Add opendmarc flake

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2021-01-02 02:32:12 +0100
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2021-01-02 02:32:12 +0100
commit: a1a2455f53bde1235b221a842d3c888c51fcecac (patch)
tree: 33b2471d4397a876a6211a339dce8fc6801ddf3f /flakes
parent: 749623765bef80615fc21e73aff89521d262e277 (diff)
download: Nix-a1a2455f53bde1235b221a842d3c888c51fcecac.tar.gz
Nix-a1a2455f53bde1235b221a842d3c888c51fcecac.tar.zst
Nix-a1a2455f53bde1235b221a842d3c888c51fcecac.zip
3 files changed, 306 insertions, 0 deletions
diff --git a/flakes/opendmarc/flake.lock b/flakes/opendmarc/flake.lock
new file mode 100644
index 0000000..9e6a869
--- /dev/null
+++ b/flakes/opendmarc/flake.lock
@@ -0,0 +1,112 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1609246779,
+        "narHash": "sha256-eq6ZXE/VWo3EMC65jmIT6H/rrUc9UWOWVujkzav025k=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "08c7ad4a0844adc4a7f9f5bb3beae482e789afa4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_2": {
+      "locked": {
+        "lastModified": 1609246779,
+        "narHash": "sha256-eq6ZXE/VWo3EMC65jmIT6H/rrUc9UWOWVujkzav025k=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "08c7ad4a0844adc4a7f9f5bb3beae482e789afa4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "libspf2": {
+      "inputs": {
+        "flake-utils": "flake-utils_2",
+        "nixpkgs": "nixpkgs"
+      },
+      "locked": {
+        "dir": "flakes/libspf2",
+        "lastModified": 1609548509,
+        "narHash": "sha256-d9gssVdKV0EaeDU/L5QgQpQwFuxWMbwNQ71i7z4LdDs=",
+        "ref": "master",
+        "rev": "749623765bef80615fc21e73aff89521d262e277",
+        "revCount": 796,
+        "type": "git",
+        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+      },
+      "original": {
+        "dir": "flakes/libspf2",
+        "type": "git",
+        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+      }
+    },
+    "myuids": {
+      "locked": {
+        "dir": "flakes/myuids",
+        "lastModified": 1609548509,
+        "narHash": "sha256-d9gssVdKV0EaeDU/L5QgQpQwFuxWMbwNQ71i7z4LdDs=",
+        "ref": "master",
+        "rev": "749623765bef80615fc21e73aff89521d262e277",
+        "revCount": 796,
+        "type": "git",
+        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+      },
+      "original": {
+        "dir": "flakes/myuids",
+        "type": "git",
+        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1597943282,
+        "narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1597943282,
+        "narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "libspf2": "libspf2",
+        "myuids": "myuids",
+        "nixpkgs": "nixpkgs_2"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flakes/opendmarc/flake.nix b/flakes/opendmarc/flake.nix
new file mode 100644
index 0000000..4d6354b
--- /dev/null
+++ b/flakes/opendmarc/flake.nix
@@ -0,0 +1,145 @@
+{
+  description = "Open source ARC implementation";
+  inputs.myuids = {
+    url = "https://git.immae.eu/perso/Immae/Config/Nix.git";
+    type = "git";
+    dir = "flakes/myuids";
+  };
+  inputs.libspf2 = {
+    url = "https://git.immae.eu/perso/Immae/Config/Nix.git";
+    type = "git";
+    dir = "flakes/libspf2";
+  };
+  inputs.flake-utils.url = "github:numtide/flake-utils";
+  inputs.nixpkgs.url = "github:NixOS/nixpkgs";
+  outputs = { self, myuids, libspf2, flake-utils, nixpkgs }: flake-utils.lib.eachSystem ["aarch64-linux" "i686-linux" "x86_64-linux"] (system:
+    let
+      libspf2' = libspf2.defaultPackage."${system}";
+      pkgs = import nixpkgs { inherit system; overlays = []; };
+      inherit (pkgs) fetchurl stdenv libbsd perl openssl libmilter file libnsl;
+    in rec {
+      packages.opendmarc = stdenv.mkDerivation rec {
+        pname = "opendmarc";
+        version = "1.3.2";
+        src = fetchurl {
+          url = "mirror://sourceforge/opendmarc/files/${pname}-${version}.tar.gz";
