diff options
author | Franz Pletz <fpletz@fnordicwalking.de> | 2017-01-28 02:46:16 +0100 |
---|---|---|
committer | Franz Pletz <fpletz@fnordicwalking.de> | 2017-03-17 23:00:34 +0100 |
commit | 8ab2d2ee27b84bfeb2e2077e87f5ccc7b0d129fe (patch) | |
tree | 08621da5482ef694c87ba6437a223c273f27317c /nixos/modules/services/mail/rmilter.nix | |
parent | 4defb788ebec831f6a868f46b969755d7754cc4f (diff) | |
download | nixlib-8ab2d2ee27b84bfeb2e2077e87f5ccc7b0d129fe.tar nixlib-8ab2d2ee27b84bfeb2e2077e87f5ccc7b0d129fe.tar.gz nixlib-8ab2d2ee27b84bfeb2e2077e87f5ccc7b0d129fe.tar.bz2 nixlib-8ab2d2ee27b84bfeb2e2077e87f5ccc7b0d129fe.tar.lz nixlib-8ab2d2ee27b84bfeb2e2077e87f5ccc7b0d129fe.tar.xz nixlib-8ab2d2ee27b84bfeb2e2077e87f5ccc7b0d129fe.tar.zst nixlib-8ab2d2ee27b84bfeb2e2077e87f5ccc7b0d129fe.zip |
rmilter service: support only one socket
Diffstat (limited to 'nixos/modules/services/mail/rmilter.nix')
-rw-r--r-- | nixos/modules/services/mail/rmilter.nix | 149 |
1 files changed, 84 insertions, 65 deletions
diff --git a/nixos/modules/services/mail/rmilter.nix b/nixos/modules/services/mail/rmilter.nix index 7fb4a5195821..3153b1c79124 100644 --- a/nixos/modules/services/mail/rmilter.nix +++ b/nixos/modules/services/mail/rmilter.nix @@ -7,14 +7,17 @@ let rspamdCfg = config.services.rspamd; cfg = config.services.rmilter; - inetSockets = map (sock: let s = splitString ":" sock; in "inet:${last s}@${head s}") cfg.bindInetSockets; - unixSockets = map (sock: "unix:${sock}") cfg.bindUnixSockets; + inetSocket = addr: port: "inet:[${toString port}@${addr}]"; + unixSocket = sock: "unix:${sock}"; - allSockets = unixSockets ++ inetSockets; + systemdSocket = if cfg.bindSocket.type == "unix" then cfg.bindSocket.path + else "${cfg.bindSocket.address}:${toString cfg.bindSocket.port}"; + rmilterSocket = if cfg.bindSocket.type == "unix" then unixSocket cfg.bindSocket.path + else inetSocket cfg.bindSocket.address cfg.bindSocket.port; rmilterConf = '' pidfile = /run/rmilter/rmilter.pid; - bind_socket = ${if cfg.socketActivation then "fd:3" else last inetSockets}; + bind_socket = ${if cfg.socketActivation then "fd:3" else rmilterSocket}; tempdir = /tmp; '' + (with cfg.rspamd; if enable then '' spamd { @@ -32,7 +35,7 @@ let rspamd_metric = "default"; ${extraConfig} }; - '' else "") + cfg.extraConfig; + '' else "") + cfg.extraConfig; rmilterConfigFile = pkgs.writeText "rmilter.conf" rmilterConf; @@ -47,11 +50,13 @@ in services.rmilter = { enable = mkOption { + type = types.bool; default = cfg.rspamd.enable; description = "Whether to run the rmilter daemon."; }; debug = mkOption { + type = types.bool; default = false; description = "Whether to run the rmilter daemon in debug mode."; }; @@ -72,25 +77,37 @@ in ''; }; - bindUnixSockets = mkOption { - type = types.listOf types.str; - default = ["/run/rmilter/rmilter.sock"]; + bindSocket.type = mkOption { + type = types.enum [ "unix" "inet" ]; + default = "unix"; description = '' - Unix domain sockets to listen for MTA requests. + What kind of socket rmilter should listen on. Either "unix" + for an Unix domain socket or "inet" for a TCP socket. ''; - example = '' - [ "/run/rmilter.sock"] + }; + + bindSocket.path = mkOption { + type = types.str; + default = "/run/rmilter/rmilter.sock"; + description = '' + Path to Unix domain socket to listen on. ''; }; - bindInetSockets = mkOption { - type = types.listOf types.str; - default = []; + bindSocket.address = mkOption { + type = types.str; + default = "::1"; + example = "0.0.0.0"; description = '' - Inet addresses to listen (in format accepted