2 files changed, 224 insertions, 0 deletions
diff --git a/flakes/openarc/flake.lock b/flakes/openarc/flake.lock
new file mode 100644
index 0000000..78c0fba
--- /dev/null
+++ b/flakes/openarc/flake.lock
@@ -0,0 +1,77 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1609246779,
+        "narHash": "sha256-eq6ZXE/VWo3EMC65jmIT6H/rrUc9UWOWVujkzav025k=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "08c7ad4a0844adc4a7f9f5bb3beae482e789afa4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "myuids": {
+      "locked": {
+        "dir": "flakes/myuids",
+        "lastModified": 1609281959,
+        "narHash": "sha256-SYNlHeobQAzTzK0pM5AqMn7M2WbTuzBeoD+Q3Mu+sho=",
+        "ref": "master",
+        "rev": "1be9e64bb4556676f65e6e5044e04426848849c0",
+        "revCount": 791,
+        "type": "git",
+        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+      },
+      "original": {
+        "dir": "flakes/myuids",
+        "type": "git",
+        "url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1597943282,
+        "narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "openarc": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1537545083,
+        "narHash": "sha256-xUSRARC7875vFjtZ66t8KBlKmkEdIZblWHc4zqGZAQQ=",
+        "owner": "trusteddomainproject",
+        "repo": "OpenARC",
+        "rev": "355ee2a1ca85acccce494478991983b54f794f4e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "trusteddomainproject",
+        "repo": "OpenARC",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "myuids": "myuids",
+        "nixpkgs": "nixpkgs",
+        "openarc": "openarc"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flakes/openarc/flake.nix b/flakes/openarc/flake.nix
new file mode 100644
index 0000000..6110b2d
--- /dev/null
+++ b/flakes/openarc/flake.nix
@@ -0,0 +1,147 @@
+{
+  description = "Open source ARC implementation";
+  inputs.myuids = {
+    url = "https://git.immae.eu/perso/Immae/Config/Nix.git";
+    type = "git";
+    dir = "flakes/myuids";
+  };
+  inputs.flake-utils.url = "github:numtide/flake-utils";
+  inputs.nixpkgs.url = "github:NixOS/nixpkgs";
+  inputs.openarc = {
+    url = "github:trusteddomainproject/OpenARC";
+    flake = false;
+  };
+  outputs = { self, myuids, openarc, flake-utils, nixpkgs }: flake-utils.lib.eachDefaultSystem (system:
+    let
+      lock = builtins.fromJSON (builtins.readFile ./flake.lock);
+      pkgs = import nixpkgs { inherit system; overlays = []; };
+      inherit (pkgs) stdenv automake autoconf libbsd libtool openssl pkg-config libmilter file;
+    in rec {
+      packages.openarc = stdenv.mkDerivation rec {
+        pname = "openarc";
+        version = "master-${builtins.substring 0 7 lock.nodes.openarc.locked.rev}";
+        src = openarc;
+        buildInputs = [ automake autoconf libbsd libtool openssl pkg-config libmilter ];
+        configureFlags = [
+          "--with-milter=${libmilter}"
+        ];
+        preConfigure = ''
+        autoreconf --force --install
+        sed -i -e "s@/usr/bin/file@${file}/bin/file@" ./configure
+        '';
+        meta = {
+          description = "Open source ARC implementation";
+          homepage = "https://github.com/trusteddomainproject/OpenARC";
+          platforms = stdenv.lib.platforms.unix;
+        };
+      };
+      defaultPackage = packages.openarc;
+      legacyPackages.openarc = packages.openarc;
+      apps.openarc = flake-utils.lib.mkApp { drv = packages.openarc; };
+      defaultApp = apps.openarc;
+      checks = {
+        build = defaultPackage;
