2 files changed, 208 insertions, 0 deletions
diff --git a/flakes/private/opendmarc/flake.lock b/flakes/private/opendmarc/flake.lock
new file mode 100644
index 0000000..867dcbc
--- /dev/null
+++ b/flakes/private/opendmarc/flake.lock
@@ -0,0 +1,148 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1609246779,
+        "narHash": "sha256-eq6ZXE/VWo3EMC65jmIT6H/rrUc9UWOWVujkzav025k=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "08c7ad4a0844adc4a7f9f5bb3beae482e789afa4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_2": {
+      "locked": {
+        "lastModified": 1609246779,
+        "narHash": "sha256-eq6ZXE/VWo3EMC65jmIT6H/rrUc9UWOWVujkzav025k=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "08c7ad4a0844adc4a7f9f5bb3beae482e789afa4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "libspf2": {
+      "inputs": {
+        "flake-utils": "flake-utils_2",
+        "nixpkgs": "nixpkgs_2"
+      },
+      "locked": {
+        "dir": "flakes/libspf2",
+        "lastModified": 1609548509,
+        "narHash": "sha256-d9gssVdKV0EaeDU/L5QgQpQwFuxWMbwNQ71i7z4LdDs=",
+        "ref": "master",
+        "rev": "749623765bef80615fc21e73aff89521d262e277",
+        "revCount": 796,
+        "type": "git",
+        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+      },
+      "original": {
+        "dir": "flakes/libspf2",
+        "type": "git",
+        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+      }
+    },
+    "myuids": {
+      "locked": {
+        "dir": "flakes/myuids",
+        "lastModified": 1609548509,
+        "narHash": "sha256-d9gssVdKV0EaeDU/L5QgQpQwFuxWMbwNQ71i7z4LdDs=",
+        "ref": "master",
+        "rev": "749623765bef80615fc21e73aff89521d262e277",
+        "revCount": 796,
+        "type": "git",
+        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+      },
+      "original": {
+        "dir": "flakes/myuids",
+        "type": "git",
+        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1611218116,
+        "narHash": "sha256-CcyGZ8cLlHgiViWyBjRIjdsdRZxJjP2MgtWeuqSv3CE=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "30ab92ea31f6b7e9095b1e7e4b56a5000823efdf",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1597943282,
+        "narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
+      "locked": {
+        "lastModified": 1597943282,
+        "narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "opendmarc": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "libspf2": "libspf2",
+        "myuids": "myuids",
+        "nixpkgs": "nixpkgs_3"
+      },
+      "locked": {
+        "dir": "flakes/opendmarc",
+        "lastModified": 1611091761,
+        "narHash": "sha256-fE3FBeUxVaMezKjEpepdQW9apOza+0AfBALFhaaD0VA=",
+        "ref": "master",
+        "rev": "23f9fdf03a6673dbe334ae33be4f498cc4753191",
+        "revCount": 802,
+        "type": "git",
+        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+      },
+      "original": {
+        "dir": "flakes/opendmarc",
+        "type": "git",
+        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs",
+        "opendmarc": "opendmarc"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flakes/private/opendmarc/flake.nix b/flakes/private/opendmarc/flake.nix
new file mode 100644
index 0000000..9aeb3db
--- /dev/null
+++ b/flakes/private/opendmarc/flake.nix
@@ -0,0 +1,60 @@
+{
+  inputs.opendmarc = {
+    url = "https://git.immae.eu/perso/Immae/Config/Nix.git";
+    type = "git";
+    dir = "flakes/opendmarc";
+  };
+  inputs.nixpkgs.url = "github:NixOS/nixpkgs";
+  description = "Private configuration for opendmarc";
+  outputs = { self, nixpkgs, opendmarc }:
+    let
+      cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
+        users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
+        systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
