Gitiles
Code Review Sign In
git.clicks.codes / Infra / NixFiles / 0ad4562bcde64303dda2e2312ee0901899ea8439 / . / modules / common / dmarc.nix
blob: da7f1ec3121b86d2c29439fca3972af212717d85 [file] [log] [blame]
Skyler Grey07c947a2023-06-08 14:11:23 +0200[diff] [blame]1{ config, lib, pkgs, ... }: {
Skyler Greya7fbaee2023-05-12 00:29:20 +0000[diff] [blame]2 users.users.parsedmarc = {
3 isSystemUser = true;
4 createHome = true;
5 home = "/services/parsedmarc";
6 group = config.users.groups.clicks.name;
7 shell = pkgs.bashInteractive;
8 };
Skyler Greyfe1740c2023-10-21 01:24:18 +0000[diff] [blame]9 sops.secrets = lib.pipe [ "imap_password" "maxmind_license_key" ] [
Skyler Greya7fbaee2023-05-12 00:29:20 +0000[diff] [blame]10 (map (name: {
11 inherit name;
12 value = {
13 mode = "0400";
14 owner = config.users.users.parsedmarc.name;
15 group = config.users.users.parsedmarc.group;
Samuel Shuertf68685d2023-10-28 20:07:56 -0400[diff] [blame]16 sopsFile = ../../secrets/dmarc.json;
Skyler Greya7fbaee2023-05-12 00:29:20 +0000[diff] [blame]17 format = "json";
18 };
19 }))
20 builtins.listToAttrs
21 ];
22
23 services.parsedmarc = {
Skyler Grey40472b42024-03-16 15:11:29 +0000[diff] [blame]24 enable = true;
Skyler Greya7fbaee2023-05-12 00:29:20 +0000[diff] [blame]25 settings.imap = {
26 host = "mail.clicks.codes";
27 user = "dmarc@clicks.codes";
28 password = { _secret = config.sops.secrets.imap_password.path; };
Skyler Grey07c947a2023-06-08 14:11:23 +0200[diff] [blame]29 };
Skyler Grey40472b42024-03-16 15:11:29 +0000[diff] [blame]30 settings.smtp.to = [];
Skyler Grey07c947a2023-06-08 14:11:23 +0200[diff] [blame]31 settings.mailbox = {
Skyler Greya7fbaee2023-05-12 00:29:20 +0000[diff] [blame]32 watch = true;
33 delete = false;
34 };
Skyler Grey40472b42024-03-16 15:11:29 +0000[diff] [blame]35 settings.elasticsearch.hosts = lib.mkForce [ "http://localhost:9200" ];
Skyler Greya7fbaee2023-05-12 00:29:20 +0000[diff] [blame]36 };
37 services.geoipupdate.settings = {
38 AccountID = 863877;
39 LicenseKey = { _secret = config.sops.secrets.maxmind_license_key.path; };
40 };
41 systemd.services.geoipupdate-create-db-dir.script = lib.mkForce ''
42 set -o errexit -o pipefail -o nounset -o errtrace
43 shopt -s inherit_errexit
44
45 mkdir -p ${config.services.geoipupdate.settings.DatabaseDirectory}
46 chmod 0750 ${config.services.geoipupdate.settings.DatabaseDirectory}
47
48 chgrp clicks ${config.services.geoipupdate.settings.DatabaseDirectory}
49 # The license agreement does not allow us to let non-clicks users access the database
50 '';
Skyler Greya7fbaee2023-05-12 00:29:20 +0000[diff] [blame]51}