diff options
author | Frederik Rietdijk <fridh@fridh.nl> | 2019-08-27 16:36:47 +0200 |
---|---|---|
committer | Frederik Rietdijk <fridh@fridh.nl> | 2019-08-27 16:36:47 +0200 |
commit | 98640fd48212f8e6552517f667bba1901f5936d4 (patch) | |
tree | 0b5f895f31f16b47e8f837c1d3ac87da1f2884eb /nixos/modules/services/mail | |
parent | 70c1c856d4c96fb37b6e507db4acb125656f992d (diff) | |
parent | b40ee8268515d78b419f53fb22a9fad49b985de8 (diff) | |
download | nixlib-98640fd48212f8e6552517f667bba1901f5936d4.tar nixlib-98640fd48212f8e6552517f667bba1901f5936d4.tar.gz nixlib-98640fd48212f8e6552517f667bba1901f5936d4.tar.bz2 nixlib-98640fd48212f8e6552517f667bba1901f5936d4.tar.lz nixlib-98640fd48212f8e6552517f667bba1901f5936d4.tar.xz nixlib-98640fd48212f8e6552517f667bba1901f5936d4.tar.zst nixlib-98640fd48212f8e6552517f667bba1901f5936d4.zip |
Merge master into staging-next
Diffstat (limited to 'nixos/modules/services/mail')
-rw-r--r-- | nixos/modules/services/mail/rmilter.nix | 252 |
1 files changed, 0 insertions, 252 deletions
diff --git a/nixos/modules/services/mail/rmilter.nix b/nixos/modules/services/mail/rmilter.nix deleted file mode 100644 index 466365b6b305..000000000000 --- a/nixos/modules/services/mail/rmilter.nix +++ /dev/null @@ -1,252 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - - rspamdCfg = config.services.rspamd; - postfixCfg = config.services.postfix; - cfg = config.services.rmilter; - - inetSocket = addr: port: "inet:${addr}:${toString port}"; - unixSocket = sock: "unix:${sock}"; - - systemdSocket = if cfg.bindSocket.type == "unix" then cfg.bindSocket.path - else "${cfg.bindSocket.address}:${toString cfg.bindSocket.port}"; - rmilterSocket = if cfg.bindSocket.type == "unix" then unixSocket cfg.bindSocket.path - else inetSocket cfg.bindSocket.address cfg.bindSocket.port; - - rmilterConf = '' - pidfile = /run/rmilter/rmilter.pid; - bind_socket = ${if cfg.socketActivation then "fd:3" else rmilterSocket}; - tempdir = /tmp; - '' + (with cfg.rspamd; if enable then '' - spamd { - servers = ${concatStringsSep ", " servers}; - connect_timeout = 1s; - results_timeout = 20s; - error_time = 10; - dead_time = 300; - maxerrors = 10; - reject_message = "${rejectMessage}"; - ${optionalString (length whitelist != 0) "whitelist = ${concatStringsSep ", " whitelist};"} - - # rspamd_metric - metric for using with rspamd - # Default: "default" - rspamd_metric = "default"; - ${extraConfig} - }; - '' else "") + cfg.extraConfig; - - rmilterConfigFile = pkgs.writeText "rmilter.conf" rmilterConf; - -in - -{ - - ###### interface - - options = { - - services.rmilter = { - - enable = mkOption { - type = types.bool; - default = false; - description = "Whether to run the rmilter daemon."; - }; - - debug = mkOption { - type = types.bool; - default = false; - description = "Whether to run the rmilter daemon in debug mode."; - }; - - user = mkOption { - type = types.string; - default = "rmilter"; - description = '' - User to use when no root privileges are required. - ''; - }; - - group = mkOption { - type = types.string; - default = "rmilter"; - description = '' - Group to use when no root privileges are required. - ''; - }; - - bindSocket.type = mkOption { - type = types.enum [ "unix" "inet" ]; - default = "unix"; - description = '' - What kind of socket rmilter should listen on. Either "unix" - for an Unix domain socket or "inet" for a TCP socket. - ''; - }; - - bindSocket.path = mkOption { - type = types.str; - default = "/run/rmilter.sock"; - description = '' - Path to Unix domain socket to