nixos/modules/services/monitoring/prometheus/exporters/dmarc.nix at 23.11-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / monitoring / prometheus / exporters / dmarc.nix
at 23.11-beta 3.4 kB view raw
  1{ config, lib, pkgs, options }:
  2
  3with lib;
  4
  5let
  6  cfg = config.services.prometheus.exporters.dmarc;
  7
  8  json = builtins.toJSON {
  9    inherit (cfg) folders port;
 10    listen_addr = cfg.listenAddress;
 11    storage_path = "$STATE_DIRECTORY";
 12    imap = (builtins.removeAttrs cfg.imap [ "passwordFile" ]) // { password = "$IMAP_PASSWORD"; use_ssl = true; };
 13    poll_interval_seconds = cfg.pollIntervalSeconds;
 14    deduplication_max_seconds = cfg.deduplicationMaxSeconds;
 15    logging = {
 16      version = 1;
 17      disable_existing_loggers = false;
 18    };
 19  };
 20in {
 21  port = 9797;
 22  extraOpts = {
 23    imap = {
 24      host = mkOption {
 25        type = types.str;
 26        default = "localhost";
 27        description = lib.mdDoc ''
 28          Hostname of IMAP server to connect to.
 29        '';
 30      };
 31      port = mkOption {
 32        type = types.port;
 33        default = 993;
 34        description = lib.mdDoc ''
 35          Port of the IMAP server to connect to.
 36        '';
 37      };
 38      username = mkOption {
 39        type = types.str;
 40        example = "postmaster@example.org";
 41        description = lib.mdDoc ''
 42          Login username for the IMAP connection.
 43        '';
 44      };
 45      passwordFile = mkOption {
 46        type = types.str;
 47        example = "/run/secrets/dovecot_pw";
 48        description = lib.mdDoc ''
 49          File containing the login password for the IMAP connection.
 50        '';
 51      };
 52    };
 53    folders = {
 54      inbox = mkOption {
 55        type = types.str;
 56        default = "INBOX";
 57        description = lib.mdDoc ''
 58          IMAP mailbox that is checked for incoming DMARC aggregate reports
 59        '';
 60      };
 61      done = mkOption {
 62        type = types.str;
 63        default = "Archive";
 64        description = lib.mdDoc ''
 65          IMAP mailbox that successfully processed reports are moved to.
 66        '';
 67      };
 68      error = mkOption {
 69        type = types.str;
 70        default = "Invalid";
 71        description = lib.mdDoc ''
 72          IMAP mailbox that emails are moved to that could not be processed.
 73        '';
 74      };
 75    };
 76    pollIntervalSeconds = mkOption {
 77      type = types.ints.unsigned;
 78      default = 60;
 79      description = lib.mdDoc ''
 80        How often to poll the IMAP server in seconds.
 81      '';
 82    };
 83    deduplicationMaxSeconds = mkOption {
 84      type = types.ints.unsigned;
 85      default = 604800;
 86      defaultText = "7 days (in seconds)";
 87      description = lib.mdDoc ''
 88        How long individual report IDs will be remembered to avoid
 89        counting double delivered reports twice.
 90      '';
 91    };
 92    debug = mkOption {
 93      type = types.bool;
 94      default = false;
 95      description = lib.mdDoc ''
 96        Whether to declare enable `--debug`.
 97      '';
 98    };
 99  };
100  serviceOpts = {
101    path = with pkgs; [ envsubst coreutils ];
102    serviceConfig = {
103      StateDirectory = "prometheus-dmarc-exporter";
104      WorkingDirectory = "/var/lib/prometheus-dmarc-exporter";
105      ExecStart = "${pkgs.writeShellScript "setup-cfg" ''
106        export IMAP_PASSWORD="$(<${cfg.imap.passwordFile})"
107        envsubst \
108          -i ${pkgs.writeText "dmarc-exporter.json.template" json} \
109          -o ''${STATE_DIRECTORY}/dmarc-exporter.json
110
111        exec ${pkgs.dmarc-metrics-exporter}/bin/dmarc-metrics-exporter \
112          --configuration /var/lib/prometheus-dmarc-exporter/dmarc-exporter.json \
113          ${optionalString cfg.debug "--debug"}
114      ''}";
115    };
116  };
117}