Gitiles
Code Review Sign In
git.clicks.codes / Infra / NixFiles / 07c947a5679ff591a171d4b07949e1ab45be60d3 / . / modules / dmarc.nix
blob: c79721d897b24a5055f6f1e1f1c6847139af4a94 [file] [log] [blame]
Skyler Grey07c947a2023-06-08 14:11:23 +0200[diff] [blame^]1{ config, lib, pkgs, ... }: {
Skyler Greya7fbaee2023-05-12 00:29:20 +0000[diff] [blame]2 users.users.parsedmarc = {
3 isSystemUser = true;
4 createHome = true;
5 home = "/services/parsedmarc";
6 group = config.users.groups.clicks.name;
7 shell = pkgs.bashInteractive;
8 };
9 sops.secrets = lib.pipe [
10 "imap_password"
11 "maxmind_license_key"
12 ] [
13 (map (name: {
14 inherit name;
15 value = {
16 mode = "0400";
17 owner = config.users.users.parsedmarc.name;
18 group = config.users.users.parsedmarc.group;
19 sopsFile = ../secrets/dmarc.json;
20 format = "json";
21 };
22 }))
23 builtins.listToAttrs
24 ];
25
26 services.parsedmarc = {
27 enable = true;
28 settings.imap = {
29 host = "mail.clicks.codes";
30 user = "dmarc@clicks.codes";
31 password = { _secret = config.sops.secrets.imap_password.path; };
Skyler Grey07c947a2023-06-08 14:11:23 +0200[diff] [blame^]32 };
33 settings.mailbox = {
Skyler Greya7fbaee2023-05-12 00:29:20 +0000[diff] [blame]34 watch = true;
35 delete = false;
36 };
37 };
38 services.geoipupdate.settings = {
39 AccountID = 863877;
40 LicenseKey = { _secret = config.sops.secrets.maxmind_license_key.path; };
41 };
42 systemd.services.geoipupdate-create-db-dir.script = lib.mkForce ''
43 set -o errexit -o pipefail -o nounset -o errtrace
44 shopt -s inherit_errexit
45
46 mkdir -p ${config.services.geoipupdate.settings.DatabaseDirectory}
47 chmod 0750 ${config.services.geoipupdate.settings.DatabaseDirectory}
48
49 chgrp clicks ${config.services.geoipupdate.settings.DatabaseDirectory}
50 # The license agreement does not allow us to let non-clicks users access the database
51 '';
Skyler Greya7fbaee2023-05-12 00:29:20 +0000[diff] [blame]52}