4 files changed, 187 insertions, 0 deletions
diff --git a/modules/default.nix b/modules/default.nix
index dd348702..53469562 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -10,6 +10,9 @@
  mediagoblin = ./webapps/mediagoblin.nix;
  peertube = ./webapps/peertube.nix;
+  opendmarc = ./opendmarc.nix;
+  openarc = ./openarc.nix;
  php-application = ./websites/php-application.nix;
  websites = ./websites;
 } // (if builtins.pathExists ./private then import ./private else {})
diff --git a/modules/myids.nix b/modules/myids.nix
index 4fb26269..7ec9c0ef 100644
--- a/modules/myids.nix
+++ b/modules/myids.nix
@@ -3,6 +3,8 @@
  # Check that there is no clash with nixos/modules/misc/ids.nix
  config = {
    ids.uids = {
+      opendarc = 391;
+      opendmarc = 392;
      peertube = 394;
      redis = 395;
      nullmailer = 396;
@@ -11,6 +13,8 @@
      mastodon = 399;
    };
    ids.gids = {
+      opendarc = 392;
+      opendmarc = 392;
      peertube = 394;
      redis = 395;
      nullmailer = 396;
diff --git a/modules/openarc.nix b/modules/openarc.nix
new file mode 100644
index 00000000..9dc49de1
--- /dev/null
+++ b/modules/openarc.nix
@@ -0,0 +1,90 @@
+{ config, lib, pkgs, ... }:
+with lib;
+let
+  cfg = config.services.openarc;
+  defaultSock = "local:/run/openarc/openarc.sock";
+  args = [ "-f"
+           "-p" cfg.socket
+         ] ++ optionals (cfg.configFile != null) [ "-c" cfg.configFile ];
+in {
+  ###### interface
+  options = {
+    services.openarc = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Whether to enable the OpenARC sender authentication system.";
+      };
+      socket = mkOption {
+        type = types.str;
+        default = defaultSock;
+        description = "Socket which is used for communication with OpenARC.";
+      };
+      user = mkOption {
+        type = types.str;
+        default = "opendmarc";
+        description = "User for the daemon.";
+      };
+      group = mkOption {
+        type = types.str;
+        default = "opendmarc";
+        description = "Group for the daemon.";
+      };
+      configFile = mkOption {
+        type = types.nullOr types.path;
+        default = null;
+        description = "Additional OpenARC configuration.";
+      };
+    };
+  };
+  ###### implementation
+  config = mkIf cfg.enable {
+    users.users = optionalAttrs (cfg.user == "openarc") (singleton
+      { name = "openarc";
+        group = cfg.group;
+        uid = config.ids.uids.openarc;
+      });
+    users.groups = optionalAttrs (cfg.group == "openarc") (singleton
+      { name = "openarc";
+        gid = config.ids.gids.openarc;
+      });
+    environment.systemPackages = [ pkgs.openarc ];
+    systemd.services.openarc = {
+      description = "OpenARC daemon";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        ExecStart = "${pkgs.openarc}/bin/openarc ${escapeShellArgs args}";
+        User = cfg.user;
+        Group = cfg.group;
+        RuntimeDirectory = optional (cfg.socket == defaultSock) "openarc";
+        PermissionsStartOnly = true;
+      };
+    };
+  };
+}
diff --git a/modules/opendmarc.nix b/modules/opendmarc.nix
new file mode 100644
index 00000000..e18ec82a
--- /dev/null
+++ b/modules/opendmarc.nix
@@ -0,0 +1,90 @@
+{ config, lib, pkgs, ... }:
+with lib;
+let
+  cfg = config.services.opendmarc;
+  defaultSock = "local:/run/opendmarc/opendmarc.sock";
+  args = [ "-f" "-l"
+           "-p" cfg.socket
+         ] ++ optionals (cfg.configFile != null) [ "-c" cfg.configFile ];
+in {
+  ###### interface
+  options = {
+    services.opendmarc = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Whether to enable the OpenDMARC sender authentication system.";
