Add opendmarc flake

diff --git a/flakes/opendmarc/flake.lock b/flakes/opendmarc/flake.lock
new file mode 100644 (file)
index 0000000..9e6a869
--- /dev/null
+++ b/flakes/opendmarc/flake.lock
@@ -0,0 +1,112 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1609246779,
+        "narHash": "sha256-eq6ZXE/VWo3EMC65jmIT6H/rrUc9UWOWVujkzav025k=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "08c7ad4a0844adc4a7f9f5bb3beae482e789afa4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_2": {
+      "locked": {
+        "lastModified": 1609246779,
+        "narHash": "sha256-eq6ZXE/VWo3EMC65jmIT6H/rrUc9UWOWVujkzav025k=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "08c7ad4a0844adc4a7f9f5bb3beae482e789afa4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "libspf2": {
+      "inputs": {
+        "flake-utils": "flake-utils_2",
+        "nixpkgs": "nixpkgs"
+      },
+      "locked": {
+        "dir": "flakes/libspf2",
+        "lastModified": 1609548509,
+        "narHash": "sha256-d9gssVdKV0EaeDU/L5QgQpQwFuxWMbwNQ71i7z4LdDs=",
+        "ref": "master",
+        "rev": "749623765bef80615fc21e73aff89521d262e277",
+        "revCount": 796,
+        "type": "git",
+        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+      },
+      "original": {
+        "dir": "flakes/libspf2",
+        "type": "git",
+        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+      }
+    },
+    "myuids": {
+      "locked": {
+        "dir": "flakes/myuids",
+        "lastModified": 1609548509,
+        "narHash": "sha256-d9gssVdKV0EaeDU/L5QgQpQwFuxWMbwNQ71i7z4LdDs=",
+        "ref": "master",
+        "rev": "749623765bef80615fc21e73aff89521d262e277",
+        "revCount": 796,
+        "type": "git",
+        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+      },
+      "original": {
+        "dir": "flakes/myuids",
+        "type": "git",
+        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1597943282,
+        "narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1597943282,
+        "narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "libspf2": "libspf2",
+        "myuids": "myuids",
+        "nixpkgs": "nixpkgs_2"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

