From ef43c36272ca539cbfe803ded03949451b17b679 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Thu, 21 Jan 2021 09:56:28 +0100 Subject: Add private flake for openarc and opendmarc --- flakes/private/opendmarc/flake.lock | 148 ++++++++++++++++++++++++++++++++++++ flakes/private/opendmarc/flake.nix | 60 +++++++++++++++ 2 files changed, 208 insertions(+) create mode 100644 flakes/private/opendmarc/flake.lock create mode 100644 flakes/private/opendmarc/flake.nix (limited to 'flakes/private/opendmarc') diff --git a/flakes/private/opendmarc/flake.lock b/flakes/private/opendmarc/flake.lock new file mode 100644 index 0000000..867dcbc --- /dev/null +++ b/flakes/private/opendmarc/flake.lock @@ -0,0 +1,148 @@ +{ + "nodes": { + "flake-utils": { + "locked": { + "lastModified": 1609246779, + "narHash": "sha256-eq6ZXE/VWo3EMC65jmIT6H/rrUc9UWOWVujkzav025k=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "08c7ad4a0844adc4a7f9f5bb3beae482e789afa4", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "locked": { + "lastModified": 1609246779, + "narHash": "sha256-eq6ZXE/VWo3EMC65jmIT6H/rrUc9UWOWVujkzav025k=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "08c7ad4a0844adc4a7f9f5bb3beae482e789afa4", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "libspf2": { + "inputs": { + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "dir": "flakes/libspf2", + "lastModified": 1609548509, + "narHash": "sha256-d9gssVdKV0EaeDU/L5QgQpQwFuxWMbwNQ71i7z4LdDs=", + "ref": "master", + "rev": "749623765bef80615fc21e73aff89521d262e277", + "revCount": 796, + "type": "git", + "url": "https://git.immae.eu/perso/Immae/Config/Nix.git" + }, + "original": { + "dir": "flakes/libspf2", + "type": "git", + "url": "https://git.immae.eu/perso/Immae/Config/Nix.git" + } + }, + "myuids": { + "locked": { + "dir": "flakes/myuids", + "lastModified": 1609548509, + "narHash": "sha256-d9gssVdKV0EaeDU/L5QgQpQwFuxWMbwNQ71i7z4LdDs=", + "ref": "master", + "rev": "749623765bef80615fc21e73aff89521d262e277", + "revCount": 796, + "type": "git", + "url": "https://git.immae.eu/perso/Immae/Config/Nix.git" + }, + "original": { + "dir": "flakes/myuids", + "type": "git", + "url": "https://git.immae.eu/perso/Immae/Config/Nix.git" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1611218116, + "narHash": "sha256-CcyGZ8cLlHgiViWyBjRIjdsdRZxJjP2MgtWeuqSv3CE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "30ab92ea31f6b7e9095b1e7e4b56a5000823efdf", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1597943282, + "narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1597943282, + "narHash": "sha256-G/VQBlqO7YeFOSvn29RqdvABZxmQBtiRYVA6kjqWZ6o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, + "opendmarc": { + "inputs": { + "flake-utils": "flake-utils", + "libspf2": "libspf2", + "myuids": "myuids", + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "dir": "flakes/opendmarc", + "lastModified": 1611091761, + "narHash": "sha256-fE3FBeUxVaMezKjEpepdQW9apOza+0AfBALFhaaD0VA=", + "ref": "master", + "rev": "23f9fdf03a6673dbe334ae33be4f498cc4753191", + "revCount": 802, + "type": "git", + "url": "https://git.immae.eu/perso/Immae/Config/Nix.git" + }, + "original": { + "dir": "flakes/opendmarc", + "type": "git", + "url": "https://git.immae.eu/perso/Immae/Config/Nix.git" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs", + "opendmarc": "opendmarc" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flakes/private/opendmarc/flake.nix b/flakes/private/opendmarc/flake.nix new file mode 100644 index 0000000..9aeb3db --- /dev/null +++ b/flakes/private/opendmarc/flake.nix @@ -0,0 +1,60 @@ +{ + inputs.opendmarc = { + url = "https://git.immae.eu/perso/Immae/Config/Nix.git"; + type = "git"; + dir = "flakes/opendmarc"; + }; + inputs.nixpkgs.url = "github:NixOS/nixpkgs"; + + description = "Private configuration for opendmarc"; + outputs = { self, nixpkgs, opendmarc }: + let + cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') { + users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ]; + systemd.services.opendmarc.serviceConfig.Slice = "mail.slice"; + services.opendmarc = { + enable = true; + socket = "local:${config.myServices.mail.milters.sockets.opendmarc}"; + configFile = pkgs.writeText "opendmarc.conf" '' + AuthservID HOSTNAME + FailureReports false + FailureReportsBcc postmaster@immae.eu + FailureReportsOnNone true + FailureReportsSentBy postmaster@immae.eu + IgnoreAuthenticatedClients true + IgnoreHosts ${config.secrets.fullPaths."opendmarc/ignore.hosts"} + SoftwareHeader true + SPFIgnoreResults true + SPFSelfValidate true + UMask 002 + ''; + group = config.services.postfix.group; + }; + services.filesWatcher.opendmarc = { + restart = true; + paths = [ + config.secrets.fullPaths."opendmarc/ignore.hosts" + ]; + }; + secrets.keys = [ + { + dest = "opendmarc/ignore.hosts"; + user = config.services.opendmarc.user; + group = config.services.opendmarc.group; + permissions = "0400"; + text = let + mxes = lib.attrsets.filterAttrs + (n: v: v.mx.enable) + config.myEnv.servers; + in + builtins.concatStringsSep "\n" ([ + config.myEnv.mail.dmarc.ignore_hosts + ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes); + } + ]; + }; + in + opendmarc.outputs // + { nixosModules = opendmarc.nixosModules or {} // nixpkgs.lib.genAttrs ["eldiron" "backup-2"] cfg; }; +} + -- cgit v1.2.3