blob: d6e8920eff588b538ea61b6a8d4f7f580fe16eca (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
pkgs:
let
cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') {
users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];
systemd.services.opendmarc.serviceConfig.Slice = "mail.slice";
services.opendmarc = {
enable = true;
socket = "local:${config.myServices.mail.milters.sockets.opendmarc}";
configFile = pkgs.writeText "opendmarc.conf" ''
AuthservID HOSTNAME
FailureReports false
FailureReportsBcc postmaster@immae.eu
FailureReportsOnNone true
FailureReportsSentBy postmaster@immae.eu
IgnoreAuthenticatedClients true
IgnoreHosts ${config.secrets.fullPaths."opendmarc/ignore.hosts"}
SoftwareHeader true
SPFIgnoreResults true
SPFSelfValidate true
UMask 002
'';
group = config.services.postfix.group;
};
services.filesWatcher.opendmarc = {
restart = true;
paths = [
config.secrets.fullPaths."opendmarc/ignore.hosts"
];
};
secrets.keys = [
{
dest = "opendmarc/ignore.hosts";
user = config.services.opendmarc.user;
group = config.services.opendmarc.group;
permissions = "0400";
text = let
mxes = lib.attrsets.filterAttrs
(n: v: v.mx.enable)
config.myEnv.servers;
in
builtins.concatStringsSep "\n" ([
config.myEnv.mail.dmarc.ignore_hosts
] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
}
];
};
in
pkgs.lib.genAttrs ["eldiron" "backup-2"] cfg
|
