| Skyler Grey | a7fbaee | 2023-05-12 00:29:20 +0000 | [diff] [blame] | 1 | { config, lib, pkgs, pkgs-unstable, ... }: { |
| 2 | users.users.parsedmarc = { |
| 3 | isSystemUser = true; |
| 4 | createHome = true; |
| 5 | home = "/services/parsedmarc"; |
| 6 | group = config.users.groups.clicks.name; |
| 7 | shell = pkgs.bashInteractive; |
| 8 | }; |
| 9 | sops.secrets = lib.pipe [ |
| 10 | "imap_password" |
| 11 | "maxmind_license_key" |
| 12 | ] [ |
| 13 | (map (name: { |
| 14 | inherit name; |
| 15 | value = { |
| 16 | mode = "0400"; |
| 17 | owner = config.users.users.parsedmarc.name; |
| 18 | group = config.users.users.parsedmarc.group; |
| 19 | sopsFile = ../secrets/dmarc.json; |
| 20 | format = "json"; |
| 21 | }; |
| 22 | })) |
| 23 | builtins.listToAttrs |
| 24 | ]; |
| 25 | |
| 26 | services.parsedmarc = { |
| 27 | enable = true; |
| 28 | settings.imap = { |
| 29 | host = "mail.clicks.codes"; |
| 30 | user = "dmarc@clicks.codes"; |
| 31 | password = { _secret = config.sops.secrets.imap_password.path; }; |
| 32 | watch = true; |
| 33 | delete = false; |
| 34 | }; |
| 35 | }; |
| 36 | services.geoipupdate.settings = { |
| 37 | AccountID = 863877; |
| 38 | LicenseKey = { _secret = config.sops.secrets.maxmind_license_key.path; }; |
| 39 | }; |
| 40 | systemd.services.geoipupdate-create-db-dir.script = lib.mkForce '' |
| 41 | set -o errexit -o pipefail -o nounset -o errtrace |
| 42 | shopt -s inherit_errexit |
| 43 | |
| 44 | mkdir -p ${config.services.geoipupdate.settings.DatabaseDirectory} |
| 45 | chmod 0750 ${config.services.geoipupdate.settings.DatabaseDirectory} |
| 46 | |
| 47 | chgrp clicks ${config.services.geoipupdate.settings.DatabaseDirectory} |
| 48 | # The license agreement does not allow us to let non-clicks users access the database |
| 49 | ''; |
| 50 | services.elasticsearch.package = pkgs-unstable.elasticsearch; |
| 51 | } |