X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=blobdiff_plain;f=flakes%2Fprivate%2Fopendmarc.nix;fp=flakes%2Fprivate%2Fopendmarc.nix;h=d6e8920eff588b538ea61b6a8d4f7f580fe16eca;hp=0000000000000000000000000000000000000000;hb=a1a2455f53bde1235b221a842d3c888c51fcecac;hpb=749623765bef80615fc21e73aff89521d262e277 diff --git a/flakes/private/opendmarc.nix b/flakes/private/opendmarc.nix new file mode 100644 index 0000000..d6e8920 --- /dev/null +++ b/flakes/private/opendmarc.nix @@ -0,0 +1,49 @@ +pkgs: +let + cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') { + users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ]; + systemd.services.opendmarc.serviceConfig.Slice = "mail.slice"; + services.opendmarc = { + enable = true; + socket = "local:${config.myServices.mail.milters.sockets.opendmarc}"; + configFile = pkgs.writeText "opendmarc.conf" '' + AuthservID HOSTNAME + FailureReports false + FailureReportsBcc postmaster@immae.eu + FailureReportsOnNone true + FailureReportsSentBy postmaster@immae.eu + IgnoreAuthenticatedClients true + IgnoreHosts ${config.secrets.fullPaths."opendmarc/ignore.hosts"} + SoftwareHeader true + SPFIgnoreResults true + SPFSelfValidate true + UMask 002 + ''; + group = config.services.postfix.group; + }; + services.filesWatcher.opendmarc = { + restart = true; + paths = [ + config.secrets.fullPaths."opendmarc/ignore.hosts" + ]; + }; + secrets.keys = [ + { + dest = "opendmarc/ignore.hosts"; + user = config.services.opendmarc.user; + group = config.services.opendmarc.group; + permissions = "0400"; + text = let + mxes = lib.attrsets.filterAttrs + (n: v: v.mx.enable) + config.myEnv.servers; + in + builtins.concatStringsSep "\n" ([ + config.myEnv.mail.dmarc.ignore_hosts + ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes); + } + ]; + }; +in + pkgs.lib.genAttrs ["eldiron" "backup-2"] cfg +