diff options
Diffstat (limited to 'flakes/opendmarc/flake.nix')
-rw-r--r-- | flakes/opendmarc/flake.nix | 145 |
1 files changed, 145 insertions, 0 deletions
diff --git a/flakes/opendmarc/flake.nix b/flakes/opendmarc/flake.nix new file mode 100644 index 0000000..4d6354b --- /dev/null +++ b/flakes/opendmarc/flake.nix | |||
@@ -0,0 +1,145 @@ | |||
1 | { | ||
2 | description = "Open source ARC implementation"; | ||
3 | |||
4 | inputs.myuids = { | ||
5 | url = "https://git.immae.eu/perso/Immae/Config/Nix.git"; | ||
6 | type = "git"; | ||
7 | dir = "flakes/myuids"; | ||
8 | }; | ||
9 | inputs.libspf2 = { | ||
10 | url = "https://git.immae.eu/perso/Immae/Config/Nix.git"; | ||
11 | type = "git"; | ||
12 | dir = "flakes/libspf2"; | ||
13 | }; | ||
14 | inputs.flake-utils.url = "github:numtide/flake-utils"; | ||
15 | inputs.nixpkgs.url = "github:NixOS/nixpkgs"; | ||
16 | |||
17 | outputs = { self, myuids, libspf2, flake-utils, nixpkgs }: flake-utils.lib.eachSystem ["aarch64-linux" "i686-linux" "x86_64-linux"] (system: | ||
18 | let | ||
19 | libspf2' = libspf2.defaultPackage."${system}"; | ||
20 | pkgs = import nixpkgs { inherit system; overlays = []; }; | ||
21 | inherit (pkgs) fetchurl stdenv libbsd perl openssl libmilter file libnsl; | ||
22 | in rec { | ||
23 | packages.opendmarc = stdenv.mkDerivation rec { | ||
24 | pname = "opendmarc"; | ||
25 | version = "1.3.2"; | ||
26 | |||
27 | src = fetchurl { | ||
28 | url = "mirror://sourceforge/opendmarc/files/${pname}-${version}.tar.gz"; | ||
29 | sha256 = "1yrggj8yq0915y2i34gfz2xpl1w2lgb1vggp67rwspgzm40lng11"; | ||
30 | }; | ||
31 | |||
32 | configureFlags= [ | ||
33 | "--with-spf" | ||
34 | "--with-spf2-include=${libspf2'}/include/spf2" | ||
35 | "--with-spf2-lib=${libspf2'}/lib/" | ||
36 | "--with-milter=${libmilter}" | ||
37 | ]; | ||
38 | |||
39 | buildInputs = [ libspf2' libbsd openssl libmilter perl libnsl ]; | ||
40 | |||
41 | meta = { | ||
42 | description = "Free open source software implementation of the DMARC specification"; | ||
43 | homepage = "http://www.trusteddomain.org/opendmarc/"; | ||
44 | platforms = stdenv.lib.platforms.unix; | ||
45 | }; | ||
46 | }; | ||
47 | |||
48 | defaultPackage = packages.opendmarc; | ||
49 | legacyPackages.opendmarc = packages.opendmarc; | ||
50 | apps.opendmarc = flake-utils.lib.mkApp { drv = packages.opendmarc; }; | ||
51 | defaultApp = apps.opendmarc; | ||
52 | hydraJobs = checks; | ||
53 | checks = { | ||
54 | build = defaultPackage; | ||
55 | } // pkgs.lib.optionalAttrs (builtins.elem system pkgs.lib.systems.doubles.linux) { | ||
56 | test = | ||
57 | let testing = import (nixpkgs + "/nixos/lib/testing-python.nix") { inherit system; }; | ||
58 | in testing.makeTest { | ||
59 | nodes = { | ||
60 | server = { pkgs, ... }: { | ||
61 | imports = [ self.nixosModule ]; | ||
62 | config.services.opendmarc.enable = true; | ||
63 | }; | ||
64 | }; | ||
65 | testScript = '' | ||
66 | start_all() | ||
67 | server.wait_for_unit("opendmarc.service") | ||
68 | server.succeed("[ -S /run/opendmarc/opendmarc.sock ]") | ||
69 | ''; | ||
70 | }; | ||
71 | }; | ||
72 | }) // { | ||
73 | nixosModules = (if builtins.pathExists ../private/opendmarc.nix then import ../private/opendmarc.nix nixpkgs else {}); | ||
74 | nixosModule = { config, lib, pkgs, ... }: | ||
75 | let | ||
76 | cfg = config.services.opendmarc; | ||
77 | defaultSock = "local:/run/opendmarc/opendmarc.sock"; | ||
78 | args = [ "-f" "-l" "-p" cfg.socket ] ++ lib.optionals (cfg.configFile != null) [ "-c" cfg.configFile ]; | ||
79 | in { | ||
80 | options = { | ||
81 | services.opendmarc = { | ||
82 | enable = lib.mkOption { | ||
83 | type = lib.types.bool; | ||
84 | default = false; | ||
85 | description = "Whether to enable the OpenDMARC sender authentication system."; | ||
86 | }; | ||
87 | |||
88 | socket = lib.mkOption { | ||
89 | type = lib.types.str; | ||
90 | default = defaultSock; | ||
91 | description = "Socket which is used for communication with OpenDMARC."; | ||
92 | }; | ||
93 | |||
94 | user = lib.mkOption { | ||
95 | type = lib.types.str; | ||
96 | default = "opendmarc"; | ||
97 | description = "User for the daemon."; | ||
98 | }; | ||
99 | |||
100 | group = lib.mkOption { | ||
101 | type = lib.types.str; | ||
102 | default = "opendmarc"; | ||
103 | description = "Group for the daemon."; | ||
104 | }; | ||
105 | |||
106 | configFile = lib.mkOption { | ||
107 | type = lib.types.nullOr lib.types.path; | ||
108 | default = null; | ||
109 | description = "Additional OpenDMARC configuration."; | ||
110 | }; | ||
111 | |||
112 | }; | ||
113 | }; | ||
114 | |||
115 | config = lib.mkIf cfg.enable { | ||
116 | users.users = lib.optionalAttrs (cfg.user == "opendmarc") { | ||
117 | opendmarc = { | ||
118 | group = cfg.group; | ||
119 | uid = myuids.lib.uids.opendmarc; | ||
120 | }; | ||
121 | }; | ||
122 | |||
123 | users.groups = lib.optionalAttrs (cfg.group == "opendmarc") { | ||
124 | opendmarc.gid = myuids.lib.gids.opendmarc; | ||
125 | }; | ||
126 | |||
127 | environment.systemPackages = [ self.defaultPackage."${pkgs.system}" ]; | ||
128 | |||
129 | systemd.services.opendmarc = { | ||
130 | description = "OpenDMARC daemon"; | ||
131 | after = [ "network.target" ]; | ||
132 | wantedBy = [ "multi-user.target" ]; | ||
133 | |||
134 | serviceConfig = { | ||
135 | ExecStart = "${self.defaultApp."${pkgs.system}".program} ${lib.escapeShellArgs args}"; | ||
136 | User = cfg.user; | ||
137 | Group = cfg.group; | ||
138 | RuntimeDirectory = lib.optional (cfg.socket == defaultSock) "opendmarc"; | ||
139 | PermissionsStartOnly = true; | ||
140 | }; | ||
141 | }; | ||
142 | }; | ||
143 | }; | ||
144 | }; | ||
145 | } | ||