diff options
author | Matt McHenry <github@matt.mchenryfamily.org> | 2015-12-24 14:34:43 -0500 |
---|---|---|
committer | Matt McHenry <github@matt.mchenryfamily.org> | 2017-09-21 21:44:55 -0400 |
commit | 0ece5fc50933ff7bd4d57c3d56b96540262674d4 (patch) | |
tree | e6cf988a423fb3aa3343f2f4e224528ebe13f12f /nixos/modules/services/mail | |
parent | 6a7066eb53685438564dc50362666d0e7f150110 (diff) | |
download | nixlib-0ece5fc50933ff7bd4d57c3d56b96540262674d4.tar nixlib-0ece5fc50933ff7bd4d57c3d56b96540262674d4.tar.gz nixlib-0ece5fc50933ff7bd4d57c3d56b96540262674d4.tar.bz2 nixlib-0ece5fc50933ff7bd4d57c3d56b96540262674d4.tar.lz nixlib-0ece5fc50933ff7bd4d57c3d56b96540262674d4.tar.xz nixlib-0ece5fc50933ff7bd4d57c3d56b96540262674d4.tar.zst nixlib-0ece5fc50933ff7bd4d57c3d56b96540262674d4.zip |
nixos/pfix-srsd: add module
Diffstat (limited to 'nixos/modules/services/mail')
-rw-r--r-- | nixos/modules/services/mail/pfix-srsd.nix | 56 | ||||
-rw-r--r-- | nixos/modules/services/mail/postfix.nix | 14 |
2 files changed, 70 insertions, 0 deletions
diff --git a/nixos/modules/services/mail/pfix-srsd.nix b/nixos/modules/services/mail/pfix-srsd.nix new file mode 100644 index 000000000000..ab5f4c39e8c2 --- /dev/null +++ b/nixos/modules/services/mail/pfix-srsd.nix @@ -0,0 +1,56 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + + ###### interface + + options = { + + services.pfix-srsd = { + enable = mkOption { + default = false; + type = types.bool; + description = "Whether to run the postfix sender rewriting scheme daemon."; + }; + + domain = mkOption { + description = "The domain for which to enable srs"; + type = types.str; + example = "example.com"; + }; + + secretsFile = mkOption { + description = '' + The secret data used to encode the SRS address. + to generate, use a command like: + <literal>for n in $(seq 5); do dd if=/dev/urandom count=1 bs=1024 status=none | sha256sum | sed 's/ -$//' | sed 's/^/ /'; done</literal> + ''; + type = types.path; + default = "/var/lib/pfix-srsd/secrets"; + }; + }; + }; + + ###### implementation + + config = mkIf config.services.pfix-srsd.enable { + environment = { + systemPackages = [ pkgs.pfixtools ]; + }; + + systemd.services."pfix-srsd" = { + description = "Postfix sender rewriting scheme daemon"; + before = [ "postfix.service" ]; + #note that we use requires rather than wants because postfix + #is unable to process (almost) all mail without srsd + requiredBy = [ "postfix.service" ]; + serviceConfig = { + Type = "forking"; + PIDFile = "/var/run/pfix-srsd.pid"; + ExecStart = "${pkgs.pfixtools}/bin/pfix-srsd -p /var/run/pfix-srsd.pid -I ${config.services.pfix-srsd.domain} ${config.services.pfix-srsd.secretsFile}"; + }; + }; + }; +} \ No newline at end of file diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix index 01ae49d49090..461d4a621381 100644 --- a/nixos/modules/services/mail/postfix.nix +++ b/nixos/modules/services/mail/postfix.nix @@ -79,6 +79,12 @@ let // optionalAttrs haveTransport { transport_maps = "hash:/etc/postfix/transport"; } // optionalAttrs haveVirtual { virtual_alias_maps = "${cfg.virtualMapType}:/etc/postfix/virtual"; } // optionalAttrs (cfg.dnsBlacklists != []) { smtpd_client_restrictions = clientRestrictions; } + // optionalAttrs cfg.useSrs { + sender_canonical_maps = "tcp:127.0.0.1:10001"; + sender_canonical_classes = "envelope_sender"; + recipient_canonical_maps = "tcp:127.0.0.1:10002"; + recipient_canonical_classes= "envelope_recipient"; + } // optionalAttrs cfg.enableHeaderChecks { header_checks = "regexp:/etc/postfix/header_checks"; } // optionalAttrs (cfg.sslCert != "") { smtp_tls_CAfile = cfg.sslCACert; @@ -626,6 +632,12 @@ in description = "Maps to be compiled and placed into /var/lib/postfix/conf."; }; + useSrs = mkOption { + type = types.bool; + default = false; + description = "Whether to enable sender rewriting scheme"; + }; + }; }; @@ -646,6 +658,8 @@ in systemPackages = [ pkgs.postfix ]; }; + services.pfix-srsd.enable = config.services.postfix.useSrs; + services.mail.sendmailSetuidWrapper = mkIf config.services.postfix.setSendmail { program = "sendmail"; source = "${pkgs.postfix}/bin/sendmail"; |