+          sha256 = "1yrggj8yq0915y2i34gfz2xpl1w2lgb1vggp67rwspgzm40lng11";
+        };
+        configureFlags= [
+          "--with-spf"
+          "--with-spf2-include=${libspf2'}/include/spf2"
+          "--with-spf2-lib=${libspf2'}/lib/"
+          "--with-milter=${libmilter}"
+        ];
+        buildInputs = [ libspf2' libbsd openssl libmilter perl libnsl ];
+        meta = {
+          description = "Free open source software implementation of the DMARC specification";
+          homepage = "http://www.trusteddomain.org/opendmarc/";
+          platforms = stdenv.lib.platforms.unix;
+        };
+      };
+      defaultPackage = packages.opendmarc;
+      legacyPackages.opendmarc = packages.opendmarc;
+      apps.opendmarc = flake-utils.lib.mkApp { drv = packages.opendmarc; };
+      defaultApp = apps.opendmarc;
+      hydraJobs = checks;
+      checks = {
+        build = defaultPackage;
+      } // pkgs.lib.optionalAttrs (builtins.elem system pkgs.lib.systems.doubles.linux) {
+        test =
+          let testing = import (nixpkgs + "/nixos/lib/testing-python.nix") { inherit system; };
+          in testing.makeTest {
+            nodes = {
+              server = { pkgs, ... }: {
+                imports = [ self.nixosModule ];
+                config.services.opendmarc.enable = true;
+              };
+            };
+            testScript = ''
+              start_all()
+              server.wait_for_unit("opendmarc.service")
+              server.succeed("[ -S /run/opendmarc/opendmarc.sock ]")
+            '';
+          };
+        };
+    }) // {
+     nixosModules = (if builtins.pathExists ../private/opendmarc.nix then import ../private/opendmarc.nix nixpkgs else {});
+     nixosModule = { config, lib, pkgs, ... }:
+       let
+         cfg = config.services.opendmarc;
+         defaultSock = "local:/run/opendmarc/opendmarc.sock";
+         args = [ "-f" "-l" "-p" cfg.socket ] ++ lib.optionals (cfg.configFile != null) [ "-c" cfg.configFile ];
+       in {
+         options = {
+           services.opendmarc = {
+             enable = lib.mkOption {
+               type = lib.types.bool;
+               default = false;
+               description = "Whether to enable the OpenDMARC sender authentication system.";
+             };
+             socket = lib.mkOption {
+               type = lib.types.str;
+               default = defaultSock;
+               description = "Socket which is used for communication with OpenDMARC.";
+             };
+             user = lib.mkOption {
+               type = lib.types.str;
+               default = "opendmarc";
+               description = "User for the daemon.";
+             };
+             group = lib.mkOption {
+               type = lib.types.str;
+               default = "opendmarc";
+               description = "Group for the daemon.";
+             };
+             configFile = lib.mkOption {
+               type = lib.types.nullOr lib.types.path;
+               default = null;
+               description = "Additional OpenDMARC configuration.";
+             };
+           };
+         };
+         config = lib.mkIf cfg.enable {
+           users.users = lib.optionalAttrs (cfg.user == "opendmarc") {
+             opendmarc = {
+               group = cfg.group;
+               uid = myuids.lib.uids.opendmarc;
+             };
+           };
+           users.groups = lib.optionalAttrs (cfg.group == "opendmarc") {
+             opendmarc.gid = myuids.lib.gids.opendmarc;
+           };
+           environment.systemPackages = [ self.defaultPackage."${pkgs.system}" ];
+           systemd.services.opendmarc = {
+             description = "OpenDMARC daemon";
+             after = [ "network.target" ];
+             wantedBy = [ "multi-user.target" ];
+             serviceConfig = {
+               ExecStart = "${self.defaultApp."${pkgs.system}".program} ${lib.escapeShellArgs args}";
