diff options
| author | Alyssa Ross <hi@alyssa.is> | 2023-06-04 15:11:22 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2023-06-05 20:44:27 +0000 |
| commit | c5399bc321483d001cc31f62778a3772ddb5a2ce (patch) | |
| tree | 7df275e5647325deb855292221b5604e9d7b4d75 | |
| parent | 58fc1a186697e956da0245f1dacc733c3a039523 (diff) | |
| download | nixlib-c5399bc321483d001cc31f62778a3772ddb5a2ce.tar nixlib-c5399bc321483d001cc31f62778a3772ddb5a2ce.tar.gz nixlib-c5399bc321483d001cc31f62778a3772ddb5a2ce.tar.bz2 nixlib-c5399bc321483d001cc31f62778a3772ddb5a2ce.tar.lz nixlib-c5399bc321483d001cc31f62778a3772ddb5a2ce.tar.xz nixlib-c5399bc321483d001cc31f62778a3772ddb5a2ce.tar.zst nixlib-c5399bc321483d001cc31f62778a3772ddb5a2ce.zip | |
modules/pushmail: init
| -rw-r--r-- | modules/server/pushmail/default.nix | 26 | ||||
| -rw-r--r-- | overlays/personal/default.nix | 2 | ||||
| -rw-r--r-- | overlays/personal/pushmail/default.nix | 30 | ||||
| -rw-r--r-- | sys/atuin.nix | 1 |
4 files changed, 59 insertions, 0 deletions
diff --git a/modules/server/pushmail/default.nix b/modules/server/pushmail/default.nix new file mode 100644 index 000000000000..6da372471d0f --- /dev/null +++ b/modules/server/pushmail/default.nix @@ -0,0 +1,26 @@ +{ pkgs, ... }: + +{ + imports = [ ../git/nixpkgs ../mail ]; + + users.users.pushmail = { isSystemUser = true; group = "pushmail"; }; + users.groups.pushmail = {}; + + # This service can't be DynamicUser because DynamicUser implies + # NoNewPrivileges, and sendmail is setuid. + systemd.services.pushmail = { + path = with pkgs; [ system-sendmail ]; + serviceConfig.ExecStart = "${pkgs.pushmail}/bin/pushmail --from 'Nixpkgs Direct Pushes <pushmail@atuin.qyliss.net>' /var/lib/git/nixpkgs.git NixOS/nixpkgs 'Alyssa Ross <hi@alyssa.is>'"; + serviceConfig.StandardInput = "file:/etc/pushmail/token"; + serviceConfig.User = "pushmail"; + serviceConfig.Group = "pushmail"; + serviceConfig.UMask = "0002"; + serviceConfig.SupplementaryGroups = "nixpkgs"; + }; + + systemd.timers.pushmail = { + wantedBy = [ "timers.target" ]; + timerConfig.OnActiveSec = 0; + timerConfig.OnUnitActiveSec = 300; + }; +} diff --git a/overlays/personal/default.nix b/overlays/personal/default.nix index 643129f0feec..8525029dee29 100644 --- a/overlays/personal/default.nix +++ b/overlays/personal/default.nix @@ -3,4 +3,6 @@ self: super: { declarative-git-repository = self.callPackage ./declarative-git-repository { }; + + pushmail = self.callPackage ./pushmail { }; } diff --git a/overlays/personal/pushmail/default.nix b/overlays/personal/pushmail/default.nix new file mode 100644 index 000000000000..98b504fc3510 --- /dev/null +++ b/overlays/personal/pushmail/default.nix @@ -0,0 +1,30 @@ +{ lib, rustPlatform, fetchurl, makeWrapper, pkg-config, openssl, gitMinimal }: + +rustPlatform.buildRustPackage rec { + pname = "pushmail"; + version = "0.1.0"; + + src = fetchurl { + url = "https://git.qyliss.net/pushmail/snapshot/pushmail-${version}.tar.xz"; + sha256 = "1lbz6nggzzaq9wgsscgv6ypn74mh5fc5z48pw0f5p0bl73vn2n17"; + }; + + cargoSha256 = "1nr4gdnkzaafbl5xlzx3wz1lyax63g8qrdiq4i5dh1s585pxmvr0"; + + nativeBuildInputs = [ makeWrapper pkg-config ]; + buildInputs = [ openssl ]; + strictDeps = true; + + postInstall = '' + wrapProgram $out/bin/pushmail \ + --prefix PATH : ${lib.makeBinPath [ gitMinimal ]} + ''; + + meta = with lib; { + homepage = "https://git.qyliss.net/pushmail/about/"; + description = "Send notification emails for direct pushes to a GitHub repository"; + maintainers = with maintainers; [ qyliss ]; + license = licenses.gpl2Plus; # with linking exception for OpenSSL + platforms = platforms.unix; + }; +} diff --git a/sys/atuin.nix b/sys/atuin.nix index a62d160c2fba..e1ac6bf612ce 100644 --- a/sys/atuin.nix +++ b/sys/atuin.nix @@ -129,6 +129,7 @@ in ../modules/server/irc ../modules/server/nginx ../modules/server/nixpk.gs + ../modules/server/pushmail ../modules/server/spectrum ../modules/server/tor ../modules/server/xmpp |