X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=blobdiff_plain;f=modules%2Fprivate%2Fmail%2Fmilters.nix;h=49c5dfdc573bdfc18d7c88e0134eaddd873ad783;hp=96c280066f44b966c55beee99fc7c12d2f961047;hb=a1a2455f53bde1235b221a842d3c888c51fcecac;hpb=749623765bef80615fc21e73aff89521d262e277

diff --git a/modules/private/mail/milters.nix b/modules/private/mail/milters.nix
index 96c2800..49c5dfd 100644
--- a/modules/private/mail/milters.nix
+++ b/modules/private/mail/milters.nix
@@ -1,7 +1,8 @@
 { lib, pkgs, config, name, ... }:
 {
   imports =
-    builtins.attrValues (import ../../../lib/flake-compat.nix ../../../flakes/openarc).nixosModules;
+       builtins.attrValues (import ../../../lib/flake-compat.nix ../../../flakes/openarc).nixosModules
+    ++ builtins.attrValues (import ../../../lib/flake-compat.nix ../../../flakes/opendmarc).nixosModules;
 
   options.myServices.mail.milters.sockets = lib.mkOption {
     type = lib.types.attrsOf lib.types.path;
@@ -32,20 +33,6 @@
         text = ''
           eldiron._domainkey	IN	TXT	${config.myEnv.mail.dkim.eldiron.public}'';
       }
-      {
-        dest = "opendmarc/ignore.hosts";
-        user = config.services.opendmarc.user;
-        group = config.services.opendmarc.group;
-        permissions = "0400";
-        text = let
-          mxes = lib.attrsets.filterAttrs
-            (n: v: v.mx.enable)
-            config.myEnv.servers;
-          in
-            builtins.concatStringsSep "\n" ([
-              config.myEnv.mail.dmarc.ignore_hosts
-            ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
-      }
     ];
     users.users."${config.services.opendkim.user}".extraGroups = [ "keys" ];
     services.opendkim = {
@@ -79,33 +66,6 @@
       ];
     };
 
-    users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
-    systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
-    services.opendmarc = {
-      enable = true;
-      socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
-      configFile = pkgs.writeText "opendmarc.conf" ''
-        AuthservID                  HOSTNAME
-        FailureReports              false
-        FailureReportsBcc           postmaster@immae.eu
-        FailureReportsOnNone        true
-        FailureReportsSentBy        postmaster@immae.eu
-        IgnoreAuthenticatedClients  true
-        IgnoreHosts                 ${config.secrets.fullPaths."opendmarc/ignore.hosts"}
-        SoftwareHeader              true
-        SPFIgnoreResults            true
-        SPFSelfValidate             true
-        UMask                       002
-        '';
-      group = config.services.postfix.group;
-    };
-    services.filesWatcher.opendmarc = {
-      restart = true;
-      paths = [
-        config.secrets.fullPaths."opendmarc/ignore.hosts"
-      ];
-    };
-
     systemd.services.milter_verify_from = {
       description  = "Verify from milter";
       after = [ "network.target" ];