+      };
+      socket = mkOption {
+        type = types.str;
+        default = defaultSock;
+        description = "Socket which is used for communication with OpenDMARC.";
+      };
+      user = mkOption {
+        type = types.str;
+        default = "opendmarc";
+        description = "User for the daemon.";
+      };
+      group = mkOption {
+        type = types.str;
+        default = "opendmarc";
+        description = "Group for the daemon.";
+      };
+      configFile = mkOption {
+        type = types.nullOr types.path;
+        default = null;
+        description = "Additional OpenDMARC configuration.";
+      };
+    };
+  };
+  ###### implementation
+  config = mkIf cfg.enable {
+    users.users = optionalAttrs (cfg.user == "opendmarc") (singleton
+      { name = "opendmarc";
+        group = cfg.group;
+        uid = config.ids.uids.opendmarc;
+      });
+    users.groups = optionalAttrs (cfg.group == "opendmarc") (singleton
+      { name = "opendmarc";
+        gid = config.ids.gids.opendmarc;
+      });
+    environment.systemPackages = [ pkgs.opendmarc ];
+    systemd.services.opendmarc = {
+      description = "OpenDMARC daemon";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        ExecStart = "${pkgs.opendmarc}/bin/opendmarc ${escapeShellArgs args}";
+        User = cfg.user;
+        Group = cfg.group;
+        RuntimeDirectory = optional (cfg.socket == defaultSock) "opendmarc";
+        PermissionsStartOnly = true;
+      };
+    };
+  };
+}

diff --git a/modules/default.nix b/modules/default.nix index dd348702..53469562 100644 --- a/modules/default.nix +++ b/modules/default.nix
@@ -10,6 +10,9 @@
10	mediagoblin = ./webapps/mediagoblin.nix;	10	mediagoblin = ./webapps/mediagoblin.nix;
11	peertube = ./webapps/peertube.nix;	11	peertube = ./webapps/peertube.nix;
12		12
		13	opendmarc = ./opendmarc.nix;
		14	openarc = ./openarc.nix;
		15
13	php-application = ./websites/php-application.nix;	16	php-application = ./websites/php-application.nix;
14	websites = ./websites;	17	websites = ./websites;
15	} // (if builtins.pathExists ./private then import ./private else {})	18	} // (if builtins.pathExists ./private then import ./private else {})


diff --git a/modules/myids.nix b/modules/myids.nix index 4fb26269..7ec9c0ef 100644 --- a/modules/myids.nix +++ b/modules/myids.nix
@@ -3,6 +3,8 @@
3	# Check that there is no clash with nixos/modules/misc/ids.nix	3	# Check that there is no clash with nixos/modules/misc/ids.nix
4	config = {	4	config = {
5	ids.uids = {	5	ids.uids = {
		6	opendarc = 391;
		7	opendmarc = 392;
6	peertube = 394;	8	peertube = 394;
7	redis = 395;	9	redis = 395;
8	nullmailer = 396;	10	nullmailer = 396;
@@ -11,6 +13,8 @@
11	mastodon = 399;	13	mastodon = 399;
12	};	14	};
13	ids.gids = {	15	ids.gids = {
		16	opendarc = 392;
		17	opendmarc = 392;
14	peertube = 394;	18	peertube = 394;
15	redis = 395;	19	redis = 395;
16	nullmailer = 396;	20	nullmailer = 396;


diff --git a/modules/openarc.nix b/modules/openarc.nix new file mode 100644 index 00000000..9dc49de1 --- /dev/null +++ b/modules/openarc.nix
@@ -0,0 +1,90 @@
		1	{ config, lib, pkgs, ... }:
		2
		3	with lib;
		4
		5	let
		6
		7	cfg = config.services.openarc;
		8
		9	defaultSock = "local:/run/openarc/openarc.sock";
		10
		11	args = [ "-f"
		12	"-p" cfg.socket
		13	] ++ optionals (cfg.configFile != null) [ "-c" cfg.configFile ];
		14
		15	in {
		16
		17	###### interface
		18
		19	options = {
		20
		21	services.openarc = {
		22
		23	enable = mkOption {
		24	type = types.bool;
		25	default = false;
		26	description = "Whether to enable the OpenARC sender authentication system.";
		27	};
		28
		29	socket = mkOption {
		30	type = types.str;