+               User = cfg.user;
+               Group = cfg.group;
+               RuntimeDirectory = lib.optional (cfg.socket == defaultSock) "opendmarc";
+               PermissionsStartOnly = true;
+             };
+           };
+         };
+       };
+    };
+  }
diff --git a/flakes/private/opendmarc.nix b/flakes/private/opendmarc.nix
new file mode 100644
index 0000000..d6e8920
--- /dev/null
+++ b/flakes/private/opendmarc.nix
@@ -0,0 +1,49 @@
+pkgs:
+let
+  cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
+    users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
+    systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
+    services.opendmarc = {
+      enable = true;
+      socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
+      configFile = pkgs.writeText "opendmarc.conf" ''
+        AuthservID                  HOSTNAME
+        FailureReports              false
+        FailureReportsBcc           postmaster@immae.eu
+        FailureReportsOnNone        true
+        FailureReportsSentBy        postmaster@immae.eu
+        IgnoreAuthenticatedClients  true
+        IgnoreHosts                 ${config.secrets.fullPaths."opendmarc/ignore.hosts"}
+        SoftwareHeader              true
+        SPFIgnoreResults            true
+        SPFSelfValidate             true
+        UMask                       002
+        '';
+      group = config.services.postfix.group;
+    };
+    services.filesWatcher.opendmarc = {
+      restart = true;
+      paths = [
+        config.secrets.fullPaths."opendmarc/ignore.hosts"
+      ];
+    };
+    secrets.keys = [
+      {
+        dest = "opendmarc/ignore.hosts";
+        user = config.services.opendmarc.user;
+        group = config.services.opendmarc.group;
+        permissions = "0400";
+        text = let
+          mxes = lib.attrsets.filterAttrs
+            (n: v: v.mx.enable)
+            config.myEnv.servers;
+          in
+            builtins.concatStringsSep "\n" ([
+              config.myEnv.mail.dmarc.ignore_hosts
+            ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
+      }
+    ];
+  };
+in
+  pkgs.lib.genAttrs ["eldiron" "backup-2"] cfg
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2021-01-02 02:32:12 +0100
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2021-01-02 02:32:12 +0100
commit	a1a2455f53bde1235b221a842d3c888c51fcecac (patch)
tree	33b2471d4397a876a6211a339dce8fc6801ddf3f /flakes
parent	749623765bef80615fc21e73aff89521d262e277 (diff)
download	Nix-a1a2455f53bde1235b221a842d3c888c51fcecac.tar.gz Nix-a1a2455f53bde1235b221a842d3c888c51fcecac.tar.zst Nix-a1a2455f53bde1235b221a842d3c888c51fcecac.zip

diff --git a/flakes/opendmarc/flake.lock b/flakes/opendmarc/flake.lock new file mode 100644 index 0000000..9e6a869 --- /dev/null +++ b/flakes/opendmarc/flake.lock
@@ -0,0 +1,112 @@
	1	{
	2	"nodes": {
	3	"flake-utils": {
	4	"locked": {
	5	"lastModified": 1609246779,
	6	"narHash": "sha256-eq6ZXE/VWo3EMC65jmIT6H/rrUc9UWOWVujkzav025k=",
	7	"owner": "numtide",
	8	"repo": "flake-utils",
	9	"rev": "08c7ad4a0844adc4a7f9f5bb3beae482e789afa4",
	10	"type": "github"
	11	},
	12	"original": {
	13	"owner": "numtide",
	14	"repo": "flake-utils",
	15	"type": "github"
	16	}
	17	},
	18	"flake-utils_2": {
	19	"locked": {
	20	"lastModified": 1609246779,
	21	"narHash": "sha256-eq6ZXE/VWo3EMC65jmIT6H/rrUc9UWOWVujkzav025k=",
	22	"owner": "numtide",
	23	"repo": "flake-utils",
	24	"rev": "08c7ad4a0844adc4a7f9f5bb3beae482e789afa4",
	25	"type": "github"
	26	},
	27	"original": {
	28	"owner": "numtide",
	29	"repo": "flake-utils",
	30	"type": "github"
	31	}
	32	},
	33	"libspf2": {
	34	"inputs": {
	35	"flake-utils": "flake-utils_2",
	36	"nixpkgs": "nixpkgs"
	37	},
	38	"locked": {
	39	"dir": "flakes/libspf2",
	40	"lastModified": 1609548509,
	41	"narHash": "sha256-d9gssVdKV0EaeDU/L5QgQpQwFuxWMbwNQ71i7z4LdDs=",
	42	"ref": "master",
	43	"rev": "749623765bef80615fc21e73aff89521d262e277",
	44	"revCount": 796,