+        services.opendmarc = {
+          enable = true;
+          socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
+          configFile = pkgs.writeText "opendmarc.conf" ''
+            AuthservID                  HOSTNAME
+            FailureReports              false
+            FailureReportsBcc           postmaster@immae.eu
+            FailureReportsOnNone        true
+            FailureReportsSentBy        postmaster@immae.eu
+            IgnoreAuthenticatedClients  true
+            IgnoreHosts                 ${config.secrets.fullPaths."opendmarc/ignore.hosts"}
+            SoftwareHeader              true
+            SPFIgnoreResults            true
+            SPFSelfValidate             true
+            UMask                       002
+            '';
+          group = config.services.postfix.group;
+        };
+        services.filesWatcher.opendmarc = {
+          restart = true;
+          paths = [
+            config.secrets.fullPaths."opendmarc/ignore.hosts"
+          ];
+        };
+        secrets.keys = [
+          {
+            dest = "opendmarc/ignore.hosts";
+            user = config.services.opendmarc.user;
+            group = config.services.opendmarc.group;
+            permissions = "0400";
+            text = let
+              mxes = lib.attrsets.filterAttrs
+                (n: v: v.mx.enable)
+                config.myEnv.servers;
+              in
+                builtins.concatStringsSep "\n" ([
+                  config.myEnv.mail.dmarc.ignore_hosts
+                ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
+          }
+        ];
+      };
+    in
+      opendmarc.outputs //
+      { nixosModules = opendmarc.nixosModules or {} // nixpkgs.lib.genAttrs ["eldiron" "backup-2"] cfg; };
+}

diff --git a/flakes/private/opendmarc/flake.lock b/flakes/private/opendmarc/flake.lock new file mode 100644 index 0000000..867dcbc --- /dev/null +++ b/flakes/private/opendmarc/flake.lock
@@ -0,0 +1,148 @@
	1	{
	2	"nodes": {
	3	"flake-utils": {
	4	"locked": {
	5	"lastModified": 1609246779,
	6	"narHash": "sha256-eq6ZXE/VWo3EMC65jmIT6H/rrUc9UWOWVujkzav025k=",
	7	"owner": "numtide",
	8	"repo": "flake-utils",
	9	"rev": "08c7ad4a0844adc4a7f9f5bb3beae482e789afa4",
	10	"type": "github"
	11	},
	12	"original": {
	13	"owner": "numtide",
	14	"repo": "flake-utils",
	15	"type": "github"
	16	}
	17	},
	18	"flake-utils_2": {
	19	"locked": {
	20	"lastModified": 1609246779,
	21	"narHash": "sha256-eq6ZXE/VWo3EMC65jmIT6H/rrUc9UWOWVujkzav025k=",
	22	"owner": "numtide",
	23	"repo": "flake-utils",
	24	"rev": "08c7ad4a0844adc4a7f9f5bb3beae482e789afa4",
	25	"type": "github"
	26	},
	27	"original": {
	28	"owner": "numtide",
	29	"repo": "flake-utils",
	30	"type": "github"
	31	}
	32	},
	33	"libspf2": {
	34	"inputs": {
	35	"flake-utils": "flake-utils_2",
	36	"nixpkgs": "nixpkgs_2"
	37	},
	38	"locked": {
	39	"dir": "flakes/libspf2",
	40	"lastModified": 1609548509,
	41	"narHash": "sha256-d9gssVdKV0EaeDU/L5QgQpQwFuxWMbwNQ71i7z4LdDs=",
	42	"ref": "master",
	43	"rev": "749623765bef80615fc21e73aff89521d262e277",
	44	"revCount": 796,
	45	"type": "git",
	46	"url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
	47	},
	48	"original": {
	49	"dir": "flakes/libspf2",
	50	"type": "git",
	51	"url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
	52	}
	53	},
	54	"myuids": {
	55	"locked": {
	56	"dir": "flakes/myuids",
	57	"lastModified": 1609548509,
	58	"narHash": "sha256-d9gssVdKV0EaeDU/L5QgQpQwFuxWMbwNQ71i7z4LdDs=",
	59	"ref": "master",
	60	"rev": "749623765bef80615fc21e73aff89521d262e277",
	61	"revCount": 796,
	62	"type": "git",
	63	"url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
	64	},
	65	"original": {
	66	"dir": "flakes/myuids",
	67	"type": "git",
	68	"url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
	69	}
	70	},
	71	"nixpkgs": {
	72	"locked": {
