blob: 0db631868cc789c84fd5da5fc2c8286736c4a640 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
{ config, lib, pkgs, ... }:
with lib; let
cfg = config.services.postgrey;
in {
options = {
services.postgrey = with types; {
enable = mkOption {
type = bool;
default = false;
description = "Whether to run the Postgrey daemon";
};
inetAddr = mkOption {
type = nullOr string;
default = null;
example = "127.0.0.1";
description = "The inet address to bind to. If none given, bind to /var/run/postgrey.sock";
};
inetPort = mkOption {
type = int;
default = 10030;
description = "The tcp port to bind to";
};
greylistText = mkOption {
type = string;
default = "Greylisted for %%s seconds";
description = "Response status text for greylisted messages";
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.postgrey ];
users = {
extraUsers = {
postgrey = {
description = "Postgrey Daemon";
uid = config.ids.uids.postgrey;
group = "postgrey";
};
};
extraGroups = {
postgrey = {
gid = config.ids.gids.postgrey;
};
};
};
systemd.services.postgrey = let
bind-flag = if isNull cfg.inetAddr then
"--unix=/var/run/postgrey.sock"
else
"--inet=${cfg.inetAddr}:${cfg.inetPort}";
in {
description = "Postfix Greylisting Service";
wantedBy = [ "multi-user.target" ];
before = [ "postfix.service" ];
preStart = ''
mkdir -p /var/postgrey
chown postgrey:postgrey /var/postgrey
chmod 0770 /var/postgrey
'';
serviceConfig = {
Type = "simple";
ExecStart = ''${pkgs.postgrey}/bin/postgrey ${bind-flag} --pidfile=/var/run/postgrey.pid --group=postgrey --user=postgrey --dbdir=/var/postgrey --greylist-text="${cfg.greylistText}"'';
Restart = "always";
RestartSec = 5;
TimeoutSec = 10;
};
};
};
}
|