	45	"type": "git",
	46	"url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
	47	},
	48	"original": {
	49	"dir": "flakes/libspf2",
	50	"type": "git",
	51	"url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
	52	}
	53	},
	54	"myuids": {
	55	"locked": {
	56	"dir": "flakes/myuids",
	57	"lastModified": 1609548509,
	58	"narHash": "sha256-d9gssVdKV0EaeDU/L5QgQpQwFuxWMbwNQ71i7z4LdDs=",
	59	"ref": "master",
	60	"rev": "749623765bef80615fc21e73aff89521d262e277",
	61	"revCount": 796,
	62	"type": "git",
	63	"url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
	64	},
	65	"original": {
	66	"dir": "flakes/myuids",
	67	"type": "git",
	68	"url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
	69	}
	70	},
	71	"nixpkgs": {
	72	"locked": {
	73	"lastModified": 1597943282,
	74	"narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=",
	75	"owner": "NixOS",
	76	"repo": "nixpkgs",
	77	"rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38",
	78	"type": "github"
	79	},
	80	"original": {
	81	"owner": "NixOS",
	82	"repo": "nixpkgs",
	83	"type": "github"
	84	}
	85	},
	86	"nixpkgs_2": {
	87	"locked": {
	88	"lastModified": 1597943282,
	89	"narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=",
	90	"owner": "NixOS",
	91	"repo": "nixpkgs",
	92	"rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38",
	93	"type": "github"
	94	},
	95	"original": {
	96	"owner": "NixOS",
	97	"repo": "nixpkgs",
	98	"type": "github"
	99	}
	100	},
	101	"root": {
	102	"inputs": {
	103	"flake-utils": "flake-utils",
	104	"libspf2": "libspf2",
	105	"myuids": "myuids",
	106	"nixpkgs": "nixpkgs_2"
	107	}
	108	}
	109	},
	110	"root": "root",
	111	"version": 7
	112	}


diff --git a/flakes/opendmarc/flake.nix b/flakes/opendmarc/flake.nix new file mode 100644 index 0000000..4d6354b --- /dev/null +++ b/flakes/opendmarc/flake.nix
@@ -0,0 +1,145 @@
	1	{
	2	description = "Open source ARC implementation";
	3
	4	inputs.myuids = {
	5	url = "https://git.immae.eu/perso/Immae/Config/Nix.git";
	6	type = "git";
	7	dir = "flakes/myuids";
	8	};
	9	inputs.libspf2 = {
	10	url = "https://git.immae.eu/perso/Immae/Config/Nix.git";
	11	type = "git";
	12	dir = "flakes/libspf2";
	13	};
	14	inputs.flake-utils.url = "github:numtide/flake-utils";
	15	inputs.nixpkgs.url = "github:NixOS/nixpkgs";
	16
	17	outputs = { self, myuids, libspf2, flake-utils, nixpkgs }: flake-utils.lib.eachSystem ["aarch64-linux" "i686-linux" "x86_64-linux"] (system:
	18	let
	19	libspf2' = libspf2.defaultPackage."${system}";
	20	pkgs = import nixpkgs { inherit system; overlays = []; };
	21	inherit (pkgs) fetchurl stdenv libbsd perl openssl libmilter file libnsl;
	22	in rec {
	23	packages.opendmarc = stdenv.mkDerivation rec {
	24	pname = "opendmarc";
	25	version = "1.3.2";
	26
	27	src = fetchurl {
	28	url = "mirror://sourceforge/opendmarc/files/${pname}-${version}.tar.gz";
	29	sha256 = "1yrggj8yq0915y2i34gfz2xpl1w2lgb1vggp67rwspgzm40lng11";
	30	};
	31
	32	configureFlags= [
	33	"--with-spf"
	34	"--with-spf2-include=${libspf2'}/include/spf2"
	35	"--with-spf2-lib=${libspf2'}/lib/"
	36	"--with-milter=${libmilter}"
	37	];
	38
	39	buildInputs = [ libspf2' libbsd openssl libmilter perl libnsl ];
	40
	41	meta = {
	42	description = "Free open source software implementation of the DMARC specification";
	43	homepage = "http://www.trusteddomain.org/opendmarc/";
	44	platforms = stdenv.lib.platforms.unix;
	45	};
	46	};
	47
	48	defaultPackage = packages.opendmarc;
	49	legacyPackages.opendmarc = packages.opendmarc;
	50	apps.opendmarc = flake-utils.lib.mkApp { drv = packages.opendmarc; };
	51	defaultApp = apps.opendmarc;
	52	hydraJobs = checks;
	53	checks = {
	54	build = defaultPackage;
	55	} // pkgs.lib.optionalAttrs (builtins.elem system pkgs.lib.systems.doubles.linux) {
	56	test =
	57	let testing = import (nixpkgs + "/nixos/lib/testing-python.nix") { inherit system; };
	58	in testing.makeTest {
	59	nodes = {
	60	server = { pkgs, ... }: {
	61	imports = [ self.nixosModule ];