+      } // pkgs.lib.optionalAttrs (builtins.elem system pkgs.lib.systems.doubles.linux) {
+        test =
+          let testing = import (nixpkgs + "/nixos/lib/testing-python.nix") { inherit system; };
+          in testing.makeTest {
+            nodes = {
+              server = { pkgs, ... }: {
+                imports = [ self.nixosModule ];
+                config.services.openarc.enable = true;
+                config.services.openarc.configFile = pkgs.writeText "openarc.conf" ''
+                  Domain    foo.example.org
+                  KeyFile   /etc/openarc/foo.key
+                  Selector  foo
+                '';
+              };
+            };
+            testScript = ''
+              start_all()
+              server.wait_until_fails("openarc.service")
+              server.execute("install -m 0700 -o openarc -g openarc -d /etc/openarc")
+              server.execute("echo some_key > /etc/openarc/foo.key")
+              server.execute("chown openarc:openarc /etc/openarc/foo.key")
+              server.execute("chmod 400 /etc/openarc/foo.key")
+              server.systemctl("restart openarc")
+              server.wait_for_unit("openarc.service")
+              server.succeed("[ -S /run/openarc/openarc.sock ]")
+            '';
+          };
+        };
+    }) // {
+      hydraJobs.build = nixpkgs.lib.genAttrs flake-utils.lib.defaultSystems (system: self.defaultPackage."${system}");
+      nixosModule = { config, lib, pkgs, ... }:
+        let
+          cfg = config.services.openarc;
+          defaultSock = "local:/run/openarc/openarc.sock";
+          args = [ "-f" "-p" cfg.socket ] ++ lib.optionals (cfg.configFile != null) [ "-c" cfg.configFile ];
+        in {
+          options = {
+            services.openarc = {
+              enable = lib.mkOption {
+                type = lib.types.bool;
+                default = false;
+                description = "Whether to enable the OpenARC sender authentication system.";
+              };
+              socket = lib.mkOption {
+                type = lib.types.str;
+                default = defaultSock;
+                description = "Socket which is used for communication with OpenARC.";
+              };
+              user = lib.mkOption {
+                type = lib.types.str;
+                default = "openarc";
+                description = "User for the daemon.";
+              };
+              group = lib.mkOption {
+                type = lib.types.str;
+                default = "openarc";
+                description = "Group for the daemon.";
+              };
+              configFile = lib.mkOption {
+                type = lib.types.nullOr lib.types.path;
+                default = null;
+                description = "Additional OpenARC configuration.";
+              };
+            };
+          };
+          config = lib.mkIf cfg.enable {
+            users.users.openarc = lib.optionalAttrs (cfg.user == "openarc") {
+              group = cfg.group;
+              uid = myuids.lib.uids.openarc;
+            };
+            users.groups.openarc = lib.optionalAttrs (cfg.group == "openarc") {
+              gid = myuids.lib.gids.openarc;
+            };
+            environment.systemPackages = [ self.defaultPackage."${pkgs.system}" ];
+            systemd.services.openarc = {
+              description = "OpenARC daemon";
+              after = [ "network.target" ];
+              wantedBy = [ "multi-user.target" ];
+              serviceConfig = {
+                ExecStart = "${self.defaultApp."${pkgs.system}".program} ${lib.escapeShellArgs args}";