diff --git a/flakes/opendmarc/flake.nix b/flakes/opendmarc/flake.nix
new file mode 100644 (file)
index 0000000..4d6354b
--- /dev/null
+++ b/flakes/opendmarc/flake.nix
@@ -0,0 +1,145 @@
+{
+  description = "Open source ARC implementation";
+
+  inputs.myuids = {
+    url = "https://git.immae.eu/perso/Immae/Config/Nix.git";
+    type = "git";
+    dir = "flakes/myuids";
+  };
+  inputs.libspf2 = {
+    url = "https://git.immae.eu/perso/Immae/Config/Nix.git";
+    type = "git";
+    dir = "flakes/libspf2";
+  };
+  inputs.flake-utils.url = "github:numtide/flake-utils";
+  inputs.nixpkgs.url = "github:NixOS/nixpkgs";
+
+  outputs = { self, myuids, libspf2, flake-utils, nixpkgs }: flake-utils.lib.eachSystem ["aarch64-linux" "i686-linux" "x86_64-linux"] (system:
+    let
+      libspf2' = libspf2.defaultPackage."${system}";
+      pkgs = import nixpkgs { inherit system; overlays = []; };
+      inherit (pkgs) fetchurl stdenv libbsd perl openssl libmilter file libnsl;
+    in rec {
+      packages.opendmarc = stdenv.mkDerivation rec {
+        pname = "opendmarc";
+        version = "1.3.2";
+
+        src = fetchurl {
+          url = "mirror://sourceforge/opendmarc/files/${pname}-${version}.tar.gz";
+          sha256 = "1yrggj8yq0915y2i34gfz2xpl1w2lgb1vggp67rwspgzm40lng11";
+        };
+
+        configureFlags= [
+          "--with-spf"
+          "--with-spf2-include=${libspf2'}/include/spf2"
+          "--with-spf2-lib=${libspf2'}/lib/"
+          "--with-milter=${libmilter}"
+        ];
+
+        buildInputs = [ libspf2' libbsd openssl libmilter perl libnsl ];
+
+        meta = {
+          description = "Free open source software implementation of the DMARC specification";
+          homepage = "http://www.trusteddomain.org/opendmarc/";
+          platforms = stdenv.lib.platforms.unix;
+        };
+      };
+
+      defaultPackage = packages.opendmarc;
+      legacyPackages.opendmarc = packages.opendmarc;
+      apps.opendmarc = flake-utils.lib.mkApp { drv = packages.opendmarc; };
+      defaultApp = apps.opendmarc;
+      hydraJobs = checks;
+      checks = {
+        build = defaultPackage;
+      } // pkgs.lib.optionalAttrs (builtins.elem system pkgs.lib.systems.doubles.linux) {
+        test =
+          let testing = import (nixpkgs + "/nixos/lib/testing-python.nix") { inherit system; };
+          in testing.makeTest {
+            nodes = {
+              server = { pkgs, ... }: {
+                imports = [ self.nixosModule ];
+                config.services.opendmarc.enable = true;
+              };
+            };
+            testScript = ''
+              start_all()
+              server.wait_for_unit("opendmarc.service")
+              server.succeed("[ -S /run/opendmarc/opendmarc.sock ]")
+            '';
+          };
+        };
+    }) // {
+     nixosModules = (if builtins.pathExists ../private/opendmarc.nix then import ../private/opendmarc.nix nixpkgs else {});
+     nixosModule = { config, lib, pkgs, ... }:
+       let
+         cfg = config.services.opendmarc;
+         defaultSock = "local:/run/opendmarc/opendmarc.sock";
+         args = [ "-f" "-l" "-p" cfg.socket ] ++ lib.optionals (cfg.configFile != null) [ "-c" cfg.configFile ];
+       in {
+         options = {
+           services.opendmarc = {
+             enable = lib.mkOption {
+               type = lib.types.bool;
+               default = false;
+               description = "Whether to enable the OpenDMARC sender authentication system.";
+             };
+
+             socket = lib.mkOption {
+               type = lib.types.str;
+               default = defaultSock;
+               description = "Socket which is used for communication with OpenDMARC.";
+             };
+
+             user = lib.mkOption {
+               type = lib.types.str;
+               default = "opendmarc";
+               description = "User for the daemon.";
+             };
+
+             group = lib.mkOption {
+               type = lib.types.str;
+               default = "opendmarc";
+               description = "Group for the daemon.";
+             };
+
+             configFile = lib.mkOption {
+               type = lib.types.nullOr lib.types.path;
+               default = null;
+               description = "Additional OpenDMARC configuration.";
+             };
+
+           };
+         };
+
+         config = lib.mkIf cfg.enable {
+           users.users = lib.optionalAttrs (cfg.user == "opendmarc") {
+             opendmarc = {
+               group = cfg.group;
+               uid = myuids.lib.uids.opendmarc;
+             };
+           };
+
+           users.groups = lib.optionalAttrs (cfg.group == "opendmarc") {
+             opendmarc.gid = myuids.lib.gids.opendmarc;
+           };
+
+           environment.systemPackages = [ self.defaultPackage."${pkgs.system}" ];
+
+           systemd.services.opendmarc = {
+             description = "OpenDMARC daemon";
+             after = [ "network.target" ];
+             wantedBy = [ "multi-user.target" ];
+
+             serviceConfig = {
+               ExecStart = "${self.defaultApp."${pkgs.system}".program} ${lib.escapeShellArgs args}";
+               User = cfg.user;
+               Group = cfg.group;
+               RuntimeDirectory = lib.optional (cfg.socket == defaultSock) "opendmarc";
+               PermissionsStartOnly = true;
+             };
+           };
+         };
+       };
+    };
+  }

