From a1a2455f53bde1235b221a842d3c888c51fcecac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Sat, 2 Jan 2021 02:32:12 +0100
Subject: Add opendmarc flake

---
 modules/default.nix              |  2 +-
 modules/opendmarc.nix            | 92 ----------------------------------------
 modules/private/mail/milters.nix | 44 +------------------
 3 files changed, 3 insertions(+), 135 deletions(-)
 delete mode 100644 modules/opendmarc.nix

(limited to 'modules')

diff --git a/modules/default.nix b/modules/default.nix
index 53e3932..abf4547 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -14,7 +14,7 @@ in
   peertube = ./webapps/peertube.nix;
   fiche = ./webapps/fiche.nix;
 
-  opendmarc = ./opendmarc.nix;
+  opendmarc = (flakeCompat ../flakes/opendmarc).nixosModule;
   openarc = (flakeCompat ../flakes/openarc).nixosModule;
 
   duplyBackup = ./duply_backup;
diff --git a/modules/opendmarc.nix b/modules/opendmarc.nix
deleted file mode 100644
index 6137d10..0000000
--- a/modules/opendmarc.nix
+++ /dev/null
@@ -1,92 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-
-  cfg = config.services.opendmarc;
-
-  defaultSock = "local:/run/opendmarc/opendmarc.sock";
-
-  args = [ "-f" "-l"
-           "-p" cfg.socket
-         ] ++ optionals (cfg.configFile != null) [ "-c" cfg.configFile ];
-
-in {
-
-  ###### interface
-
-  options = {
-
-    services.opendmarc = {
-
-      enable = mkOption {
-        type = types.bool;
-        default = false;
-        description = "Whether to enable the OpenDMARC sender authentication system.";
-      };
-
-      socket = mkOption {
-        type = types.str;
-        default = defaultSock;
-        description = "Socket which is used for communication with OpenDMARC.";
-      };
-
-      user = mkOption {
-        type = types.str;
-        default = "opendmarc";
-        description = "User for the daemon.";
-      };
-
-      group = mkOption {
-        type = types.str;
-        default = "opendmarc";
-        description = "Group for the daemon.";
-      };
-
-      configFile = mkOption {
-        type = types.nullOr types.path;
-        default = null;
-        description = "Additional OpenDMARC configuration.";
-      };
-
-    };
-
-  };
-
-
-  ###### implementation
-
-  config = mkIf cfg.enable {
-
-    users.users = optionalAttrs (cfg.user == "opendmarc") {
-      opendmarc = {
-        group = cfg.group;
-        uid = config.ids.uids.opendmarc;
-      };
-    };
-
-    users.groups = optionalAttrs (cfg.group == "opendmarc") {
-      opendmarc = {
-        gid = config.ids.gids.opendmarc;
-      };
-    };
-
-    environment.systemPackages = [ pkgs.opendmarc ];
-
-    systemd.services.opendmarc = {
-      description = "OpenDMARC daemon";
-      after = [ "network.target" ];
-      wantedBy = [ "multi-user.target" ];
-
-      serviceConfig = {
-        ExecStart = "${pkgs.opendmarc}/bin/opendmarc ${escapeShellArgs args}";
-        User = cfg.user;
-        Group = cfg.group;
-        RuntimeDirectory = optional (cfg.socket == defaultSock) "opendmarc";
-        PermissionsStartOnly = true;
-      };
-    };
-
-  };
-}
diff --git a/modules/private/mail/milters.nix b/modules/private/mail/milters.nix
index 96c2800..49c5dfd 100644
--- a/modules/private/mail/milters.nix
+++ b/modules/private/mail/milters.nix
@@ -1,7 +1,8 @@
 { lib, pkgs, config, name, ... }:
 {
   imports =
-    builtins.attrValues (import ../../../lib/flake-compat.nix ../../../flakes/openarc).nixosModules;
+       builtins.attrValues (import ../../../lib/flake-compat.nix ../../../flakes/openarc).nixosModules
+    ++ builtins.attrValues (import ../../../lib/flake-compat.nix ../../../flakes/opendmarc).nixosModules;
 
   options.myServices.mail.milters.sockets = lib.mkOption {
     type = lib.types.attrsOf lib.types.path;
@@ -32,20 +33,6 @@
         text = ''
           eldiron._domainkey	IN	TXT	${config.myEnv.mail.dkim.eldiron.public}'';
       }
-      {
-        dest = "opendmarc/ignore.hosts";
-        user = config.services.opendmarc.user;
-        group = config.services.opendmarc.group;
-        permissions = "0400";
-        text = let
-          mxes = lib.attrsets.filterAttrs
-            (n: v: v.mx.enable)
-            config.myEnv.servers;
-          in
-            builtins.concatStringsSep "\n" ([
-              config.myEnv.mail.dmarc.ignore_hosts
-            ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
-      }
     ];
     users.users."${config.services.opendkim.user}".extraGroups = [ "keys" ];
     services.opendkim = {
@@ -79,33 +66,6 @@
       ];
     };
 
-    users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
-    systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
-    services.opendmarc = {
-      enable = true;
-      socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
-      configFile = pkgs.writeText "opendmarc.conf" ''
-        AuthservID                  HOSTNAME
-        FailureReports              false
-        FailureReportsBcc           postmaster@immae.eu
-        FailureReportsOnNone        true
-        FailureReportsSentBy        postmaster@immae.eu
-        IgnoreAuthenticatedClients  true
-        IgnoreHosts                 ${config.secrets.fullPaths."opendmarc/ignore.hosts"}
-        SoftwareHeader              true
-        SPFIgnoreResults            true
-        SPFSelfValidate             true
-        UMask                       002
-        '';
-      group = config.services.postfix.group;
-    };
-    services.filesWatcher.opendmarc = {
-      restart = true;
-      paths = [
-        config.secrets.fullPaths."opendmarc/ignore.hosts"
-      ];
-    };
-
     systemd.services.milter_verify_from = {
       description  = "Verify from milter";
       after = [ "network.target" ];
-- 
cgit v1.2.3