+                User = cfg.user;
+                Group = cfg.group;
+                RuntimeDirectory = lib.optional (cfg.socket == defaultSock) "openarc";
+                PermissionsStartOnly = true;
+              };
+            };
+          };
+        };
+    };
+  }

diff --git a/flakes/openarc/flake.lock b/flakes/openarc/flake.lock new file mode 100644 index 0000000..78c0fba --- /dev/null +++ b/flakes/openarc/flake.lock
@@ -0,0 +1,77 @@
	1	{
	2	"nodes": {
	3	"flake-utils": {
	4	"locked": {
	5	"lastModified": 1609246779,
	6	"narHash": "sha256-eq6ZXE/VWo3EMC65jmIT6H/rrUc9UWOWVujkzav025k=",
	7	"owner": "numtide",
	8	"repo": "flake-utils",
	9	"rev": "08c7ad4a0844adc4a7f9f5bb3beae482e789afa4",
	10	"type": "github"
	11	},
	12	"original": {
	13	"owner": "numtide",
	14	"repo": "flake-utils",
	15	"type": "github"
	16	}
	17	},
	18	"myuids": {
	19	"locked": {
	20	"dir": "flakes/myuids",
	21	"lastModified": 1609281959,
	22	"narHash": "sha256-SYNlHeobQAzTzK0pM5AqMn7M2WbTuzBeoD+Q3Mu+sho=",
	23	"ref": "master",
	24	"rev": "1be9e64bb4556676f65e6e5044e04426848849c0",
	25	"revCount": 791,
	26	"type": "git",
	27	"url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
	28	},
	29	"original": {
	30	"dir": "flakes/myuids",
	31	"type": "git",
	32	"url": "https://git.immae.eu/perso/Immae/Config/Nix.git"
	33	}
	34	},
	35	"nixpkgs": {
	36	"locked": {
	37	"lastModified": 1597943282,
	38	"narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=",
	39	"owner": "NixOS",
	40	"repo": "nixpkgs",
	41	"rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38",
	42	"type": "github"
	43	},
	44	"original": {
	45	"owner": "NixOS",
	46	"repo": "nixpkgs",
	47	"type": "github"
	48	}
	49	},
	50	"openarc": {
	51	"flake": false,
	52	"locked": {
	53	"lastModified": 1537545083,
	54	"narHash": "sha256-xUSRARC7875vFjtZ66t8KBlKmkEdIZblWHc4zqGZAQQ=",
	55	"owner": "trusteddomainproject",
	56	"repo": "OpenARC",
	57	"rev": "355ee2a1ca85acccce494478991983b54f794f4e",
	58	"type": "github"
	59	},
	60	"original": {
	61	"owner": "trusteddomainproject",
	62	"repo": "OpenARC",
	63	"type": "github"
	64	}
	65	},
	66	"root": {
	67	"inputs": {
	68	"flake-utils": "flake-utils",
	69	"myuids": "myuids",
	70	"nixpkgs": "nixpkgs",
	71	"openarc": "openarc"
	72	}
	73	}
	74	},
	75	"root": "root",
	76	"version": 7
	77	}


diff --git a/flakes/openarc/flake.nix b/flakes/openarc/flake.nix new file mode 100644 index 0000000..6110b2d --- /dev/null +++ b/flakes/openarc/flake.nix
@@ -0,0 +1,147 @@
	1	{
	2	description = "Open source ARC implementation";
	3
	4	inputs.myuids = {
	5	url = "https://git.immae.eu/perso/Immae/Config/Nix.git";
	6	type = "git";
	7	dir = "flakes/myuids";
	8	};
	9	inputs.flake-utils.url = "github:numtide/flake-utils";
	10	inputs.nixpkgs.url = "github:NixOS/nixpkgs";
	11	inputs.openarc = {
	12	url = "github:trusteddomainproject/OpenARC";
	13	flake = false;
	14	};
	15
	16	outputs = { self, myuids, openarc, flake-utils, nixpkgs }: flake-utils.lib.eachDefaultSystem (system:
	17	let
	18	lock = builtins.fromJSON (builtins.readFile ./flake.lock);
	19	pkgs = import nixpkgs { inherit system; overlays = []; };
	20	inherit (pkgs) stdenv automake autoconf libbsd libtool openssl pkg-config libmilter file;
	21	in rec {
	22	packages.openarc = stdenv.mkDerivation rec {
	23	pname = "openarc";
	24	version = "master-${builtins.substring 0 7 lock.nodes.openarc.locked.rev}";
	25	src = openarc;
	26	buildInputs = [ automake autoconf libbsd libtool openssl pkg-config libmilter ];
	27
	28	configureFlags = [
	29	"--with-milter=${libmilter}"
	30	];
	31	preConfigure = ''
	32	autoreconf --force --install
