diff options
Diffstat (limited to 'flakes/private/opendmarc/flake.nix')
-rw-r--r-- | flakes/private/opendmarc/flake.nix | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/flakes/private/opendmarc/flake.nix b/flakes/private/opendmarc/flake.nix new file mode 100644 index 0000000..9aeb3db --- /dev/null +++ b/flakes/private/opendmarc/flake.nix | |||
@@ -0,0 +1,60 @@ | |||
1 | { | ||
2 | inputs.opendmarc = { | ||
3 | url = "https://git.immae.eu/perso/Immae/Config/Nix.git"; | ||
4 | type = "git"; | ||
5 | dir = "flakes/opendmarc"; | ||
6 | }; | ||
7 | inputs.nixpkgs.url = "github:NixOS/nixpkgs"; | ||
8 | |||
9 | description = "Private configuration for opendmarc"; | ||
10 | outputs = { self, nixpkgs, opendmarc }: | ||
11 | let | ||
12 | cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') { | ||
13 | users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ]; | ||
14 | systemd.services.opendmarc.serviceConfig.Slice = "mail.slice"; | ||
15 | services.opendmarc = { | ||
16 | enable = true; | ||
17 | socket = "local:${config.myServices.mail.milters.sockets.opendmarc}"; | ||
18 | configFile = pkgs.writeText "opendmarc.conf" '' | ||
19 | AuthservID HOSTNAME | ||
20 | FailureReports false | ||
21 | FailureReportsBcc postmaster@immae.eu | ||
22 | FailureReportsOnNone true | ||
23 | FailureReportsSentBy postmaster@immae.eu | ||
24 | IgnoreAuthenticatedClients true | ||
25 | IgnoreHosts ${config.secrets.fullPaths."opendmarc/ignore.hosts"} | ||
26 | SoftwareHeader true | ||
27 | SPFIgnoreResults true | ||
28 | SPFSelfValidate true | ||
29 | UMask 002 | ||
30 | ''; | ||
31 | group = config.services.postfix.group; | ||
32 | }; | ||
33 | services.filesWatcher.opendmarc = { | ||
34 | restart = true; | ||
35 | paths = [ | ||
36 | config.secrets.fullPaths."opendmarc/ignore.hosts" | ||
37 | ]; | ||
38 | }; | ||
39 | secrets.keys = [ | ||
40 | { | ||
41 | dest = "opendmarc/ignore.hosts"; | ||
42 | user = config.services.opendmarc.user; | ||
43 | group = config.services.opendmarc.group; | ||
44 | permissions = "0400"; | ||
45 | text = let | ||
46 | mxes = lib.attrsets.filterAttrs | ||
47 | (n: v: v.mx.enable) | ||
48 | config.myEnv.servers; | ||
49 | in | ||
50 | builtins.concatStringsSep "\n" ([ | ||
51 | config.myEnv.mail.dmarc.ignore_hosts | ||
52 | ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes); | ||
53 | } | ||
54 | ]; | ||
55 | }; | ||
56 | in | ||
57 | opendmarc.outputs // | ||
58 | { nixosModules = opendmarc.nixosModules or {} // nixpkgs.lib.genAttrs ["eldiron" "backup-2"] cfg; }; | ||
59 | } | ||
60 | |||