diff --git a/flakes/private/opendmarc.nix b/flakes/private/opendmarc.nix
new file mode 100644 (file)
index 0000000..d6e8920
--- /dev/null
+++ b/flakes/private/opendmarc.nix
@@ -0,0 +1,49 @@
+pkgs:
+let
+  cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
+    users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
+    systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
+    services.opendmarc = {
+      enable = true;
+      socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
+      configFile = pkgs.writeText "opendmarc.conf" ''
+        AuthservID                  HOSTNAME
+        FailureReports              false
+        FailureReportsBcc           postmaster@immae.eu
+        FailureReportsOnNone        true
+        FailureReportsSentBy        postmaster@immae.eu
+        IgnoreAuthenticatedClients  true
+        IgnoreHosts                 ${config.secrets.fullPaths."opendmarc/ignore.hosts"}
+        SoftwareHeader              true
+        SPFIgnoreResults            true
+        SPFSelfValidate             true
+        UMask                       002
+        '';
+      group = config.services.postfix.group;
+    };
+    services.filesWatcher.opendmarc = {
+      restart = true;
+      paths = [
+        config.secrets.fullPaths."opendmarc/ignore.hosts"
+      ];
+    };
+    secrets.keys = [
+      {
+        dest = "opendmarc/ignore.hosts";
+        user = config.services.opendmarc.user;
+        group = config.services.opendmarc.group;
+        permissions = "0400";
+        text = let
+          mxes = lib.attrsets.filterAttrs
+            (n: v: v.mx.enable)
+            config.myEnv.servers;
+          in
+            builtins.concatStringsSep "\n" ([
+              config.myEnv.mail.dmarc.ignore_hosts
+            ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
+      }
+    ];
+  };
+in
+  pkgs.lib.genAttrs ["eldiron" "backup-2"] cfg
+

diff --git a/modules/default.nix b/modules/default.nix
index 53e39320462dd31570488149bdf58a610358ad19..abf4547188cb9f20ac68410e7cb34e03cc133d79 100644 (file)
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -14,7 +14,7 @@ in
   peertube = ./webapps/peertube.nix;
   fiche = ./webapps/fiche.nix;
 
   peertube = ./webapps/peertube.nix;
   fiche = ./webapps/fiche.nix;
 

-  opendmarc = ./opendmarc.nix;
+  opendmarc = (flakeCompat ../flakes/opendmarc).nixosModule;

   openarc = (flakeCompat ../flakes/openarc).nixosModule;
 
   duplyBackup = ./duply_backup;
   openarc = (flakeCompat ../flakes/openarc).nixosModule;
 
   duplyBackup = ./duply_backup;

diff --git a/modules/opendmarc.nix b/modules/opendmarc.nix
deleted file mode 100644 (file)
index 6137d10..0000000
--- a/modules/opendmarc.nix
+++ /dev/null
@@ -1,92 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-
-  cfg = config.services.opendmarc;
-
-  defaultSock = "local:/run/opendmarc/opendmarc.sock";
-
-  args = [ "-f" "-l"
-           "-p" cfg.socket
-         ] ++ optionals (cfg.configFile != null) [ "-c" cfg.configFile ];
-
-in {
-
-  ###### interface
-
-  options = {
-
-    services.opendmarc = {
-
-      enable = mkOption {
-        type = types.bool;
-        default = false;
-        description = "Whether to enable the OpenDMARC sender authentication system.";
-      };
-
-      socket = mkOption {
-        type = types.str;
-        default = defaultSock;
-        description = "Socket which is used for communication with OpenDMARC.";
-      };
-
-      user = mkOption {
-        type = types.str;
-        default = "opendmarc";
-        description = "User for the daemon.";
-      };
-
-      group = mkOption {
-        type = types.str;
-        default = "opendmarc";
-        description = "Group for the daemon.";
-      };
-
-      configFile = mkOption {
-        type = types.nullOr types.path;
-        default = null;
-        description = "Additional OpenDMARC configuration.";
-      };
-
-    };
-
-  };
-
-
-  ###### implementation
-
-  config = mkIf cfg.enable {
-
-    users.users = optionalAttrs (cfg.user == "opendmarc") {
-      opendmarc = {
-        group = cfg.group;
-        uid = config.ids.uids.opendmarc;
-      };
-    };
-
-    users.groups = optionalAttrs (cfg.group == "opendmarc") {
-      opendmarc = {
-        gid = config.ids.gids.opendmarc;
-      };
-    };
-
-    environment.systemPackages = [ pkgs.opendmarc ];
-
-    systemd.services.opendmarc = {
-      description = "OpenDMARC daemon";
-      after = [ "network.target" ];
-      wantedBy = [ "multi-user.target" ];
-
-      serviceConfig = {
-        ExecStart = "${pkgs.opendmarc}/bin/opendmarc ${escapeShellArgs args}";
-        User = cfg.user;
-        Group = cfg.group;
-        RuntimeDirectory = optional (cfg.socket == defaultSock) "opendmarc";
-        PermissionsStartOnly = true;
-      };
-    };
-
-  };
-}

