aboutsummaryrefslogtreecommitdiff
path: root/flakes/private/opendmarc/flake.nix
diff options
context:
space:
mode:
Diffstat (limited to 'flakes/private/opendmarc/flake.nix')
-rw-r--r--flakes/private/opendmarc/flake.nix95
1 files changed, 53 insertions, 42 deletions
diff --git a/flakes/private/opendmarc/flake.nix b/flakes/private/opendmarc/flake.nix
index ae96c30..4b54ccf 100644
--- a/flakes/private/opendmarc/flake.nix
+++ b/flakes/private/opendmarc/flake.nix
@@ -3,54 +3,65 @@
3 path = "../../opendmarc"; 3 path = "../../opendmarc";
4 type = "path"; 4 type = "path";
5 }; 5 };
6 inputs.files-watcher = {
7 path = "../../files-watcher";
8 type = "path";
9 };
10 inputs.my-lib = {
11 path = "../../lib";
12 type = "path";
13 };
6 inputs.nix-lib.url = "github:NixOS/nixpkgs"; 14 inputs.nix-lib.url = "github:NixOS/nixpkgs";
7 15
8 description = "Private configuration for opendmarc"; 16 description = "Private configuration for opendmarc";
9 outputs = { self, nix-lib, opendmarc }: 17 outputs = { self, nix-lib, opendmarc, my-lib, files-watcher }:
10 let 18 let
11 cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') { 19 cfg = name': { config, lib, pkgs, name, ... }: {
12 users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ]; 20 imports = [ (my-lib.lib.withNarKey files-watcher "nixosModule") ];
13 systemd.services.opendmarc.serviceConfig.Slice = "mail.slice"; 21 config = lib.mkIf (name == name') {
14 services.opendmarc = { 22 users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
15 enable = true; 23 systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
16 socket = "local:${config.myServices.mail.milters.sockets.opendmarc}"; 24 services.opendmarc = {
17 configFile = pkgs.writeText "opendmarc.conf" '' 25 enable = true;
18 AuthservID HOSTNAME 26 socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
19 FailureReports false 27 configFile = pkgs.writeText "opendmarc.conf" ''
20 FailureReportsBcc postmaster@immae.eu 28 AuthservID HOSTNAME
21 FailureReportsOnNone true 29 FailureReports false
22 FailureReportsSentBy postmaster@immae.eu 30 FailureReportsBcc postmaster@immae.eu
23 IgnoreAuthenticatedClients true 31 FailureReportsOnNone true
24 IgnoreHosts ${config.secrets.fullPaths."opendmarc/ignore.hosts"} 32 FailureReportsSentBy postmaster@immae.eu
25 SoftwareHeader true 33 IgnoreAuthenticatedClients true
26 SPFIgnoreResults true 34 IgnoreHosts ${config.secrets.fullPaths."opendmarc/ignore.hosts"}
27 SPFSelfValidate true 35 SoftwareHeader true
28 UMask 002 36 SPFIgnoreResults true
29 ''; 37 SPFSelfValidate true
30 group = config.services.postfix.group; 38 UMask 002
31 }; 39 '';
32 services.filesWatcher.opendmarc = { 40 group = config.services.postfix.group;
33 restart = true; 41 };
34 paths = [ 42 services.filesWatcher.opendmarc = {
35 config.secrets.fullPaths."opendmarc/ignore.hosts" 43 restart = true;
44 paths = [
45 config.secrets.fullPaths."opendmarc/ignore.hosts"
46 ];
47 };
48 secrets.keys = [
49 {
50 dest = "opendmarc/ignore.hosts";
51 user = config.services.opendmarc.user;
52 group = config.services.opendmarc.group;
53 permissions = "0400";
54 text = let
55 mxes = lib.attrsets.filterAttrs
56 (n: v: v.mx.enable)
57 config.myEnv.servers;
58 in
59 builtins.concatStringsSep "\n" ([
60 config.myEnv.mail.dmarc.ignore_hosts
61 ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
62 }
36 ]; 63 ];
37 }; 64 };
38 secrets.keys = [
39 {
40 dest = "opendmarc/ignore.hosts";
41 user = config.services.opendmarc.user;
42 group = config.services.opendmarc.group;
43 permissions = "0400";
44 text = let
45 mxes = lib.attrsets.filterAttrs
46 (n: v: v.mx.enable)
47 config.myEnv.servers;
48 in
49 builtins.concatStringsSep "\n" ([
50 config.myEnv.mail.dmarc.ignore_hosts
51 ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
52 }
53 ];
54 }; 65 };
55 in 66 in
56 opendmarc.outputs // 67 opendmarc.outputs //
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-18 11:39:36 +0000