nixos/pfix-srsd: add module
This commit is contained in:
parent
6a7066eb53
commit
0ece5fc509
@ -263,6 +263,7 @@
|
||||
./services/mail/offlineimap.nix
|
||||
./services/mail/opendkim.nix
|
||||
./services/mail/opensmtpd.nix
|
||||
./services/mail/pfix-srsd.nix
|
||||
./services/mail/postfix.nix
|
||||
./services/mail/postsrsd.nix
|
||||
./services/mail/postgrey.nix
|
||||
|
56
nixos/modules/services/mail/pfix-srsd.nix
Normal file
56
nixos/modules/services/mail/pfix-srsd.nix
Normal file
@ -0,0 +1,56 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
{
|
||||
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
|
||||
services.pfix-srsd = {
|
||||
enable = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = "Whether to run the postfix sender rewriting scheme daemon.";
|
||||
};
|
||||
|
||||
domain = mkOption {
|
||||
description = "The domain for which to enable srs";
|
||||
type = types.str;
|
||||
example = "example.com";
|
||||
};
|
||||
|
||||
secretsFile = mkOption {
|
||||
description = ''
|
||||
The secret data used to encode the SRS address.
|
||||
to generate, use a command like:
|
||||
<literal>for n in $(seq 5); do dd if=/dev/urandom count=1 bs=1024 status=none | sha256sum | sed 's/ -$//' | sed 's/^/ /'; done</literal>
|
||||
'';
|
||||
type = types.path;
|
||||
default = "/var/lib/pfix-srsd/secrets";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf config.services.pfix-srsd.enable {
|
||||
environment = {
|
||||
systemPackages = [ pkgs.pfixtools ];
|
||||
};
|
||||
|
||||
systemd.services."pfix-srsd" = {
|
||||
description = "Postfix sender rewriting scheme daemon";
|
||||
before = [ "postfix.service" ];
|
||||
#note that we use requires rather than wants because postfix
|
||||
#is unable to process (almost) all mail without srsd
|
||||
requiredBy = [ "postfix.service" ];
|
||||
serviceConfig = {
|
||||
Type = "forking";
|
||||
PIDFile = "/var/run/pfix-srsd.pid";
|
||||
ExecStart = "${pkgs.pfixtools}/bin/pfix-srsd -p /var/run/pfix-srsd.pid -I ${config.services.pfix-srsd.domain} ${config.services.pfix-srsd.secretsFile}";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
@ -79,6 +79,12 @@ let
|
||||
// optionalAttrs haveTransport { transport_maps = "hash:/etc/postfix/transport"; }
|
||||
// optionalAttrs haveVirtual { virtual_alias_maps = "${cfg.virtualMapType}:/etc/postfix/virtual"; }
|
||||
// optionalAttrs (cfg.dnsBlacklists != []) { smtpd_client_restrictions = clientRestrictions; }
|
||||
// optionalAttrs cfg.useSrs {
|
||||
sender_canonical_maps = "tcp:127.0.0.1:10001";
|
||||
sender_canonical_classes = "envelope_sender";
|
||||
recipient_canonical_maps = "tcp:127.0.0.1:10002";
|
||||
recipient_canonical_classes= "envelope_recipient";
|
||||
}
|
||||
// optionalAttrs cfg.enableHeaderChecks { header_checks = "regexp:/etc/postfix/header_checks"; }
|
||||
// optionalAttrs (cfg.sslCert != "") {
|
||||
smtp_tls_CAfile = cfg.sslCACert;
|
||||
@ -626,6 +632,12 @@ in
|
||||
description = "Maps to be compiled and placed into /var/lib/postfix/conf.";
|
||||
};
|
||||
|
||||
useSrs = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Whether to enable sender rewriting scheme";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
@ -646,6 +658,8 @@ in
|
||||
systemPackages = [ pkgs.postfix ];
|
||||
};
|
||||
|
||||
services.pfix-srsd.enable = config.services.postfix.useSrs;
|
||||
|
||||
services.mail.sendmailSetuidWrapper = mkIf config.services.postfix.setSendmail {
|
||||
program = "sendmail";
|
||||
source = "${pkgs.postfix}/bin/sendmail";
|
||||
|
Loading…
Reference in New Issue
Block a user