Enable parsedmarc
Parsedmarc is a service to add a dmarc graph to our graphana instance.
We used it before, but disabled it before reviving email, etc. after we
had to start over on a1d2. It was never re-enabled.
The config has changed slightly, so some of the NixOS module defaults no
longer work. We have updated our config to match.
Change-Id: Id5af43f9bef0b845939d894e6b688f817d5dd59f
Reviewed-on: https://git.clicks.codes/c/Infra/NixFiles/+/542
Tested-by: Skyler Grey <minion@clicks.codes>
Reviewed-by: Samuel Shuert <coded@clicks.codes>
diff --git a/modules/common/dmarc.nix b/modules/common/dmarc.nix
index 62d847c..da7f1ec 100644
--- a/modules/common/dmarc.nix
+++ b/modules/common/dmarc.nix
@@ -21,16 +21,18 @@
];
services.parsedmarc = {
- enable = false;
+ enable = true;
settings.imap = {
host = "mail.clicks.codes";
user = "dmarc@clicks.codes";
password = { _secret = config.sops.secrets.imap_password.path; };
};
+ settings.smtp.to = [];
settings.mailbox = {
watch = true;
delete = false;
};
+ settings.elasticsearch.hosts = lib.mkForce [ "http://localhost:9200" ];
};
services.geoipupdate.settings = {
AccountID = 863877;
diff --git a/secrets/dmarc.json b/secrets/dmarc.json
index 3bbbe6c..40a4113 100644
--- a/secrets/dmarc.json
+++ b/secrets/dmarc.json
@@ -1,5 +1,5 @@
{
- "imap_password": "ENC[AES256_GCM,data:JbUCqbt5+oeNpKha+wzGjagro3mDIRVJb8Kcr35v6GaCbx9KOP7VCcGhDKjAFJRAPTkBqFYqQHXP06THV/nkvg==,iv:JF5/at0rF5oFsVu6N6ugVbE3l+3RSHtCWecJFJEXTgA=,tag:fp+EfFhxWIQG2tETnuByig==,type:str]",
+ "imap_password": "ENC[AES256_GCM,data:tmTKYeaN2sCK8OdySsr74LntyPUQS+Zk7ng7ymcAeCQq9iIGIwkv9R7Xt8MR00c7y1Dn2nnYWs4XWQL40wV+JAmZwvNqHwnnXn/HCD9muOPptvz+4dcuS23z63yC8FaHFkL73w==,iv:w3HN/ThMsMD/lgNOnb5wIyt+h6KlYHn2sO6sYbsdEtg=,tag:ShIZomhFykZeb++dfjd/rA==,type:str]",
"maxmind_license_key": "ENC[AES256_GCM,data:CsGO8CxV+Uiay4vtIif0u7SIJ4k74BBhW5zv5ESS5B6hX0whsk8LlQ==,iv:ctQbQGADrEvsaq88frTAmIhgbSd15qSsOclJYPzfNRI=,tag:6Pq6pfjPEGeoUDsvBJTY2A==,type:str]",
"sops": {
"kms": null,
@@ -24,10 +24,10 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaY1l6QXhkY0x3M21WalJh\nZ1pQNm5NR25WbDROeXJVTlpMWkdjS2t0MjJjCjNqSEo3MmwvZ3VWNWJrZjFaTmdQ\ndFlObnJtTlh6YTF6OHB3VkpEVmZId0kKLS0tIHJwV1VoYnRDMlJBTmh6SVYxVWhN\nSnhiNEU4cVNDTGwzQWp3SUY0RVQwdUkKV7JTj9C2lLpK31ie9eTzxT67mRN8BVFV\nYqPmIeuNN37DnReOEWZDoV80lXqrpvLYdwjCmaL4M/KDB5RwI057MQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
- "lastmodified": "2023-05-12T00:43:43Z",
- "mac": "ENC[AES256_GCM,data:u+IfVhGX3DaJvWRuwCFYciEuiUdQuQDNwHtsKPB2gPx5YYJwcqcLzU3ScY+Rz08igiOPh2ji/clmeaBwbMBGIysk+qC1jndPOOT2RbG1QyhOnUR9G0kYyhpKuV4fzUXPCwTLiy8qKy56/VFJwqIcmxMpDbcncgylIMF5DEsqQmE=,iv:x43pcdUfUo6ZnONadEzgjoAHuZb8LUnFAkgKMks9gUs=,tag:0P3+ifSgqUtiEUpqXkW+TQ==,type:str]",
+ "lastmodified": "2024-03-11T00:43:25Z",
+ "mac": "ENC[AES256_GCM,data:ZMUBIc2IIi+ufPinLz+m7TEWzkFTmxclqFkiX9Dlxl5M3C8x/J2FHXPyN39XU0YZkIsnRwru8Uq7noXXd/HHwGt2d9aNbiAVsq22bEK/m39ciGEQXB/8tRZYbjYINizhzQm25fq+svwmdkmblCu3DmBsGQddWdxOESEuy0D2wbk=,iv:wa2qB8xH/IXUGQHaHyAiF7aafniV6lRyA1EpZrOSTz8=,tag:h8IWtnr8FlPrT0aw+MmJvA==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
- "version": "3.7.3"
+ "version": "3.8.1"
}
}
\ No newline at end of file