	62	config.services.opendmarc.enable = true;
	63	};
	64	};
	65	testScript = ''
	66	start_all()
	67	server.wait_for_unit("opendmarc.service")
	68	server.succeed("[ -S /run/opendmarc/opendmarc.sock ]")
	69	'';
	70	};
	71	};
	72	}) // {
	73	nixosModules = (if builtins.pathExists ../private/opendmarc.nix then import ../private/opendmarc.nix nixpkgs else {});
	74	nixosModule = { config, lib, pkgs, ... }:
	75	let
	76	cfg = config.services.opendmarc;
	77	defaultSock = "local:/run/opendmarc/opendmarc.sock";
	78	args = [ "-f" "-l" "-p" cfg.socket ] ++ lib.optionals (cfg.configFile != null) [ "-c" cfg.configFile ];
	79	in {
	80	options = {
	81	services.opendmarc = {
	82	enable = lib.mkOption {
	83	type = lib.types.bool;
	84	default = false;
	85	description = "Whether to enable the OpenDMARC sender authentication system.";
	86	};
	87
	88	socket = lib.mkOption {
	89	type = lib.types.str;
	90	default = defaultSock;
	91	description = "Socket which is used for communication with OpenDMARC.";
	92	};
	93
	94	user = lib.mkOption {
	95	type = lib.types.str;
	96	default = "opendmarc";
	97	description = "User for the daemon.";
	98	};
	99
	100	group = lib.mkOption {
	101	type = lib.types.str;
	102	default = "opendmarc";
	103	description = "Group for the daemon.";
	104	};
	105
	106	configFile = lib.mkOption {
	107	type = lib.types.nullOr lib.types.path;
	108	default = null;
	109	description = "Additional OpenDMARC configuration.";
	110	};
	111
	112	};
	113	};
	114
	115	config = lib.mkIf cfg.enable {
	116	users.users = lib.optionalAttrs (cfg.user == "opendmarc") {
	117	opendmarc = {
	118	group = cfg.group;
	119	uid = myuids.lib.uids.opendmarc;
	120	};
	121	};
	122
	123	users.groups = lib.optionalAttrs (cfg.group == "opendmarc") {
	124	opendmarc.gid = myuids.lib.gids.opendmarc;
	125	};
	126
	127	environment.systemPackages = [ self.defaultPackage."${pkgs.system}" ];
	128
	129	systemd.services.opendmarc = {
	130	description = "OpenDMARC daemon";
	131	after = [ "network.target" ];
	132	wantedBy = [ "multi-user.target" ];
	133
	134	serviceConfig = {
	135	ExecStart = "${self.defaultApp."${pkgs.system}".program} ${lib.escapeShellArgs args}";
	136	User = cfg.user;
	137	Group = cfg.group;
	138	RuntimeDirectory = lib.optional (cfg.socket == defaultSock) "opendmarc";
	139	PermissionsStartOnly = true;
	140	};
	141	};
	142	};
	143	};
	144	};
	145	}


diff --git a/flakes/private/opendmarc.nix b/flakes/private/opendmarc.nix new file mode 100644 index 0000000..d6e8920 --- /dev/null +++ b/flakes/private/opendmarc.nix
@@ -0,0 +1,49 @@
	1	pkgs:
	2	let
	3	cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
	4	users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
	5	systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
	6	services.opendmarc = {
	7	enable = true;
	8	socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
	9	configFile = pkgs.writeText "opendmarc.conf" ''
	10	AuthservID HOSTNAME
	11	FailureReports false
	12	FailureReportsBcc postmaster@immae.eu
	13	FailureReportsOnNone true
	14	FailureReportsSentBy postmaster@immae.eu
	15	IgnoreAuthenticatedClients true
	16	IgnoreHosts ${config.secrets.fullPaths."opendmarc/ignore.hosts"}
	17	SoftwareHeader true
	18	SPFIgnoreResults true
	19	SPFSelfValidate true
	20	UMask 002
	21	'';
	22	group = config.services.postfix.group;
	23	};
	24	services.filesWatcher.opendmarc = {
	25	restart = true;
	26	paths = [
	27	config.secrets.fullPaths."opendmarc/ignore.hosts"
	28	];
	29	};
	30	secrets.keys = [
	31	{
	32	dest = "opendmarc/ignore.hosts";
	33	user = config.services.opendmarc.user;
	34	group = config.services.opendmarc.group;
	35	permissions = "0400";
	36	text = let
	37	mxes = lib.attrsets.filterAttrs
	38	(n: v: v.mx.enable)
	39	config.myEnv.servers;
	40	in
	41	builtins.concatStringsSep "\n" ([
	42	config.myEnv.mail.dmarc.ignore_hosts
	43	] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
	44	}
	45	];
	46	};
	47	in
	48	pkgs.lib.genAttrs ["eldiron" "backup-2"] cfg
	49