diff options
| author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2012-09-28 11:35:27 -0400 |
|---|---|---|
| committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2012-09-28 11:35:27 -0400 |
| commit | 3ad370ae0a16a87b736ded31a3ea040aaabad0b4 (patch) | |
| tree | f22fcf1c580886b3323955ff10237ccda92fd3f4 /modules/services/mail | |
| parent | 3e6bb7d1de4fb0e4024161f501dbd7521ff791b4 (diff) | |
| parent | 1084a8e0de805229d216c928efbc457cae57eea2 (diff) | |
| download | nixlib-3ad370ae0a16a87b736ded31a3ea040aaabad0b4.tar nixlib-3ad370ae0a16a87b736ded31a3ea040aaabad0b4.tar.gz nixlib-3ad370ae0a16a87b736ded31a3ea040aaabad0b4.tar.bz2 nixlib-3ad370ae0a16a87b736ded31a3ea040aaabad0b4.tar.lz nixlib-3ad370ae0a16a87b736ded31a3ea040aaabad0b4.tar.xz nixlib-3ad370ae0a16a87b736ded31a3ea040aaabad0b4.tar.zst nixlib-3ad370ae0a16a87b736ded31a3ea040aaabad0b4.zip | |
Merge remote-tracking branch 'origin/master' into systemd
Conflicts: modules/misc/ids.nix modules/services/mail/postfix.nix modules/services/system/nscd.nix modules/services/x11/desktop-managers/xfce.nix modules/system/boot/stage-1.nix
Diffstat (limited to 'modules/services/mail')
| -rw-r--r-- | modules/services/mail/dovecot.nix | 89 | ||||
| -rw-r--r-- | modules/services/mail/dovecot2.nix | 149 | ||||
| -rw-r--r-- | modules/services/mail/postfix.nix | 49 | ||||
| -rw-r--r-- | modules/services/mail/spamassassin.nix | 23 |
4 files changed, 120 insertions, 190 deletions
diff --git a/modules/services/mail/dovecot.nix b/modules/services/mail/dovecot.nix index ff41c8f43025..9a9acf69c51b 100644 --- a/modules/services/mail/dovecot.nix +++ b/modules/services/mail/dovecot.nix @@ -4,47 +4,46 @@ with pkgs.lib; let - cfg = config.services.dovecot; + cfg = config.services.dovecot2; dovecotConf = '' - base_dir = /var/run/dovecot/ + base_dir = /var/run/dovecot2/ - protocols = imap imaps pop3 pop3s + protocols = imap pop3 '' + (if cfg.sslServerCert!="" then '' - ssl_cert_file = ${cfg.sslServerCert} - ssl_key_file = ${cfg.sslServerKey} - ssl_ca_file = ${cfg.sslCACert} + ssl_cert = <${cfg.sslServerCert} + ssl_key = <${cfg.sslServerKey} + ssl_ca = <${cfg.sslCACert} + disable_plaintext_auth = yes '' else '' - ssl_disable = yes + ssl = no disable_plaintext_auth = no '') + '' - login_user = ${cfg.user} - login_chroot = no + default_internal_user = ${cfg.user} - mail_location = maildir:/var/spool/mail/%u + mail_location = ${cfg.mailLocation} maildir_copy_with_hardlinks = yes - auth default { - mechanisms = plain login - userdb passwd { - } - passdb pam { - } + auth_mechanisms = plain login + service auth { user = root } - auth_debug = yes - auth_verbose = yes + userdb { + driver = passwd + } + passdb { + driver = pam + args = dovecot2 + } pop3_uidl_format = %08Xv%08Xu - - log_path = /var/log/dovecot.log - ''; + '' + cfg.extraConfig; confFile = pkgs.writeText "dovecot.conf" dovecotConf; @@ -56,23 +55,37 @@ in options = { - services.dovecot = { + services.dovecot2 = { enable = mkOption { default = false; - description = "Whether to enable the Dovecot POP3/IMAP server."; + description = "Whether to enable the Dovecot 2.x POP3/IMAP server."; }; user = mkOption { - default = "dovecot"; + default = "dovecot2"; description = "Dovecot user name."; }; group = mkOption { - default = "dovecot"; + default = "dovecot2"; description = "Dovecot group name."; }; + extraConfig = mkOption { + default = ""; + example = "mail_debug = yes"; + description = "Additional entries to put verbatim into Dovecot's config file."; + }; + + mailLocation = mkOption { + default = "maildir:/var/spool/mail/%u"; /* Same as inbox, as postfix */ + example = "maildir:~/mail:INBOX=/var/spool/mail/%u"; + description = '' + Location that dovecot will use for mail folders. Dovecot mail_location option. + ''; + }; + sslServerCert = mkOption { default = ""; description = "Server certificate"; @@ -95,36 +108,44 @@ in ###### implementation - config = mkIf config.services.dovecot.enable { + config = mkIf config.services.dovecot2.enable { - security.pam.services = [ { name = "dovecot"; } ]; + security.pam.services = [ { name = "dovecot2"; } ]; - users.extraUsers = singleton + users.extraUsers = [ { name = cfg.user; - uid = config.ids.uids.dovecot; + uid = config.ids.uids.dovecot2; description = "Dovecot user"; group = cfg.group; - }; + } + { name = "dovenull"; + uid = config.ids.uids.dovenull2; + description = "Dovecot user for untrusted logins"; + group = cfg.group; + } + ]; users.extraGroups = singleton { name = cfg.group; - gid = config.ids.gids.dovecot; + gid = config.ids.gids.dovecot2; }; - jobs.dovecot = + jobs.dovecot2 = { description = "Dovecot IMAP/POP3 server"; startOn = "started networking"; preStart = '' - ${pkgs.coreutils}/bin/mkdir -p /var/run/dovecot /var/run/dovecot/login - ${pkgs.coreutils}/bin/chown -R ${cfg.user}:${cfg.group} /var/run/dovecot + ${pkgs.coreutils}/bin/mkdir -p /var/run/dovecot2 /var/run/dovecot2/login + ${pkgs.coreutils}/bin/chown -R ${cfg.user}:${cfg.group} /var/run/dovecot2 ''; exec = "${pkgs.dovecot}/sbin/dovecot -F -c ${confFile}"; }; + environment.systemPackages = [ pkgs.dovecot ]; + }; } diff --git a/modules/services/mail/dovecot2.nix b/modules/services/mail/dovecot2.nix deleted file mode 100644 index c5f5da41d317..000000000000 --- a/modules/services/mail/dovecot2.nix +++ /dev/null @@ -1,149 +0,0 @@ -{ config, pkgs, ... }: - -with pkgs.lib; - -let - - cfg = config.services.dovecot2; - - dovecotConf = - '' - base_dir = /var/run/dovecot2/ - - protocols = imap pop3 - '' - + (if cfg.sslServerCert!="" then - '' - ssl_cert_file = ${cfg.sslServerCert} - ssl_key_file = ${cfg.sslServerKey} - ssl_ca_file = ${cfg.sslCACert} - '' else '' - ssl = no - disable_plaintext_auth = no - '') - - + '' - default_internal_user = ${cfg.user} - - mail_location = ${cfg.mailLocation} - - maildir_copy_with_hardlinks = yes - - auth_mechanisms = plain login - service auth { - user = root - } - userdb { - driver = passwd - } - passdb { - driver = pam - args = dovecot2 - } - #auth_debug = yes - #auth_verbose = yes - #debug_log_path = /tmp/dovecot2debug.log - - pop3_uidl_format = %08Xv%08Xu - - log_path = /var/log/dovecot2.log - ''; - - confFile = pkgs.writeText "dovecot.conf" dovecotConf; - -in - -{ - - ###### interface - - options = { - - services.dovecot2 = { - - enable = mkOption { - default = false; - description = "Whether to enable the Dovecot 2.x POP3/IMAP server."; - }; - - user = mkOption { - default = "dovecot2"; - description = "Dovecot user name."; - }; - - group = mkOption { - default = "dovecot2"; - description = "Dovecot group name."; - }; - - mailLocation = mkOption { - default = "maildir:/var/spool/mail/%u"; /* Same as inbox, as postfix */ - example = "maildir:~/mail:INBOX=/var/spool/mail/%u"; - description = '' - Location that dovecot will use for mail folders. Dovecot mail_location option. - ''; - }; - - sslServerCert = mkOption { - default = ""; - description = "Server certificate"; - }; - - sslCACert = mkOption { - default = ""; - description = "CA certificate used by the server certificate."; - }; - - sslServerKey = mkOption { - default = ""; - description = "Server key."; - }; - - }; - - }; - - - ###### implementation - - config = mkIf config.services.dovecot2.enable { - - security.pam.services = [ { name = "dovecot2"; } ]; - - users.extraUsers = [ - { name = cfg.user; - uid = config.ids.uids.dovecot2; - description = "Dovecot user"; - group = cfg.group; - } - { name = "dovenull"; - uid = config.ids.uids.dovenull2; - description = "Dovecot user for untrusted logins"; - group = cfg.group; - } - ]; - - users.extraGroups = singleton - { name = cfg.group; - gid = config.ids.gids.dovecot2; - }; - - jobs.dovecot2 = - { description = "Dovecot IMAP/POP3 server"; - - startOn = "started networking"; - - preStart = - '' - ${pkgs.coreutils}/bin/mkdir -p /var/run/dovecot2 /var/run/dovecot2/login - ${pkgs.coreutils}/bin/chown -R ${cfg.user}:${cfg.group} /var/run/dovecot2 - ''; - - exec = "${pkgs.dovecot_2_0}/sbin/dovecot -F -c ${confFile}"; - }; - - environment.systemPackages = [ pkgs.dovecot_2_0 ]; - - }; - -} diff --git a/modules/services/mail/postfix.nix b/modules/services/mail/postfix.nix index d4505818e0c0..6b141e7e24ec 