diff --git a/modules/private/mail/milters.nix b/modules/private/mail/milters.nix
index 96c280066f44b966c55beee99fc7c12d2f961047..49c5dfdc573bdfc18d7c88e0134eaddd873ad783 100644 (file)
--- a/modules/private/mail/milters.nix
+++ b/modules/private/mail/milters.nix
@@ -1,7 +1,8 @@
 { lib, pkgs, config, name, ... }:
 {
   imports =
 { lib, pkgs, config, name, ... }:
 {
   imports =

-    builtins.attrValues (import ../../../lib/flake-compat.nix ../../../flakes/openarc).nixosModules;
+       builtins.attrValues (import ../../../lib/flake-compat.nix ../../../flakes/openarc).nixosModules
+    ++ builtins.attrValues (import ../../../lib/flake-compat.nix ../../../flakes/opendmarc).nixosModules;

 
   options.myServices.mail.milters.sockets = lib.mkOption {
     type = lib.types.attrsOf lib.types.path;
 
   options.myServices.mail.milters.sockets = lib.mkOption {
     type = lib.types.attrsOf lib.types.path;


@@ -32,20 +33,6 @@
         text = ''
           eldiron._domainkey   IN      TXT     ${config.myEnv.mail.dkim.eldiron.public}'';
       }
         text = ''
           eldiron._domainkey   IN      TXT     ${config.myEnv.mail.dkim.eldiron.public}'';
       }

-      {
-        dest = "opendmarc/ignore.hosts";
-        user = config.services.opendmarc.user;
-        group = config.services.opendmarc.group;
-        permissions = "0400";
-        text = let
-          mxes = lib.attrsets.filterAttrs
-            (n: v: v.mx.enable)
-            config.myEnv.servers;
-          in
-            builtins.concatStringsSep "\n" ([
-              config.myEnv.mail.dmarc.ignore_hosts
-            ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
-      }

     ];
     users.users."${config.services.opendkim.user}".extraGroups = [ "keys" ];
     services.opendkim = {
     ];
     users.users."${config.services.opendkim.user}".extraGroups = [ "keys" ];
     services.opendkim = {


@@ -79,33 +66,6 @@
       ];
     };
 
       ];
     };
 

-    users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
-    systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
-    services.opendmarc = {
-      enable = true;
-      socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
-      configFile = pkgs.writeText "opendmarc.conf" ''
-        AuthservID                  HOSTNAME
-        FailureReports              false
-        FailureReportsBcc           postmaster@immae.eu
-        FailureReportsOnNone        true
-        FailureReportsSentBy        postmaster@immae.eu
-        IgnoreAuthenticatedClients  true
-        IgnoreHosts                 ${config.secrets.fullPaths."opendmarc/ignore.hosts"}
-        SoftwareHeader              true
-        SPFIgnoreResults            true
-        SPFSelfValidate             true
-        UMask                       002
-        '';
-      group = config.services.postfix.group;
-    };
-    services.filesWatcher.opendmarc = {
-      restart = true;
-      paths = [
-        config.secrets.fullPaths."opendmarc/ignore.hosts"
-      ];
-    };
-

     systemd.services.milter_verify_from = {
       description  = "Verify from milter";
       after = [ "network.target" ];
     systemd.services.milter_verify_from = {
       description  = "Verify from milter";
       after = [ "network.target" ];

