Add opendmarc flake

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2021-01-02 02:32:12 +0100
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2021-01-02 02:32:12 +0100
commit: a1a2455f53bde1235b221a842d3c888c51fcecac (patch)
tree: 33b2471d4397a876a6211a339dce8fc6801ddf3f /flakes/private
parent: 749623765bef80615fc21e73aff89521d262e277 (diff)
download: Nix-a1a2455f53bde1235b221a842d3c888c51fcecac.tar.gz
Nix-a1a2455f53bde1235b221a842d3c888c51fcecac.tar.zst
Nix-a1a2455f53bde1235b221a842d3c888c51fcecac.zip
1 files changed, 49 insertions, 0 deletions
diff --git a/flakes/private/opendmarc.nix b/flakes/private/opendmarc.nix
new file mode 100644
index 0000000..d6e8920
--- /dev/null
+++ b/flakes/private/opendmarc.nix
@@ -0,0 +1,49 @@
+pkgs:
+let
+  cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
+    users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
+    systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
+    services.opendmarc = {
+      enable = true;
+      socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
+      configFile = pkgs.writeText "opendmarc.conf" ''
+        AuthservID                  HOSTNAME
+        FailureReports              false
+        FailureReportsBcc           postmaster@immae.eu
+        FailureReportsOnNone        true
+        FailureReportsSentBy        postmaster@immae.eu
+        IgnoreAuthenticatedClients  true
+        IgnoreHosts                 ${config.secrets.fullPaths."opendmarc/ignore.hosts"}
+        SoftwareHeader              true
+        SPFIgnoreResults            true
+        SPFSelfValidate             true
+        UMask                       002
+        '';
+      group = config.services.postfix.group;
+    };
+    services.filesWatcher.opendmarc = {
+      restart = true;
+      paths = [
+        config.secrets.fullPaths."opendmarc/ignore.hosts"
+      ];
+    };
+    secrets.keys = [
+      {
+        dest = "opendmarc/ignore.hosts";
+        user = config.services.opendmarc.user;
+        group = config.services.opendmarc.group;
+        permissions = "0400";
+        text = let
+          mxes = lib.attrsets.filterAttrs
+            (n: v: v.mx.enable)
+            config.myEnv.servers;
+          in
+            builtins.concatStringsSep "\n" ([
+              config.myEnv.mail.dmarc.ignore_hosts
+            ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
+      }
+    ];
+  };
+in
+  pkgs.lib.genAttrs ["eldiron" "backup-2"] cfg
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2021-01-02 02:32:12 +0100
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2021-01-02 02:32:12 +0100
commit	a1a2455f53bde1235b221a842d3c888c51fcecac (patch)
tree	33b2471d4397a876a6211a339dce8fc6801ddf3f /flakes/private
parent	749623765bef80615fc21e73aff89521d262e277 (diff)
download	Nix-a1a2455f53bde1235b221a842d3c888c51fcecac.tar.gz Nix-a1a2455f53bde1235b221a842d3c888c51fcecac.tar.zst Nix-a1a2455f53bde1235b221a842d3c888c51fcecac.zip

diff --git a/flakes/private/opendmarc.nix b/flakes/private/opendmarc.nix new file mode 100644 index 0000000..d6e8920 --- /dev/null +++ b/flakes/private/opendmarc.nix
@@ -0,0 +1,49 @@
	1	pkgs:
	2	let
	3	cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
	4	users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
	5	systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
	6	services.opendmarc = {
	7	enable = true;
	8	socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
	9	configFile = pkgs.writeText "opendmarc.conf" ''
	10	AuthservID HOSTNAME
	11	FailureReports false
	12	FailureReportsBcc postmaster@immae.eu
	13	FailureReportsOnNone true
	14	FailureReportsSentBy postmaster@immae.eu
	15	IgnoreAuthenticatedClients true
	16	IgnoreHosts ${config.secrets.fullPaths."opendmarc/ignore.hosts"}
	17	SoftwareHeader true
	18	SPFIgnoreResults true
	19	SPFSelfValidate true
	20	UMask 002
	21	'';
	22	group = config.services.postfix.group;
	23	};
	24	services.filesWatcher.opendmarc = {
	25	restart = true;
	26	paths = [
	27	config.secrets.fullPaths."opendmarc/ignore.hosts"
	28	];
	29	};
	30	secrets.keys = [
	31	{
	32	dest = "opendmarc/ignore.hosts";
	33	user = config.services.opendmarc.user;
	34	group = config.services.opendmarc.group;
	35	permissions = "0400";
	36	text = let
	37	mxes = lib.attrsets.filterAttrs
	38	(n: v: v.mx.enable)
	39	config.myEnv.servers;
	40	in
	41	builtins.concatStringsSep "\n" ([
	42	config.myEnv.mail.dmarc.ignore_hosts
	43	] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
	44	}
	45	];
	46	};
	47	in
	48	pkgs.lib.genAttrs ["eldiron" "backup-2"] cfg
	49