	73	"lastModified": 1611218116,
	74	"narHash": "sha256-CcyGZ8cLlHgiViWyBjRIjdsdRZxJjP2MgtWeuqSv3CE=",
	75	"owner": "NixOS",
	76	"repo": "nixpkgs",
	77	"rev": "30ab92ea31f6b7e9095b1e7e4b56a5000823efdf",
	78	"type": "github"
	79	},
	80	"original": {
	81	"owner": "NixOS",
	82	"repo": "nixpkgs",
	83	"type": "github"
	84	}
	85	},
	86	"nixpkgs_2": {
	87	"locked": {
	88	"lastModified": 1597943282,
	89	"narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=",
	90	"owner": "NixOS",
	91	"repo": "nixpkgs",
	92	"rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38",
	93	"type": "github"
	94	},
	95	"original": {
	96	"owner": "NixOS",
	97	"repo": "nixpkgs",
	98	"type": "github"
	99	}
	100	},
	101	"nixpkgs_3": {
	102	"locked": {
	103	"lastModified": 1597943282,
	104	"narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=",
	105	"owner": "NixOS",
	106	"repo": "nixpkgs",
	107	"rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38",
	108	"type": "github"
	109	},
	110	"original": {
	111	"owner": "NixOS",
	112	"repo": "nixpkgs",
	113	"type": "github"
	114	}
	115	},
	116	"opendmarc": {
	117	"inputs": {
	118	"flake-utils": "flake-utils",
	119	"libspf2": "libspf2",
	120	"myuids": "myuids",
	121	"nixpkgs": "nixpkgs_3"
	122	},
	123	"locked": {
	124	"dir": "flakes/opendmarc",
	125	"lastModified": 1611091761,
	126	"narHash": "sha256-fE3FBeUxVaMezKjEpepdQW9apOza+0AfBALFhaaD0VA=",
	127	"ref": "master",
	128	"rev": "23f9fdf03a6673dbe334ae33be4f498cc4753191",
	129	"revCount": 802,
	130	"type": "git",
	131	"url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
	132	},
	133	"original": {
	134	"dir": "flakes/opendmarc",
	135	"type": "git",
	136	"url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
	137	}
	138	},
	139	"root": {
	140	"inputs": {
	141	"nixpkgs": "nixpkgs",
	142	"opendmarc": "opendmarc"
	143	}
	144	}
	145	},
	146	"root": "root",
	147	"version": 7
	148	}


diff --git a/flakes/private/opendmarc/flake.nix b/flakes/private/opendmarc/flake.nix new file mode 100644 index 0000000..9aeb3db --- /dev/null +++ b/flakes/private/opendmarc/flake.nix
@@ -0,0 +1,60 @@
	1	{
	2	inputs.opendmarc = {
	3	url = "https://git.immae.eu/perso/Immae/Config/Nix.git";
	4	type = "git";
	5	dir = "flakes/opendmarc";
	6	};
	7	inputs.nixpkgs.url = "github:NixOS/nixpkgs";
	8
	9	description = "Private configuration for opendmarc";
	10	outputs = { self, nixpkgs, opendmarc }:
	11	let
	12	cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
	13	users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
	14	systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
	15	services.opendmarc = {
	16	enable = true;
	17	socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
	18	configFile = pkgs.writeText "opendmarc.conf" ''
	19	AuthservID HOSTNAME
	20	FailureReports false
	21	FailureReportsBcc postmaster@immae.eu
	22	FailureReportsOnNone true
	23	FailureReportsSentBy postmaster@immae.eu
	24	IgnoreAuthenticatedClients true
	25	IgnoreHosts ${config.secrets.fullPaths."opendmarc/ignore.hosts"}
	26	SoftwareHeader true
	27	SPFIgnoreResults true
	28	SPFSelfValidate true
	29	UMask 002
	30	'';
	31	group = config.services.postfix.group;
	32	};
	33	services.filesWatcher.opendmarc = {
	34	restart = true;
	35	paths = [
	36	config.secrets.fullPaths."opendmarc/ignore.hosts"
	37	];
	38	};
	39	secrets.keys = [
	40	{
	41	dest = "opendmarc/ignore.hosts";
	42	user = config.services.opendmarc.user;
	43	group = config.services.opendmarc.group;
	44	permissions = "0400";
	45	text = let
	46	mxes = lib.attrsets.filterAttrs
	47	(n: v: v.mx.enable)
	48	config.myEnv.servers;
	49	in
	50	builtins.concatStringsSep "\n" ([
	51	config.myEnv.mail.dmarc.ignore_hosts
	52	] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
	53	}
	54	];
	55	};
	56	in
	57	opendmarc.outputs //
	58	{ nixosModules = opendmarc.nixosModules or {} // nixpkgs.lib.genAttrs ["eldiron" "backup-2"] cfg; };
	59	}
	60