listen on. - ''; - }; - - bindSocket.address = mkOption { - type = types.str; - default = "[::1]"; - example = "0.0.0.0"; - description = '' - Inet address to listen on. - ''; - }; - - bindSocket.port = mkOption { - type = types.int; - default = 11990; - description = '' - Inet port to listen on. - ''; - }; - - socketActivation = mkOption { - type = types.bool; - default = true; - description = '' - Enable systemd socket activation for rmilter. - - Disabling socket activation is not recommended when a Unix - domain socket is used and could lead to incorrect - permissions. - ''; - }; - - rspamd = { - enable = mkOption { - type = types.bool; - default = rspamdCfg.enable; - description = "Whether to use rspamd to filter mails"; - }; - - servers = mkOption { - type = types.listOf types.str; - default = ["r:/run/rspamd/rspamd.sock"]; - description = '' - Spamd socket definitions. - Is server name is prefixed with r: it is rspamd server. - ''; - }; - - whitelist = mkOption { - type = types.listOf types.str; - default = [ ]; - description = "list of ips or nets that should be not checked with spamd"; - }; - - rejectMessage = mkOption { - type = types.str; - default = "Spam message rejected; If this is not spam contact abuse"; - description = "reject message for spam"; - }; - - extraConfig = mkOption { - type = types.lines; - default = ""; - description = "Custom snippet to append to end of `spamd' section"; - }; - }; - - extraConfig = mkOption { - type = types.lines; - default = ""; - description = "Custom snippet to append to rmilter config"; - }; - - postfix = { - enable = mkOption { - type = types.bool; - default = false; - description = "Add rmilter to postfix main.conf"; - }; - - configFragment = mkOption { - type = types.str; - description = "Addon to postfix configuration"; - default = '' - smtpd_milters = ${rmilterSocket} - milter_protocol = 6 - milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen} - ''; - }; - }; - - }; - - }; - - - ###### implementation - - config = mkMerge [ - - (mkIf cfg.enable { - warnings = [ - ''`config.services.rmilter' is deprecated, `rmilter' deprecated and unsupported by upstream, and will be removed from next releases. Use built-in rspamd milter instead.'' - ]; - - users.users = singleton { - name = cfg.user; - description = "rmilter daemon"; - uid = config.ids.uids.rmilter; - group = cfg.group; - }; - - users.groups = singleton { - name = cfg.group; - gid = config.ids.gids.rmilter; - }; - - systemd.services.rmilter = { - description = "Rmilter Service"; - - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - - serviceConfig = { - ExecStart = "${pkgs.rmilter}/bin/rmilter ${optionalString cfg.debug "-d"} -n -c ${rmilterConfigFile}"; - ExecReload = "${pkgs.coreutils}/bin/kill -USR1 $MAINPID"; - User = cfg.user; - Group = cfg.group; - PermissionsStartOnly = true; - Restart = "always"; - RuntimeDirectory = "rmilter"; - RuntimeDirectoryMode = "0750"; - }; - - }; - - systemd.sockets.rmilter = mkIf cfg.socketActivation { - description = "Rmilter service socket"; - wantedBy = [ "sockets.target" ]; - socketConfig = { - ListenStream = systemdSocket; - SocketUser = cfg.user; - SocketGroup = cfg.group; - SocketMode = "0660"; - }; - }; - }) - - (mkIf (cfg.enable && cfg.rspamd.enable && rspamdCfg.enable) { - users.users.${cfg.user}.extraGroups = [ rspamdCfg.group ]; - }) - - (mkIf (cfg.enable && cfg.postfix.enable) { - services.postfix.extraConfig = cfg.postfix.configFragment; - users.users.${postfixCfg.user}.extraGroups = [ cfg.group ]; - }) - ]; -} |