diff options
| author | Alexander V. Nikolaev <avn@avnik.info> | 2016-02-12 18:11:40 +0200 |
|---|---|---|
| committer | Alexander V. Nikolaev <avn@avnik.info> | 2016-04-28 14:21:04 +0300 |
| commit | c84c174eb2440355ab4ad7e0de8889c58f7ef903 (patch) | |
| tree | f8a3ba97ab89b52751225b04bdd555076a029db6 /nixos/modules/services/mail | |
| parent | 40f82550d8fc1fb24ea5ea76b82bd779b7322379 (diff) | |
| download | nixlib-c84c174eb2440355ab4ad7e0de8889c58f7ef903.tar nixlib-c84c174eb2440355ab4ad7e0de8889c58f7ef903.tar.gz nixlib-c84c174eb2440355ab4ad7e0de8889c58f7ef903.tar.bz2 nixlib-c84c174eb2440355ab4ad7e0de8889c58f7ef903.tar.lz nixlib-c84c174eb2440355ab4ad7e0de8889c58f7ef903.tar.xz nixlib-c84c174eb2440355ab4ad7e0de8889c58f7ef903.tar.zst nixlib-c84c174eb2440355ab4ad7e0de8889c58f7ef903.zip | |
rmilter: socket activation in nixos
Diffstat (limited to 'nixos/modules/services/mail')
| -rw-r--r-- | nixos/modules/services/mail/rmilter.nix | 65 |
1 files changed, 51 insertions, 14 deletions
diff --git a/nixos/modules/services/mail/rmilter.nix b/nixos/modules/services/mail/rmilter.nix index a6e2a9fc7808..f748e7a172ea 100644 --- a/nixos/modules/services/mail/rmilter.nix +++ b/nixos/modules/services/mail/rmilter.nix @@ -7,9 +7,14 @@ let rspamdCfg = config.services.rspamd; cfg = config.services.rmilter; + inetSockets = map (sock: let s = stringSplit ":" sock; in "inet:${last s}:${head s}") cfg.bindInetSockets; + unixSockets = map (sock: "unix:${sock}") cfg.bindUnixSockets; + + allSockets = unixSockets ++ inetSockets; + rmilterConf = '' pidfile = /run/rmilter/rmilter.pid; -bind_socket = ${cfg.bindSocket}; +bind_socket = ${if cfg.socketActivation then "fd:3" else concatStringsSep ", " allSockets}; tempdir = /tmp; '' + (with cfg.rspamd; if enable then '' @@ -68,14 +73,37 @@ in ''; }; - bindSocket = mkOption { - type = types.string; - default = "unix:/run/rmilter/rmilter.sock"; - description = "Socket to listed for MTA requests"; + bindUnixSockets = mkOption { + type = types.listOf types.str; + default = ["/run/rmilter/rmilter.sock"]; + description = '' + Unix domain sockets to listen for MTA requests. + ''; example = '' - "unix:/run/rmilter/rmilter.sock" or - "inet:11990@127.0.0.1" - ''; + [ "/run/rmilter/rmilter.sock"] + ''; + }; + + bindInetSockets = mkOption { + type = types.listOf types.str; + default = []; + description = '' + Inet addresses to listen (in format accepted by systemd.socket) + ''; + example = '' + ["127.0.0.1:11990"] + ''; + }; + + socketActivation = mkOption { + type = types.bool; + default = true; + description = '' + Enable systemd socket activation for rmilter. + (disabling socket activation not recommended + when unix socket used, and follow to wrong + permissions on unix domain socket.) + ''; }; rspamd = { @@ -86,7 +114,7 @@ in servers = mkOption { type = types.listOf types.str; - default = ["r:0.0.0.0:11333"]; + default = ["r:/run/rspamd/rspamd.sock"]; description = '' Spamd socket definitions. Is server name is prefixed with r: it is rspamd server. @@ -129,7 +157,7 @@ in type = types.str; description = "Addon to postfix configuration"; default = '' -smtpd_milters = ${cfg.bindSocket} +smtpd_milters = ${head allSockets} # or for TCP socket # # smtpd_milters = inet:localhost:9900 milter_protocol = 6 @@ -169,17 +197,26 @@ milter_default_action = accept serviceConfig = { ExecStart = "${pkgs.rmilter}/bin/rmilter ${optionalString cfg.debug "-d"} -n -c ${rmilterConfigFile}"; + ExecReload = "/bin/kill -USR1 $MAINPID"; User = cfg.user; Group = cfg.group; PermissionsStartOnly = true; Restart = "always"; + RuntimeDirectory = "rmilter"; + RuntimeDirectoryPermissions="0755"; }; - preStart = '' - ${pkgs.coreutils}/bin/mkdir -p /run/rmilter - ${pkgs.coreutils}/bin/chown ${cfg.user}:${cfg.group} /run/rmilter - ''; + }; + systemd.sockets.rmilter = mkIf cfg.socketActivation { + description = "Rmilter service socket"; + wantedBy = [ "sockets.target" ]; + socketConfig = { + ListenStream = cfg.bindUnixSockets ++ cfg.bindInetSockets; + SocketUser = cfg.user; + SocketGroup = config.ids.gids.adm; + SocketMode = "0660"; + }; }; services.postfix.extraConfig = optionalString cfg.postfix.enable cfg.postfix.configFragment; |