	33	sed -i -e "s@/usr/bin/file@${file}/bin/file@" ./configure
	34	'';
	35	meta = {
	36	description = "Open source ARC implementation";
	37	homepage = "https://github.com/trusteddomainproject/OpenARC";
	38	platforms = stdenv.lib.platforms.unix;
	39	};
	40	};
	41
	42	defaultPackage = packages.openarc;
	43	legacyPackages.openarc = packages.openarc;
	44	apps.openarc = flake-utils.lib.mkApp { drv = packages.openarc; };
	45	defaultApp = apps.openarc;
	46	checks = {
	47	build = defaultPackage;
	48	} // pkgs.lib.optionalAttrs (builtins.elem system pkgs.lib.systems.doubles.linux) {
	49	test =
	50	let testing = import (nixpkgs + "/nixos/lib/testing-python.nix") { inherit system; };
	51	in testing.makeTest {
	52	nodes = {
	53	server = { pkgs, ... }: {
	54	imports = [ self.nixosModule ];
	55	config.services.openarc.enable = true;
	56	config.services.openarc.configFile = pkgs.writeText "openarc.conf" ''
	57	Domain foo.example.org
	58	KeyFile /etc/openarc/foo.key
	59	Selector foo
	60	'';
	61	};
	62	};
	63	testScript = ''
	64	start_all()
	65	server.wait_until_fails("openarc.service")
	66	server.execute("install -m 0700 -o openarc -g openarc -d /etc/openarc")
	67	server.execute("echo some_key > /etc/openarc/foo.key")
	68	server.execute("chown openarc:openarc /etc/openarc/foo.key")
	69	server.execute("chmod 400 /etc/openarc/foo.key")
	70	server.systemctl("restart openarc")
	71	server.wait_for_unit("openarc.service")
	72	server.succeed("[ -S /run/openarc/openarc.sock ]")
	73	'';
	74	};
	75	};
	76	}) // {
	77	hydraJobs.build = nixpkgs.lib.genAttrs flake-utils.lib.defaultSystems (system: self.defaultPackage."${system}");
	78	nixosModule = { config, lib, pkgs, ... }:
	79	let
	80	cfg = config.services.openarc;
	81	defaultSock = "local:/run/openarc/openarc.sock";
	82	args = [ "-f" "-p" cfg.socket ] ++ lib.optionals (cfg.configFile != null) [ "-c" cfg.configFile ];
	83	in {
	84	options = {
	85	services.openarc = {
	86	enable = lib.mkOption {
	87	type = lib.types.bool;
	88	default = false;
	89	description = "Whether to enable the OpenARC sender authentication system.";
	90	};
	91
	92	socket = lib.mkOption {
	93	type = lib.types.str;
	94	default = defaultSock;
	95	description = "Socket which is used for communication with OpenARC.";
	96	};
	97
	98	user = lib.mkOption {
	99	type = lib.types.str;
	100	default = "openarc";
	101	description = "User for the daemon.";
	102	};
	103
	104	group = lib.mkOption {
	105	type = lib.types.str;
	106	default = "openarc";
	107	description = "Group for the daemon.";
	108	};
	109
	110	configFile = lib.mkOption {
	111	type = lib.types.nullOr lib.types.path;
	112	default = null;
	113	description = "Additional OpenARC configuration.";
	114	};
	115
	116	};
	117	};
	118
	119	config = lib.mkIf cfg.enable {
	120	users.users.openarc = lib.optionalAttrs (cfg.user == "openarc") {
	121	group = cfg.group;
	122	uid = myuids.lib.uids.openarc;
	123	};
	124
	125	users.groups.openarc = lib.optionalAttrs (cfg.group == "openarc") {
	126	gid = myuids.lib.gids.openarc;
	127	};
	128
	129	environment.systemPackages = [ self.defaultPackage."${pkgs.system}" ];
	130
	131	systemd.services.openarc = {
	132	description = "OpenARC daemon";
	133	after = [ "network.target" ];
	134	wantedBy = [ "multi-user.target" ];
	135
	136	serviceConfig = {
	137	ExecStart = "${self.defaultApp."${pkgs.system}".program} ${lib.escapeShellArgs args}";
	138	User = cfg.user;
	139	Group = cfg.group;
	140	RuntimeDirectory = lib.optional (cfg.socket == defaultSock) "openarc";
	141	PermissionsStartOnly = true;
	142	};
	143	};
	144	};
	145	};
	146	};
	147	}