		31	default = defaultSock;
		32	description = "Socket which is used for communication with OpenARC.";
		33	};
		34
		35	user = mkOption {
		36	type = types.str;
		37	default = "opendmarc";
		38	description = "User for the daemon.";
		39	};
		40
		41	group = mkOption {
		42	type = types.str;
		43	default = "opendmarc";
		44	description = "Group for the daemon.";
		45	};
		46
		47	configFile = mkOption {
		48	type = types.nullOr types.path;
		49	default = null;
		50	description = "Additional OpenARC configuration.";
		51	};
		52
		53	};
		54
		55	};
		56
		57
		58	###### implementation
		59
		60	config = mkIf cfg.enable {
		61
		62	users.users = optionalAttrs (cfg.user == "openarc") (singleton
		63	{ name = "openarc";
		64	group = cfg.group;
		65	uid = config.ids.uids.openarc;
		66	});
		67
		68	users.groups = optionalAttrs (cfg.group == "openarc") (singleton
		69	{ name = "openarc";
		70	gid = config.ids.gids.openarc;
		71	});
		72
		73	environment.systemPackages = [ pkgs.openarc ];
		74
		75	systemd.services.openarc = {
		76	description = "OpenARC daemon";
		77	after = [ "network.target" ];
		78	wantedBy = [ "multi-user.target" ];
		79
		80	serviceConfig = {
		81	ExecStart = "${pkgs.openarc}/bin/openarc ${escapeShellArgs args}";
		82	User = cfg.user;
		83	Group = cfg.group;
		84	RuntimeDirectory = optional (cfg.socket == defaultSock) "openarc";
		85	PermissionsStartOnly = true;
		86	};
		87	};
		88
		89	};
		90	}


diff --git a/modules/opendmarc.nix b/modules/opendmarc.nix new file mode 100644 index 00000000..e18ec82a --- /dev/null +++ b/modules/opendmarc.nix
@@ -0,0 +1,90 @@
		1	{ config, lib, pkgs, ... }:
		2
		3	with lib;
		4
		5	let
		6
		7	cfg = config.services.opendmarc;
		8
		9	defaultSock = "local:/run/opendmarc/opendmarc.sock";
		10
		11	args = [ "-f" "-l"
		12	"-p" cfg.socket
		13	] ++ optionals (cfg.configFile != null) [ "-c" cfg.configFile ];
		14
		15	in {
		16
		17	###### interface
		18
		19	options = {
		20
		21	services.opendmarc = {
		22
		23	enable = mkOption {
		24	type = types.bool;
		25	default = false;
		26	description = "Whether to enable the OpenDMARC sender authentication system.";
		27	};
		28
		29	socket = mkOption {
		30	type = types.str;
		31	default = defaultSock;
		32	description = "Socket which is used for communication with OpenDMARC.";
		33	};
		34
		35	user = mkOption {
		36	type = types.str;
		37	default = "opendmarc";
		38	description = "User for the daemon.";
		39	};
		40
		41	group = mkOption {
		42	type = types.str;
		43	default = "opendmarc";
		44	description = "Group for the daemon.";
		45	};
		46
		47	configFile = mkOption {
		48	type = types.nullOr types.path;
		49	default = null;
		50	description = "Additional OpenDMARC configuration.";
		51	};
		52
		53	};
		54
		55	};
		56
		57
		58	###### implementation
		59
		60	config = mkIf cfg.enable {
		61
		62	users.users = optionalAttrs (cfg.user == "opendmarc") (singleton
		63	{ name = "opendmarc";
		64	group = cfg.group;
		65	uid = config.ids.uids.opendmarc;
		66	});
		67
		68	users.groups = optionalAttrs (cfg.group == "opendmarc") (singleton
		69	{ name = "opendmarc";
		70	gid = config.ids.gids.opendmarc;
		71	});
		72
		73	environment.systemPackages = [ pkgs.opendmarc ];
		74
		75	systemd.services.opendmarc = {
		76	description = "OpenDMARC daemon";
		77	after = [ "network.target" ];
		78	wantedBy = [ "multi-user.target" ];
		79
		80	serviceConfig = {
		81	ExecStart = "${pkgs.opendmarc}/bin/opendmarc ${escapeShellArgs args}";
		82	User = cfg.user;
		83	Group = cfg.group;
		84	RuntimeDirectory = optional (cfg.socket == defaultSock) "opendmarc";
		85	PermissionsStartOnly = true;
		86	};
		87	};
		88
		89	};
		90	}