFSelfValidate true
- UMask 002
- '';
- group = config.services.postfix.group;
- };
- services.filesWatcher.opendmarc = {
- restart = true;
- paths = [
- config.secrets.fullPaths."opendmarc/ignore.hosts"
+ cfg = name': { config, lib, pkgs, name, ... }: {
+ imports = [ (my-lib.lib.withNarKey files-watcher "nixosModule") ];
+ config = lib.mkIf (name == name') {
+ users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
+ systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
+ services.opendmarc = {
+ enable = true;
+ socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
+ configFile = pkgs.writeText "opendmarc.conf" ''
+ AuthservID HOSTNAME
+ FailureReports false
+ FailureReportsBcc postmaster@immae.eu
+ FailureReportsOnNone true
+ FailureReportsSentBy postmaster@immae.eu
+ IgnoreAuthenticatedClients true
+ IgnoreHosts ${config.secrets.fullPaths."opendmarc/ignore.hosts"}
+ SoftwareHeader true
+ SPFIgnoreResults true
+ SPFSelfValidate true
+ UMask 002
+ '';
+ group = config.services.postfix.group;
+ };
+ services.filesWatcher.opendmarc = {
+ restart = true;
+ paths = [
+ config.secrets.fullPaths."opendmarc/ignore.hosts"
+ ];
+ };
+ secrets.keys = [
+ {
+ dest = "opendmarc/ignore.hosts";
+ user = config.services.opendmarc.user;
+ group = config.services.opendmarc.group;
+ permissions = "0400";
+ text = let
+ mxes = lib.attrsets.filterAttrs
+ (n: v: v.mx.enable)
+ config.myEnv.servers;
+ in
+ builtins.concatStringsSep "\n" ([
+ config.myEnv.mail.dmarc.ignore_hosts
+ ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
+ }
];
};
- secrets.keys = [
- {
- dest = "opendmarc/ignore.hosts";
- user = config.services.opendmarc.user;
- group = config.services.opendmarc.group;
- permissions = "0400";
- text = let
- mxes = lib.attrsets.filterAttrs
- (n: v: v.mx.enable)
- config.myEnv.servers;
- in
- builtins.concatStringsSep "\n" ([
- config.myEnv.mail.dmarc.ignore_hosts
- ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
- }
- ];
};
in
opendmarc.outputs //