summaryrefslogtreecommitdiff
path: root/modules/opendmarc.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/opendmarc.nix')
-rw-r--r--modules/opendmarc.nix90
1 files changed, 90 insertions, 0 deletions
diff --git a/modules/opendmarc.nix b/modules/opendmarc.nix
new file mode 100644
index 00000000..e18ec82a
--- /dev/null
+++ b/modules/opendmarc.nix
@@ -0,0 +1,90 @@
1{ config, lib, pkgs, ... }:
2
3with lib;
4
5let
6
7 cfg = config.services.opendmarc;
8
9 defaultSock = "local:/run/opendmarc/opendmarc.sock";
10
11 args = [ "-f" "-l"
12 "-p" cfg.socket
13 ] ++ optionals (cfg.configFile != null) [ "-c" cfg.configFile ];
14
15in {
16
17 ###### interface
18
19 options = {
20
21 services.opendmarc = {
22
23 enable = mkOption {
24 type = types.bool;
25 default = false;
26 description = "Whether to enable the OpenDMARC sender authentication system.";
27 };
28
29 socket = mkOption {
30 type = types.str;
31 default = defaultSock;
32 description = "Socket which is used for communication with OpenDMARC.";
33 };
34
35 user = mkOption {
36 type = types.str;
37 default = "opendmarc";
38 description = "User for the daemon.";
39 };
40
41 group = mkOption {
42 type = types.str;
43 default = "opendmarc";
44 description = "Group for the daemon.";
45 };
46
47 configFile = mkOption {
48 type = types.nullOr types.path;
49 default = null;
50 description = "Additional OpenDMARC configuration.";
51 };
52
53 };
54
55 };
56
57
58 ###### implementation
59
60 config = mkIf cfg.enable {
61
62 users.users = optionalAttrs (cfg.user == "opendmarc") (singleton
63 { name = "opendmarc";
64 group = cfg.group;
65 uid = config.ids.uids.opendmarc;
66 });
67
68 users.groups = optionalAttrs (cfg.group == "opendmarc") (singleton
69 { name = "opendmarc";
70 gid = config.ids.gids.opendmarc;
71 });
72
73 environment.systemPackages = [ pkgs.opendmarc ];
74
75 systemd.services.opendmarc = {
76 description = "OpenDMARC daemon";
77 after = [ "network.target" ];
78 wantedBy = [ "multi-user.target" ];
79
80 serviceConfig = {
81 ExecStart = "${pkgs.opendmarc}/bin/opendmarc ${escapeShellArgs args}";
82 User = cfg.user;
83 Group = cfg.group;
84 RuntimeDirectory = optional (cfg.socket == defaultSock) "opendmarc";
85 PermissionsStartOnly = true;
86 };
87 };
88
89 };
90}