by systemd.socket) + Inet address to listen on. ''; - example = '' - ["127.0.0.1:11990"] + }; + + bindSocket.port = mkOption { + type = types.int; + default = 11990; + description = '' + Inet port to listen on. ''; }; @@ -102,13 +119,13 @@ in Disabling socket activation is not recommended when a Unix domain socket is used and could lead to incorrect - permissions. Therefore, setting this to false will - configure rmilter to use an inet socket only. + permissions. ''; }; rspamd = { enable = mkOption { + type = types.bool; default = rspamdCfg.enable; description = "Whether to use rspamd to filter mails"; }; @@ -158,13 +175,9 @@ in type = types.str; description = "Addon to postfix configuration"; default = '' -smtpd_milters = ${head allSockets} -# or for TCP socket -# # smtpd_milters = inet:localhost:9900 -milter_protocol = 6 -milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen} -# skip mail without checks if milter will die -milter_default_action = accept + smtpd_milters = ${rmilterSocket} + milter_protocol = 6 + milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen} ''; }; }; @@ -176,52 +189,58 @@ milter_default_action = accept ###### implementation - config = mkIf cfg.enable { + config = mkMerge [ - users.extraUsers = singleton { - name = cfg.user; - description = "rspamd daemon"; - uid = config.ids.uids.rmilter; - group = cfg.group; - }; + (mkIf cfg.enable { - users.extraGroups = singleton { - name = cfg.group; - gid = config.ids.gids.rmilter; - }; + users.extraUsers = singleton { + name = cfg.user; + description = "rmilter daemon"; + uid = config.ids.uids.rmilter; + group = cfg.group; + }; - systemd.services.rmilter = { - description = "Rmilter Service"; - - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - - serviceConfig = { - ExecStart = "${pkgs.rmilter}/bin/rmilter ${optionalString cfg.debug "-d"} -n -c ${rmilterConfigFile}"; - ExecReload = "${pkgs.coreutils}/bin/kill -USR1 $MAINPID"; - User = cfg.user; - Group = cfg.group; - PermissionsStartOnly = true; - Restart = "always"; - RuntimeDirectory = "rmilter"; - RuntimeDirectoryMode = "0755"; + users.extraGroups = singleton { + name = cfg.group; + gid = config.ids.gids.rmilter; }; - }; + systemd.services.rmilter = { + description = "Rmilter Service"; + + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + serviceConfig = { + ExecStart = "${pkgs.rmilter}/bin/rmilter ${optionalString cfg.debug "-d"} -n -c ${rmilterConfigFile}"; + ExecReload = "${pkgs.coreutils}/bin/kill -USR1 $MAINPID"; + User = cfg.user; + Group = cfg.group; + PermissionsStartOnly = true; + Restart = "always"; + RuntimeDirectory = "rmilter"; + RuntimeDirectoryMode = "0755"; + }; - systemd.sockets.rmilter = mkIf cfg.socketActivation { - description = "Rmilter service socket"; - wantedBy = [ "sockets.target" ]; - socketConfig = { - ListenStream = cfg.bindUnixSockets ++ cfg.bindInetSockets; - SocketUser = cfg.user; - SocketGroup = cfg.group; - SocketMode = "0666"; }; - }; - services.postfix.extraConfig = optionalString cfg.postfix.enable cfg.postfix.configFragment; - users.users.postfix.extraGroups = [ cfg.group ]; - }; + systemd.sockets.rmilter = mkIf cfg.socketActivation { + description = "Rmilter service socket"; + wantedBy = [ "sockets.target" ]; + socketConfig = { + ListenStream = systemdSocket; + SocketUser = cfg.user; + SocketGroup = cfg.group; + SocketMode = "0666"; + }; + }; + }) + + (mkIf (cfg.enable && cfg.postfix.enable) { + + services.postfix.extraConfig = cfg.postfix.configFragment; + users.users.postfix.extraGroups = [ cfg.group ]; + }) + ]; } |