diff --git a/pkgs/default.nix b/pkgs/default.nix
index ff21a205819d97660bfc4f806c54afe2c3e09f49..5b347be537d49ddc0f3100cc59488d5df3408e96 100644 (file)
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -23,7 +23,7 @@ rec {
   notmuch-python3 = callPackage ./notmuch/notmuch-python { pythonPackages = python3Packages; };
   notmuch-vim = callPackage ./notmuch/notmuch-vim {};
   openarc = (mylibs.flakeCompat ../flakes/openarc).default;
   notmuch-python3 = callPackage ./notmuch/notmuch-python { pythonPackages = python3Packages; };
   notmuch-vim = callPackage ./notmuch/notmuch-vim {};
   openarc = (mylibs.flakeCompat ../flakes/openarc).default;

-  opendmarc = callPackage ./opendmarc { libspf2 = callPackage ./opendmarc/libspf2.nix {}; };
+  opendmarc = (mylibs.flakeCompat ../flakes/opendmarc).default;

   pg_activity = callPackage ./pg_activity { inherit mylibs; };
   pgloader = callPackage ./pgloader {};
   predixy = callPackage ./predixy { inherit mylibs; };
   pg_activity = callPackage ./pg_activity { inherit mylibs; };
   pgloader = callPackage ./pgloader {};
   predixy = callPackage ./predixy { inherit mylibs; };

diff --git a/pkgs/opendmarc/default.nix b/pkgs/opendmarc/default.nix
deleted file mode 100644 (file)
index 1c50248..0000000
--- a/pkgs/opendmarc/default.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ stdenv, fetchurl, pkgconfig, libbsd, openssl, libmilter , perl, makeWrapper, libspf2 }:
-
-stdenv.mkDerivation rec {
-  name = "opendmarc-${version}";
-  version = "1.3.2";
-
-  src = fetchurl {
-    url = "mirror://sourceforge/opendmarc/files/${name}.tar.gz";
-    sha256 = "1yrggj8yq0915y2i34gfz2xpl1w2lgb1vggp67rwspgzm40lng11";
-  };
-
-  configureFlags= [
-    "--with-spf"
-    "--with-spf2-include=${libspf2}/include/spf2"
-    "--with-spf2-lib=${libspf2}/lib/"
-    "--with-milter=${libmilter}"
-  ];
-
-  buildInputs = [ libspf2 libbsd openssl libmilter perl ];
-
-  meta = with stdenv.lib; {
-    description = "Free open source software implementation of the DMARC specification";
-    homepage = http://www.trusteddomain.org/opendmarc/;
-    platforms = platforms.unix;
-  };
-}

diff --git a/pkgs/opendmarc/libspf2.nix b/pkgs/opendmarc/libspf2.nix
deleted file mode 100644 (file)
index ca02d59..0000000
--- a/pkgs/opendmarc/libspf2.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-{ stdenv, file, fetchurl, fetchpatch, libnsl }:
-
-stdenv.mkDerivation rec {
-  name = "libspf2-${version}";
-  version = "1.2.10";
-
-  patches = [
-    (fetchpatch {
-      name = "fix-variadic-macros.patch";
-      url = "https://git.archlinux.org/svntogit/community.git/plain/trunk/fix-variadic-macros.patch?h=packages/libspf2";
-      sha256 = "00dqpcgjr9jy2qprgqv2qiyvq8y3wlz4yns9xzabf2064jzqh2ic";
-    })
-  ];
-  preConfigure = ''
-    sed -i -e "s@/usr/bin/file@${file}/bin/file@" ./configure
-    '';
-  configureFlags = [
-    "--enable-static"
-  ];
-  postInstall = ''
-    rm $out/bin/*_static
-    '';
-  src = fetchurl {
-    url = "https://www.libspf2.org/spf/${name}.tar.gz";
-    sha256 = "1j91p0qiipzf89qxq4m1wqhdf01hpn1h5xj4djbs51z23bl3s7nr";
-  };
-
-  buildInputs = [ libnsl ];
-
-  meta = with stdenv.lib; {
-    description = "Sender Policy Framework record checking library";
-    homepage = https://www.libspf2.org/;
-    platforms = platforms.unix;
-  };
-}