Gitiles
Code Review Sign In
git.clicks.codes / Infra / NixFiles / 383d5a947c8dae192500bd45fb9db4a751d5a549 / . / modules / dmarc.nix
blob: 69e3313e5738a7f9da088cfa0683de354186c428 [file] [log] [blame]
Skyler Grey07c947a2023-06-08 14:11:23 +0200[diff] [blame]1{ config, lib, pkgs, ... }: {
Skyler Greya7fbaee2023-05-12 00:29:20 +0000[diff] [blame]2 users.users.parsedmarc = {
3 isSystemUser = true;
4 createHome = true;
5 home = "/services/parsedmarc";
6 group = config.users.groups.clicks.name;
7 shell = pkgs.bashInteractive;
8 };
Skyler Greyfe1740c2023-10-21 01:24:18 +0000[diff] [blame]9 sops.secrets = lib.pipe [ "imap_password" "maxmind_license_key" ] [
Skyler Greya7fbaee2023-05-12 00:29:20 +0000[diff] [blame]10 (map (name: {
11 inherit name;
12 value = {
13 mode = "0400";
14 owner = config.users.users.parsedmarc.name;
15 group = config.users.users.parsedmarc.group;
16 sopsFile = ../secrets/dmarc.json;
17 format = "json";
18 };
19 }))
20 builtins.listToAttrs
21 ];
22
23 services.parsedmarc = {
24 enable = true;
25 settings.imap = {
26 host = "mail.clicks.codes";
27 user = "dmarc@clicks.codes";
28 password = { _secret = config.sops.secrets.imap_password.path; };
Skyler Grey07c947a2023-06-08 14:11:23 +0200[diff] [blame]29 };
30 settings.mailbox = {
Skyler Greya7fbaee2023-05-12 00:29:20 +0000[diff] [blame]31 watch = true;
32 delete = false;
33 };
34 };
35 services.geoipupdate.settings = {
36 AccountID = 863877;
37 LicenseKey = { _secret = config.sops.secrets.maxmind_license_key.path; };
38 };
39 systemd.services.geoipupdate-create-db-dir.script = lib.mkForce ''
40 set -o errexit -o pipefail -o nounset -o errtrace
41 shopt -s inherit_errexit
42
43 mkdir -p ${config.services.geoipupdate.settings.DatabaseDirectory}
44 chmod 0750 ${config.services.geoipupdate.settings.DatabaseDirectory}
45
46 chgrp clicks ${config.services.geoipupdate.settings.DatabaseDirectory}
47 # The license agreement does not allow us to let non-clicks users access the database
48 '';
Skyler Greya7fbaee2023-05-12 00:29:20 +0000[diff] [blame]49}