commit cb3d44378705e7edd875113f084d7a2a2a54d345 · pyrox.dev/nixpkgs

nixos/modules/module-list.nix

···

       269
        
         ./services/mail/offlineimap.nix

     

       270
        
         ./services/mail/opendkim.nix

     

       271
        
         ./services/mail/opensmtpd.nix

     

       0
        
       
     

       272
        
         ./services/mail/postfix.nix

     

       273
        
         ./services/mail/postsrsd.nix

     

       274
        
         ./services/mail/postgrey.nix

···

       269
        
         ./services/mail/offlineimap.nix

     

       270
        
         ./services/mail/opendkim.nix

     

       271
        
         ./services/mail/opensmtpd.nix

     

       272
       +
         ./services/mail/pfix-srsd.nix

     

       273
        
         ./services/mail/postfix.nix

     

       274
        
         ./services/mail/postsrsd.nix

     

       275
        
         ./services/mail/postgrey.nix

+56

nixos/modules/services/mail/pfix-srsd.nix

···

       1
       +
       { config, lib, pkgs, ... }:

     

       2
       +
       

     

       3
       +
       with lib;

     

       4
       +
       

     

       5
       +
       {

     

       6
       +
       

     

       7
       +
         ###### interface

     

       8
       +
       

     

       9
       +
         options = {

     

       10
       +
       

     

       11
       +
           services.pfix-srsd = {

     

       12
       +
             enable = mkOption {

     

       13
       +
               default = false;

     

       14
       +
               type = types.bool;

     

       15
       +
               description = "Whether to run the postfix sender rewriting scheme daemon.";

     

       16
       +
             };

     

       17
       +
       

     

       18
       +
             domain = mkOption {

     

       19
       +
               description = "The domain for which to enable srs";

     

       20
       +
               type = types.str;

     

       21
       +
               example = "example.com";

     

       22
       +
             };

     

       23
       +
       

     

       24
       +
             secretsFile = mkOption {

     

       25
       +
               description = ''

     

       26
       +
                 The secret data used to encode the SRS address.

     

       27
       +
                 to generate, use a command like:

     

       28
       +
                 <literal>for n in $(seq 5); do dd if=/dev/urandom count=1 bs=1024 status=none | sha256sum | sed 's/  -$//' | sed 's/^/          /'; done</literal>

     

       29
       +
               '';

     

       30
       +
               type = types.path;

     

       31
       +
               default = "/var/lib/pfix-srsd/secrets";

     

       32
       +
             };

     

       33
       +
           };

     

       34
       +
         };

     

       35
       +
       

     

       36
       +
         ###### implementation

     

       37
       +
       

     

       38
       +
         config = mkIf config.services.pfix-srsd.enable {

     

       39
       +
           environment = {

     

       40
       +
             systemPackages = [ pkgs.pfixtools ];

     

       41
       +
           };

     

       42
       +
       

     

       43
       +
           systemd.services."pfix-srsd" = {

     

       44
       +
             description = "Postfix sender rewriting scheme daemon";

     

       45
       +
             before = [ "postfix.service" ];

     

       46
       +
             #note that we use requires rather than wants because postfix

     

       47
       +
             #is unable to process (almost) all mail without srsd

     

       48
       +
             requiredBy = [ "postfix.service" ];

     

       49
       +
             serviceConfig = {

     

       50
       +
               Type = "forking";

     

       51
       +
               PIDFile = "/var/run/pfix-srsd.pid";

     

       52
       +
               ExecStart = "${pkgs.pfixtools}/bin/pfix-srsd -p /var/run/pfix-srsd.pid -I ${config.services.pfix-srsd.domain} ${config.services.pfix-srsd.secretsFile}";

     

       53
       +
             };

     

       54
       +
           };

     

       55
       +
         };

     

       56
       +
       }

+14

nixos/modules/services/mail/postfix.nix

···

       79
        
         // optionalAttrs haveTransport { transport_maps = "hash:/etc/postfix/transport"; }

     

       80
        
         // optionalAttrs haveVirtual { virtual_alias_maps = "${cfg.virtualMapType}:/etc/postfix/virtual"; }

     

       81
        
         // optionalAttrs (cfg.dnsBlacklists != []) { smtpd_client_restrictions = clientRestrictions; }

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       82
        
         // optionalAttrs cfg.enableHeaderChecks { header_checks = "regexp:/etc/postfix/header_checks"; }

     

       83
        
         // optionalAttrs (cfg.sslCert != "") {

     

       84
        
           smtp_tls_CAfile = cfg.sslCACert;

     
···

       626
        
               description = "Maps to be compiled and placed into /var/lib/postfix/conf.";

     

       627
        
             };

     

       628
        
       

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       629
        
           };

     

       630
        
       

     

       631
        
         };

     
···

       645
        
               # This makes comfortable for root to run 'postqueue' for example.

     

       646
        
               systemPackages = [ pkgs.postfix ];

     

       647
        
             };

     

       0
        
       
     

       0
        
       
     

       648
        
       

     

       649
        
             services.mail.sendmailSetuidWrapper = mkIf config.services.postfix.setSendmail {

     

       650
        
               program = "sendmail";

···

       79
        
         // optionalAttrs haveTransport { transport_maps = "hash:/etc/postfix/transport"; }

     

       80
        
         // optionalAttrs haveVirtual { virtual_alias_maps = "${cfg.virtualMapType}:/etc/postfix/virtual"; }

     

       81
        
         // optionalAttrs (cfg.dnsBlacklists != []) { smtpd_client_restrictions = clientRestrictions; }

     

       82
       +
         // optionalAttrs cfg.useSrs {

     

       83
       +
           sender_canonical_maps = "tcp:127.0.0.1:10001";

     

       84
       +
           sender_canonical_classes = "envelope_sender";

     

       85
       +
           recipient_canonical_maps = "tcp:127.0.0.1:10002";

     

       86
       +
           recipient_canonical_classes= "envelope_recipient";

     

       87
       +
         }

     

       88
        
         // optionalAttrs cfg.enableHeaderChecks { header_checks = "regexp:/etc/postfix/header_checks"; }

     

       89
        
         // optionalAttrs (cfg.sslCert != "") {

     

       90
        
           smtp_tls_CAfile = cfg.sslCACert;

     
···

       632
        
               description = "Maps to be compiled and placed into /var/lib/postfix/conf.";

     

       633
        
             };

     

       634
        
       

     

       635
       +
             useSrs = mkOption {

     

       636
       +
               type = types.bool;

     

       637
       +
               default = false;

     

       638
       +
               description = "Whether to enable sender rewriting scheme";

     

       639
       +
             };

     

       640
       +
       

     

       641
        
           };

     

       642
        
       

     

       643
        
         };

     
···

       657
        
               # This makes comfortable for root to run 'postqueue' for example.

     

       658
        
               systemPackages = [ pkgs.postfix ];

     

       659
        
             };

     

       660
       +
       

     

       661
       +
             services.pfix-srsd.enable = config.services.postfix.useSrs;

     

       662
        
       

     

       663
        
             services.mail.sendmailSetuidWrapper = mkIf config.services.postfix.setSendmail {

     

       664
        
               program = "sendmail";