From 5089f62112cb0d87cf279176eec6185e9d00715b Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Fri, 31 May 2024 23:01:59 +0200 Subject: [PATCH] parsedmarc: init --- .../modules/monitoring/default.nix | 3 ++ .../falkenstein/modules/monitoring/dmarc.nix | 33 ++++++++++++++++--- hosts/nuc/modules/monitoring/default.nix | 3 -- secrets.nix | 1 + secrets/falkenstein/dmarc.age | 7 ++++ 5 files changed, 40 insertions(+), 7 deletions(-) create mode 100644 secrets/falkenstein/dmarc.age diff --git a/hosts/falkenstein/modules/monitoring/default.nix b/hosts/falkenstein/modules/monitoring/default.nix index 4b389fe..be1d931 100644 --- a/hosts/falkenstein/modules/monitoring/default.nix +++ b/hosts/falkenstein/modules/monitoring/default.nix @@ -3,6 +3,9 @@ age.secrets."maxmind" = { file = ../../../../secrets/shared/maxmind.age; }; + imports = [ + ./dmarc.nix + ]; users.users."promtail".extraGroups = [ "caddy" "systemd-journal" ]; services.prometheus = { exporters = { diff --git a/hosts/falkenstein/modules/monitoring/dmarc.nix b/hosts/falkenstein/modules/monitoring/dmarc.nix index 8946c56..f1d66bb 100644 --- a/hosts/falkenstein/modules/monitoring/dmarc.nix +++ b/hosts/falkenstein/modules/monitoring/dmarc.nix @@ -1,10 +1,35 @@ -{ ... }: +{ config, ... }: { + age.secrets.dmarc = { + file = ../../../../secrets/falkenstein/dmarc.age; + }; users.users.dmarc = { description = "DMARC Report recipient"; isNormalUser = true; }; - # services.parsedmarc = { - # enable = true; - # }; + networking.firewall.allowedTCPPorts = [ config.services.elasticsearch.tcp_port ]; + services.parsedmarc = { + enable = true; + provision = { + grafana = { + dashboard = false; + datasource = false; + }; + localMail.enable = false; + elasticsearch = false; + geoIp = false; + }; + settings = { + imap = { + user = "dmarc@rfive.de"; + port = 993; + host = "mail.rfive.de"; + password = { + _secret = config.age.secrets.dmarc.path; + }; + }; + opensearch.hosts = "localhost:9200"; + }; + }; + services.opensearch.enable = true; } diff --git a/hosts/nuc/modules/monitoring/default.nix b/hosts/nuc/modules/monitoring/default.nix index 20e3638..31619ae 100644 --- a/hosts/nuc/modules/monitoring/default.nix +++ b/hosts/nuc/modules/monitoring/default.nix @@ -3,9 +3,6 @@ let domain = "monitoring.${config.networking.domain}"; in { - imports = [ - ./dmarc.nix - ]; age.secrets."grafana/oidc_secret" = { file = ../../../../secrets/nuc/grafana/oidc.age; owner = "grafana"; diff --git a/secrets.nix b/secrets.nix index 055be04..8c188cb 100644 --- a/secrets.nix +++ b/secrets.nix @@ -36,6 +36,7 @@ in "secrets/falkenstein/wireguard/dorm/preshared.age".publicKeys = [ rouven falkenstein ]; "secrets/falkenstein/borg/passphrase.age".publicKeys = [ rouven falkenstein ]; "secrets/falkenstein/borg/key.age".publicKeys = [ rouven falkenstein ]; + "secrets/falkenstein/dmarc.age".publicKeys = [ rouven falkenstein ]; #shared "secrets/shared/maxmind.age".publicKeys = [ rouven nuc falkenstein ]; diff --git a/secrets/falkenstein/dmarc.age b/secrets/falkenstein/dmarc.age new file mode 100644 index 0000000..0383f1e --- /dev/null +++ b/secrets/falkenstein/dmarc.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 uWbAHQ OVBZwLNH5ryKgNruVU0XRV2F5dDu7W9R3qMWz08Krzs +vrXngscbxNRGfITXKM1uRNFRjUZRaWNpZ9ijSy+pERw +-> ssh-ed25519 slrRig AIO7ny4bykCYWzLgCfd75dt00myFSd+waEv2/MEOpUY +65u83G9Ew+idajuExoTb5URAnM1paEGFYsfQ3HqKvGg +--- YoSI0kDXGCKQQCebjG8vzsTJMomjJ3RZWY0j+eG5U6U +n NS]6ep!Y" D&u2NJy`j \ No newline at end of file