nixos/modules/services/monitoring/prometheus/exporters/dmarc.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / monitoring / prometheus / exporters / dmarc.nix
at master 3.4 kB view raw
  1{
  2  config,
  3  lib,
  4  pkgs,
  5  options,
  6  ...
  7}:
  8
  9let
 10  cfg = config.services.prometheus.exporters.dmarc;
 11  inherit (lib) mkOption types optionalString;
 12
 13  json = builtins.toJSON {
 14    inherit (cfg) folders port;
 15    listen_addr = cfg.listenAddress;
 16    storage_path = "$STATE_DIRECTORY";
 17    imap = (builtins.removeAttrs cfg.imap [ "passwordFile" ]) // {
 18      password = "$IMAP_PASSWORD";
 19      use_ssl = true;
 20    };
 21    poll_interval_seconds = cfg.pollIntervalSeconds;
 22    deduplication_max_seconds = cfg.deduplicationMaxSeconds;
 23    logging = {
 24      version = 1;
 25      disable_existing_loggers = false;
 26    };
 27  };
 28in
 29{
 30  port = 9797;
 31  extraOpts = {
 32    imap = {
 33      host = mkOption {
 34        type = types.str;
 35        default = "localhost";
 36        description = ''
 37          Hostname of IMAP server to connect to.
 38        '';
 39      };
 40      port = mkOption {
 41        type = types.port;
 42        default = 993;
 43        description = ''
 44          Port of the IMAP server to connect to.
 45        '';
 46      };
 47      username = mkOption {
 48        type = types.str;
 49        example = "postmaster@example.org";
 50        description = ''
 51          Login username for the IMAP connection.
 52        '';
 53      };
 54      passwordFile = mkOption {
 55        type = types.str;
 56        example = "/run/secrets/dovecot_pw";
 57        description = ''
 58          File containing the login password for the IMAP connection.
 59        '';
 60      };
 61    };
 62    folders = {
 63      inbox = mkOption {
 64        type = types.str;
 65        default = "INBOX";
 66        description = ''
 67          IMAP mailbox that is checked for incoming DMARC aggregate reports
 68        '';
 69      };
 70      done = mkOption {
 71        type = types.str;
 72        default = "Archive";
 73        description = ''
 74          IMAP mailbox that successfully processed reports are moved to.
 75        '';
 76      };
 77      error = mkOption {
 78        type = types.str;
 79        default = "Invalid";
 80        description = ''
 81          IMAP mailbox that emails are moved to that could not be processed.
 82        '';
 83      };
 84    };
 85    pollIntervalSeconds = mkOption {
 86      type = types.ints.unsigned;
 87      default = 60;
 88      description = ''
 89        How often to poll the IMAP server in seconds.
 90      '';
 91    };
 92    deduplicationMaxSeconds = mkOption {
 93      type = types.ints.unsigned;
 94      default = 604800;
 95      defaultText = "7 days (in seconds)";
 96      description = ''
 97        How long individual report IDs will be remembered to avoid
 98        counting double delivered reports twice.
 99      '';
100    };
101    debug = mkOption {
102      type = types.bool;
103      default = false;
104      description = ''
105        Whether to declare enable `--debug`.
106      '';
107    };
108  };
109  serviceOpts = {
110    path = with pkgs; [
111      envsubst
112      coreutils
113    ];
114    serviceConfig = {
115      StateDirectory = "prometheus-dmarc-exporter";
116      WorkingDirectory = "/var/lib/prometheus-dmarc-exporter";
117      ExecStart = "${pkgs.writeShellScript "setup-cfg" ''
118        export IMAP_PASSWORD="$(<${cfg.imap.passwordFile})"
119        envsubst \
120          -i ${pkgs.writeText "dmarc-exporter.json.template" json} \
121          -o ''${STATE_DIRECTORY}/dmarc-exporter.json
122
123        exec ${pkgs.dmarc-metrics-exporter}/bin/dmarc-metrics-exporter \
124          --configuration /var/lib/prometheus-dmarc-exporter/dmarc-exporter.json \
125          ${optionalString cfg.debug "--debug"}
126      ''}";
127    };
128  };
129}