100644 --- a/modules/services/mail/postfix.nix +++ b/modules/services/mail/postfix.nix @@ -85,6 +85,45 @@ let '' + cfg.extraConfig; + masterCf = '' + # ========================================================================== + # service type private unpriv chroot wakeup maxproc command + args + # (yes) (yes) (yes) (never) (100) + # ========================================================================== + smtp inet n - n - - smtpd + #submission inet n - n - - smtpd + # -o smtpd_tls_security_level=encrypt + # -o smtpd_sasl_auth_enable=yes + # -o smtpd_client_restrictions=permit_sasl_authenticated,reject + # -o milter_macro_daemon_name=ORIGINATING + pickup fifo n - n 60 1 pickup + cleanup unix n - n - 0 cleanup + qmgr fifo n - n 300 1 qmgr + tlsmgr unix - - n 1000? 1 tlsmgr + rewrite unix - - n - - trivial-rewrite + bounce unix - - n - 0 bounce + defer unix - - n - 0 bounce + trace unix - - n - 0 bounce + verify unix - - n - 1 verify + flush unix n - n 1000? 0 flush + proxymap unix - - n - - proxymap + proxywrite unix - - n - 1 proxymap + smtp unix - - n - - smtp + relay unix - - n - - smtp + -o smtp_fallback_relay= + # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 + showq unix n - n - - showq + error unix - - n - - error + retry unix - - n - - error + discard unix - - n - - discard + local unix - n n - - local + virtual unix - n n - - virtual + lmtp unix - - n - - lmtp + anvil unix - - n - 1 anvil + scache unix - - n - 1 scache + ${cfg.extraMasterConf} + ''; + aliases = optionalString (cfg.postmasterAlias != "") '' postmaster: ${cfg.postmasterAlias} @@ -98,6 +137,7 @@ let aliasesFile = pkgs.writeText "postfix-aliases" aliases; virtualFile = pkgs.writeText "postfix-virtual" cfg.virtual; mainCfFile = pkgs.writeText "postfix-main.cf" mainCf; + masterCfFile = pkgs.writeText "postfix-master.cf" masterCf; in @@ -232,7 +272,7 @@ in extraConfig = mkOption { default = ""; description = " - Extra configuration, will be added verbatim to the configuration file. + Extra lines to be added verbatim to the main.cf configuration file. "; }; @@ -266,6 +306,12 @@ in "; }; + extraMasterConf = mkOption { + default = ""; + example = "submission inet n - n - - smtpd"; + description = "Extra lines to append to the generated master.cf file."; + }; + }; }; @@ -342,6 +388,7 @@ in ln -sf ${aliasesFile} /var/postfix/conf/aliases ln -sf ${virtualFile} /var/postfix/conf/virtual ln -sf ${mainCfFile} /var/postfix/conf/main.cf + ln -sf ${masterCfFile} /var/postfix/conf/master.cf ${pkgs.postfix}/sbin/postalias -c /var/postfix/conf /var/postfix/conf/aliases ${pkgs.postfix}/sbin/postmap -c /var/postfix/conf /var/postfix/conf/virtual diff --git a/modules/services/mail/spamassassin.nix b/modules/services/mail/spamassassin.nix index 9b387eb940f7..d4dbe8ddbd04 100644 --- a/modules/services/mail/spamassassin.nix +++ b/modules/services/mail/spamassassin.nix @@ -21,6 +21,11 @@ in description = "Whether to run the SpamAssassin daemon."; }; + debug = mkOption { + default = false; + description = "Whether to run the SpamAssassin daemon in debug mode."; + }; + }; }; @@ -33,17 +38,23 @@ in # Allow users to run 'spamc'. environment.systemPackages = [ pkgs.spamassassin ]; - users.extraUsers = singleton - { name = "spamd"; - description = "Spam Assassin Daemon"; - uid = config.ids.uids.spamd; - }; + users.extraUsers = singleton { + name = "spamd"; + description = "Spam Assassin Daemon"; + uid = config.ids.uids.spamd; + group = "spamd"; + }; + + users.extraGroups = singleton { + name = "spamd"; + gid = config.ids.gids.spamd; + }; jobs.spamd = { description = "Spam Assassin Server"; startOn = "started networking and filesystem"; environment.TZ = config.time.timeZone; - exec = "${pkgs.spamassassin}/bin/spamd -C /etc/spamassassin/init.pre --siteconfigpath=/etc/spamassassin --username=spamd --pidfile=/var/run/spamd.pid"; + exec = "${pkgs.spamassassin}/bin/spamd ${optionalString cfg.debug "-D"} --username=spamd --groupname=spamd --nouser-config --virtual-config-dir=/var/lib/spamassassin/user-%u --allow-tell --pidfile=/var/run/spamd.pid"; }; }; |