parsedmarc: init

This commit is contained in:
Rouven Seifert 2024-05-31 23:01:59 +02:00
parent d9a60f39a6
commit 5089f62112
5 changed files with 40 additions and 7 deletions

View file

@ -3,6 +3,9 @@
age.secrets."maxmind" = { age.secrets."maxmind" = {
file = ../../../../secrets/shared/maxmind.age; file = ../../../../secrets/shared/maxmind.age;
}; };
imports = [
./dmarc.nix
];
users.users."promtail".extraGroups = [ "caddy" "systemd-journal" ]; users.users."promtail".extraGroups = [ "caddy" "systemd-journal" ];
services.prometheus = { services.prometheus = {
exporters = { exporters = {

View file

@ -1,10 +1,35 @@
{ ... }: { config, ... }:
{ {
age.secrets.dmarc = {
file = ../../../../secrets/falkenstein/dmarc.age;
};
users.users.dmarc = { users.users.dmarc = {
description = "DMARC Report recipient"; description = "DMARC Report recipient";
isNormalUser = true; isNormalUser = true;
}; };
# services.parsedmarc = { networking.firewall.allowedTCPPorts = [ config.services.elasticsearch.tcp_port ];
# enable = true; services.parsedmarc = {
# }; enable = true;
provision = {
grafana = {
dashboard = false;
datasource = false;
};
localMail.enable = false;
elasticsearch = false;
geoIp = false;
};
settings = {
imap = {
user = "dmarc@rfive.de";
port = 993;
host = "mail.rfive.de";
password = {
_secret = config.age.secrets.dmarc.path;
};
};
opensearch.hosts = "localhost:9200";
};
};
services.opensearch.enable = true;
} }

View file

@ -3,9 +3,6 @@ let
domain = "monitoring.${config.networking.domain}"; domain = "monitoring.${config.networking.domain}";
in in
{ {
imports = [
./dmarc.nix
];
age.secrets."grafana/oidc_secret" = { age.secrets."grafana/oidc_secret" = {
file = ../../../../secrets/nuc/grafana/oidc.age; file = ../../../../secrets/nuc/grafana/oidc.age;
owner = "grafana"; owner = "grafana";

View file

@ -36,6 +36,7 @@ in
"secrets/falkenstein/wireguard/dorm/preshared.age".publicKeys = [ rouven falkenstein ]; "secrets/falkenstein/wireguard/dorm/preshared.age".publicKeys = [ rouven falkenstein ];
"secrets/falkenstein/borg/passphrase.age".publicKeys = [ rouven falkenstein ]; "secrets/falkenstein/borg/passphrase.age".publicKeys = [ rouven falkenstein ];
"secrets/falkenstein/borg/key.age".publicKeys = [ rouven falkenstein ]; "secrets/falkenstein/borg/key.age".publicKeys = [ rouven falkenstein ];
"secrets/falkenstein/dmarc.age".publicKeys = [ rouven falkenstein ];
#shared #shared
"secrets/shared/maxmind.age".publicKeys = [ rouven nuc falkenstein ]; "secrets/shared/maxmind.age".publicKeys = [ rouven nuc falkenstein ];

View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 uWbAHQ OVBZwLNH5ryKgNruVU0XRV2F5dDu7W9R3qMWz08Krzs
vrXngscbxNRGfITXKM1uRNFRjUZRaWNpZ9ijSy+pERw
-> ssh-ed25519 slrRig AIO7ny4bykCYWzLgCfd75dt00myFSd+waEv2/MEOpUY
65u83G9Ew+idajuExoTb5URAnM1paEGFYsfQ3HqKvGg
--- YoSI0kDXGCKQQCebjG8vzsTJMomjJ3RZWY0j+eG5U6U
n „NÀSò]6e<36>¸åp!±ÍY°  D&uöü2¾ÇŠÒy˜¾¯`<60>j