diff options
Diffstat (limited to 'modules/opendmarc.nix')
-rw-r--r-- | modules/opendmarc.nix | 90 |
1 files changed, 90 insertions, 0 deletions
diff --git a/modules/opendmarc.nix b/modules/opendmarc.nix new file mode 100644 index 00000000..e18ec82a --- /dev/null +++ b/modules/opendmarc.nix | |||
@@ -0,0 +1,90 @@ | |||
1 | { config, lib, pkgs, ... }: | ||
2 | |||
3 | with lib; | ||
4 | |||
5 | let | ||
6 | |||
7 | cfg = config.services.opendmarc; | ||
8 | |||
9 | defaultSock = "local:/run/opendmarc/opendmarc.sock"; | ||
10 | |||
11 | args = [ "-f" "-l" | ||
12 | "-p" cfg.socket | ||
13 | ] ++ optionals (cfg.configFile != null) [ "-c" cfg.configFile ]; | ||
14 | |||
15 | in { | ||
16 | |||
17 | ###### interface | ||
18 | |||
19 | options = { | ||
20 | |||
21 | services.opendmarc = { | ||
22 | |||
23 | enable = mkOption { | ||
24 | type = types.bool; | ||
25 | default = false; | ||
26 | description = "Whether to enable the OpenDMARC sender authentication system."; | ||
27 | }; | ||
28 | |||
29 | socket = mkOption { | ||
30 | type = types.str; | ||
31 | default = defaultSock; | ||
32 | description = "Socket which is used for communication with OpenDMARC."; | ||
33 | }; | ||
34 | |||
35 | user = mkOption { | ||
36 | type = types.str; | ||
37 | default = "opendmarc"; | ||
38 | description = "User for the daemon."; | ||
39 | }; | ||
40 | |||
41 | group = mkOption { | ||
42 | type = types.str; | ||
43 | default = "opendmarc"; | ||
44 | description = "Group for the daemon."; | ||
45 | }; | ||
46 | |||
47 | configFile = mkOption { | ||
48 | type = types.nullOr types.path; | ||
49 | default = null; | ||
50 | description = "Additional OpenDMARC configuration."; | ||
51 | }; | ||
52 | |||
53 | }; | ||
54 | |||
55 | }; | ||
56 | |||
57 | |||
58 | ###### implementation | ||
59 | |||
60 | config = mkIf cfg.enable { | ||
61 | |||
62 | users.users = optionalAttrs (cfg.user == "opendmarc") (singleton | ||
63 | { name = "opendmarc"; | ||
64 | group = cfg.group; | ||
65 | uid = config.ids.uids.opendmarc; | ||
66 | }); | ||
67 | |||
68 | users.groups = optionalAttrs (cfg.group == "opendmarc") (singleton | ||
69 | { name = "opendmarc"; | ||
70 | gid = config.ids.gids.opendmarc; | ||
71 | }); | ||
72 | |||
73 | environment.systemPackages = [ pkgs.opendmarc ]; | ||
74 | |||
75 | systemd.services.opendmarc = { | ||
76 | description = "OpenDMARC daemon"; | ||
77 | after = [ "network.target" ]; | ||
78 | wantedBy = [ "multi-user.target" ]; | ||
79 | |||
80 | serviceConfig = { | ||
81 | ExecStart = "${pkgs.opendmarc}/bin/opendmarc ${escapeShellArgs args}"; | ||
82 | User = cfg.user; | ||
83 | Group = cfg.group; | ||
84 | RuntimeDirectory = optional (cfg.socket == defaultSock) "opendmarc"; | ||
85 | PermissionsStartOnly = true; | ||
86 | }; | ||
87 | }; | ||
88 | |||
89 | }; | ||
90 | } | ||