diff options
author | Herwig Hochleitner <herwig@bendlas.net> | 2015-11-17 18:30:10 +0100 |
---|---|---|
committer | Herwig Hochleitner <herwig@bendlas.net> | 2016-09-27 15:35:02 +0200 |
commit | 5609fe521daf42af3a8d7d8d15dd68db87efefb0 (patch) | |
tree | fe9784a181a022400a799275120f840835d654c9 /nixos | |
parent | 7a0a877b15fc629745ec3c6dbea337368f4134ac (diff) | |
download | nixlib-5609fe521daf42af3a8d7d8d15dd68db87efefb0.tar nixlib-5609fe521daf42af3a8d7d8d15dd68db87efefb0.tar.gz nixlib-5609fe521daf42af3a8d7d8d15dd68db87efefb0.tar.bz2 nixlib-5609fe521daf42af3a8d7d8d15dd68db87efefb0.tar.lz nixlib-5609fe521daf42af3a8d7d8d15dd68db87efefb0.tar.xz nixlib-5609fe521daf42af3a8d7d8d15dd68db87efefb0.tar.zst nixlib-5609fe521daf42af3a8d7d8d15dd68db87efefb0.zip |
postgrey: init at 1.36 (includes service)
Diffstat (limited to 'nixos')
-rwxr-xr-x | nixos/modules/misc/ids.nix | 2 | ||||
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/mail/postgrey.nix | 75 |
3 files changed, 78 insertions, 0 deletions
diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index e005c0465042..2881d843760d 100755 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -275,6 +275,7 @@ prometheus = 255; telegraf = 256; gitlab-runner = 257; + postgrey = 258; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -520,6 +521,7 @@ prometheus = 255; #telegraf = 256; # unused gitlab-runner = 257; + postgrey = 258; # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index ad3edd6fbd5b..2978eaefb46b 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -216,6 +216,7 @@ ./services/mail/opensmtpd.nix ./services/mail/postfix.nix ./services/mail/postsrsd.nix + ./services/mail/postgrey.nix ./services/mail/spamassassin.nix ./services/mail/rspamd.nix ./services/mail/rmilter.nix diff --git a/nixos/modules/services/mail/postgrey.nix b/nixos/modules/services/mail/postgrey.nix new file mode 100644 index 000000000000..5332939a859d --- /dev/null +++ b/nixos/modules/services/mail/postgrey.nix @@ -0,0 +1,75 @@ +{ config, lib, pkgs, ... }: + +with lib; let + + cfg = config.services.postgrey; + +in { + + options = { + services.postgrey = { + enable = mkOption { + default = false; + description = "Whether to run the Postgrey daemon"; + }; + inetAddr = mkOption { + default = null; + example = "127.0.0.1"; + description = "The inet address to bind to. If none given, bind to /var/run/postgrey.sock"; + }; + inetPort = mkOption { + default = 10030; + description = "The tcp port to bind to"; + }; + greylistText = mkOption { + default = "Greylisted for %%s seconds"; + description = "Response status text for greylisted messages"; + }; + }; + }; + + config = mkIf cfg.enable { + + environment.systemPackages = [ pkgs.postgrey ]; + + users = { + extraUsers = { + postgrey = { + description = "Postgrey Daemon"; + uid = config.ids.uids.postgrey; + group = "postgrey"; + }; + }; + extraGroups = { + postgrey = { + gid = config.ids.gids.postgrey; + }; + }; + }; + + systemd.services.postgrey = let + bind-flag = if isNull cfg.inetAddr then + "--unix=/var/run/postgrey.sock" + else + "--inet=${cfg.inetAddr}:${cfg.inetPort}"; + in { + description = "Postfix Greylisting Service"; + wantedBy = [ "multi-user.target" ]; + before = [ "postfix.service" ]; + preStart = '' + mkdir -p /var/postgrey + chown postgrey:postgrey /var/postgrey + chmod 0770 /var/postgrey + ''; + serviceConfig = { + Type = "simple"; + ExecStart = ''${pkgs.postgrey}/bin/postgrey ${bind-flag} --pidfile=/var/run/postgrey.pid --group=postgrey --user=postgrey --dbdir=/var/postgrey --greylist-text="${cfg.greylistText}"''; + Restart = "always"; + RestartSec = 5; + TimeoutSec = 10; + }; + }; + + }; + +} |