From 2b96efc8a4b287509c38509d44988f32a179a001 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Tue, 4 Jun 2019 09:53:11 +0200
Subject: Add opendmarc openarc and opendkim configuration and packages

---
 modules/default.nix   |  3 ++
 modules/myids.nix     |  4 +++
 modules/openarc.nix   | 90 +++++++++++++++++++++++++++++++++++++++++++++++++++
 modules/opendmarc.nix | 90 +++++++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 187 insertions(+)
 create mode 100644 modules/openarc.nix
 create mode 100644 modules/opendmarc.nix

(limited to 'modules')

diff --git a/modules/default.nix b/modules/default.nix
index dd348702..53469562 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -10,6 +10,9 @@
   mediagoblin = ./webapps/mediagoblin.nix;
   peertube = ./webapps/peertube.nix;
 
+  opendmarc = ./opendmarc.nix;
+  openarc = ./openarc.nix;
+
   php-application = ./websites/php-application.nix;
   websites = ./websites;
 } // (if builtins.pathExists ./private then import ./private else {})
diff --git a/modules/myids.nix b/modules/myids.nix
index 4fb26269..7ec9c0ef 100644
--- a/modules/myids.nix
+++ b/modules/myids.nix
@@ -3,6 +3,8 @@
   # Check that there is no clash with nixos/modules/misc/ids.nix
   config = {
     ids.uids = {
+      opendarc = 391;
+      opendmarc = 392;
       peertube = 394;
       redis = 395;
       nullmailer = 396;
@@ -11,6 +13,8 @@
       mastodon = 399;
     };
     ids.gids = {
+      opendarc = 392;
+      opendmarc = 392;
       peertube = 394;
       redis = 395;
       nullmailer = 396;
diff --git a/modules/openarc.nix b/modules/openarc.nix
new file mode 100644
index 00000000..9dc49de1
--- /dev/null
+++ b/modules/openarc.nix
@@ -0,0 +1,90 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+  cfg = config.services.openarc;
+
+  defaultSock = "local:/run/openarc/openarc.sock";
+
+  args = [ "-f"
+           "-p" cfg.socket
+         ] ++ optionals (cfg.configFile != null) [ "-c" cfg.configFile ];
+
+in {
+
+  ###### interface
+
+  options = {
+
+    services.openarc = {
+
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Whether to enable the OpenARC sender authentication system.";
+      };
+
+      socket = mkOption {
+        type = types.str;
+        default = defaultSock;
+        description = "Socket which is used for communication with OpenARC.";
+      };
+
+      user = mkOption {
+        type = types.str;
+        default = "opendmarc";
+        description = "User for the daemon.";
+      };
+
+      group = mkOption {
+        type = types.str;
+        default = "opendmarc";
+        description = "Group for the daemon.";
+      };
+
+      configFile = mkOption {
+        type = types.nullOr types.path;
+        default = null;
+        description = "Additional OpenARC configuration.";
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    users.users = optionalAttrs (cfg.user == "openarc") (singleton
+      { name = "openarc";
+        group = cfg.group;
+        uid = config.ids.uids.openarc;
+      });
+
+    users.groups = optionalAttrs (cfg.group == "openarc") (singleton
+      { name = "openarc";
+        gid = config.ids.gids.openarc;
+      });
+
+    environment.systemPackages = [ pkgs.openarc ];
+
+    systemd.services.openarc = {
+      description = "OpenARC daemon";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+
+      serviceConfig = {
+        ExecStart = "${pkgs.openarc}/bin/openarc ${escapeShellArgs args}";
+        User = cfg.user;
+        Group = cfg.group;
+        RuntimeDirectory = optional (cfg.socket == defaultSock) "openarc";
+        PermissionsStartOnly = true;
+      };
+    };
+
+  };
+}
diff --git a/modules/opendmarc.nix b/modules/opendmarc.nix
new file mode 100644
index 00000000..e18ec82a
--- /dev/null
+++ b/modules/opendmarc.nix
@@ -0,0 +1,90 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+  cfg = config.services.opendmarc;
+
+  defaultSock = "local:/run/opendmarc/opendmarc.sock";
+
+  args = [ "-f" "-l"
+           "-p" cfg.socket
+         ] ++ optionals (cfg.configFile != null) [ "-c" cfg.configFile ];
+
+in {
+
+  ###### interface
+
+  options = {
+
+    services.opendmarc = {
+
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Whether to enable the OpenDMARC sender authentication system.";
+      };
+
+      socket = mkOption {
+        type = types.str;
+        default = defaultSock;
+        description = "Socket which is used for communication with OpenDMARC.";
+      };
+
+      user = mkOption {
+        type = types.str;
+        default = "opendmarc";
+        description = "User for the daemon.";
+      };
+
+      group = mkOption {
+        type = types.str;
+        default = "opendmarc";
+        description = "Group for the daemon.";
+      };
+
+      configFile = mkOption {
+        type = types.nullOr types.path;
+        default = null;
+        description = "Additional OpenDMARC configuration.";
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    users.users = optionalAttrs (cfg.user == "opendmarc") (singleton
+      { name = "opendmarc";
+        group = cfg.group;
+        uid = config.ids.uids.opendmarc;
+      });
+
+    users.groups = optionalAttrs (cfg.group == "opendmarc") (singleton
+      { name = "opendmarc";
+        gid = config.ids.gids.opendmarc;
+      });
+
+    environment.systemPackages = [ pkgs.opendmarc ];
+
+    systemd.services.opendmarc = {
+      description = "OpenDMARC daemon";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+
+      serviceConfig = {
+        ExecStart = "${pkgs.opendmarc}/bin/opendmarc ${escapeShellArgs args}";
+        User = cfg.user;
+        Group = cfg.group;
+        RuntimeDirectory = optional (cfg.socket == defaultSock) "opendmarc";
+        PermissionsStartOnly = true;
+      };
+    };
+
+  };
+}
-- 
cgit v1.2.3