movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 21:50:33 +03:00
Code Activity

setcap-wrapper: Merging with upstream master and resolving conflicts

Browse source
This commit is contained in:
Parnell Springmeyer 2017-01-25 11:08:05 -08:00
commit bae00e8aa8
No known key found for this signature in database
GPG key ID: DCCF89258EAD874A
4612 changed files with 200761 additions and 124566 deletions
Download patch file Download diff file Expand all files Collapse all files

5
nixos/modules/services/mail/dovecot.nix
View file

@ -111,7 +111,7 @@ in
};
extraConfig = mkOption {
type = types.str;
type = types.lines;
default = "";
example = "mail_debug = yes";
description = "Additional entries to put verbatim into Dovecot's config file.";
@ -271,6 +271,9 @@ in
{ assertion = cfg.showPAMFailure -> cfg.enablePAM;
message = "dovecot is configured with showPAMFailure while enablePAM is disabled";
}
{ assertion = (cfg.sieveScripts != {}) -> ((cfg.mailUser != null) && (cfg.mailGroup != null));
message = "dovecot requires mailUser and mailGroup to be set when sieveScripts is set";
}
];
};

3
nixos/modules/services/mail/freepops.nix
View file

@ -74,7 +74,8 @@ in
config = mkIf cfg.enable {
systemd.services.freepopsd = {
description = "Freepopsd (webmail over POP3)";
wantedBy = [ "ip-up.target" ];
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
script = ''
${pkgs.freepops}/bin/freepopsd \
-p ${toString cfg.port} \

73
nixos/modules/services/mail/offlineimap.nix Normal file
View file

@ -0,0 +1,73 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.offlineimap;
in {
options.services.offlineimap = {
enable = mkEnableOption "Offlineimap, a software to dispose your mailbox(es) as a local Maildir(s).";
install = mkOption {
type = types.bool;
default = false;
example = true;
description = ''
Whether to install a user service for Offlineimap. Once
the service is started, emails will be fetched automatically.
The service must be manually started for each user with
"systemctl --user start offlineimap" or globally through
<varname>services.offlineimap.enable</varname>.
'';
};
package = mkOption {
type = types.package;
default = pkgs.offlineimap;
defaultText = "pkgs.offlineimap";
description = "Offlineimap derivation to use.";
};
path = mkOption {
type = types.listOf types.path;
default = [];
example = literalExample "[ pkgs.pass pkgs.bash pkgs.notmuch ]";
description = "List of derivations to put in Offlineimap's path.";
};
onCalendar = mkOption {
type = types.str;
default = "*:0/3"; # every 3 minutes
description = "How often is offlineimap started. Default is '*:0/3' meaning every 3 minutes. See systemd.time(7) for more information about the format.";
};
timeoutStartSec = mkOption {
type = types.str;
default = "120sec"; # Kill if still alive after 2 minutes
description = "How long waiting for offlineimap before killing it. Default is '120sec' meaning every 2 minutes. See systemd.time(7) for more information about the format.";
};
};
config = mkIf (cfg.enable || cfg.install) {
systemd.user.services.offlineimap = {
description = "Offlineimap: a software to dispose your mailbox(es) as a local Maildir(s)";
serviceConfig = {
Type = "oneshot";
ExecStart = "${cfg.package}/bin/offlineimap -u syslog -o -1";
TimeoutStartSec = cfg.timeoutStartSec;
};
path = cfg.path;
};
environment.systemPackages = [ cfg.package ];
systemd.user.timers.offlineimap = {
description = "offlineimap timer";
timerConfig = {
Unit = "offlineimap.service";
OnCalendar = cfg.onCalendar;
# start immediately after computer is started:
Persistent = "true";
};
} // optionalAttrs cfg.enable { wantedBy = [ "default.target" ]; };
};
}

20
nixos/modules/services/mail/opensmtpd.nix
View file

@ -1,17 +1,16 @@
{ config, lib, pkgs, ... }:
with pkgs;
with lib;
let
cfg = config.services.opensmtpd;
conf = writeText "smtpd.conf" cfg.serverConfiguration;
conf = pkgs.writeText "smtpd.conf" cfg.serverConfiguration;
args = concatStringsSep " " cfg.extraServerArgs;
sendmail = pkgs.runCommand "opensmtpd-sendmail" {} ''
mkdir -p $out/bin
ln -s ${opensmtpd}/sbin/smtpctl $out/bin/sendmail
ln -s ${pkgs.opensmtpd}/sbin/smtpctl $out/bin/sendmail
'';
in {
@ -48,21 +47,19 @@ in {
};
serverConfiguration = mkOption {
type = types.string;
default = "";
type = types.lines;
example = ''
listen on lo
accept for any deliver to lmtp localhost:24
'';
'';
description = ''
The contents of the smtpd.conf configuration file. See the
OpenSMTPD documentation for syntax information. If this option
is left empty, the OpenSMTPD server will not start.
OpenSMTPD documentation for syntax information.
'';
};
procPackages = mkOption {
type = types.listOf types.path;
type = types.listOf types.package;
default = [];
description = ''
Packages to search for filters, tables, queues, and schedulers.
@ -100,12 +97,11 @@ in {
systemd.services.opensmtpd = let
procEnv = pkgs.buildEnv {
name = "opensmtpd-procs";
paths = [ opensmtpd ] ++ cfg.procPackages;
paths = [ pkgs.opensmtpd ] ++ cfg.procPackages;
pathsToLink = [ "/libexec/opensmtpd" ];
};
in {
wantedBy = [ "multi-user.target" ];
wants = [ "network.target" ];
after = [ "network.target" ];
preStart = ''
mkdir -p /var/spool/smtpd
@ -119,7 +115,7 @@ in {
chown smtpq.root /var/spool/smtpd/purge
chmod 700 /var/spool/smtpd/purge
'';
serviceConfig.ExecStart = "${opensmtpd}/sbin/smtpd -d -f ${conf} ${args}";
serviceConfig.ExecStart = "${pkgs.opensmtpd}/sbin/smtpd -d -f ${conf} ${args}";
environment.OPENSMTPD_PROC_PATH = "${procEnv}/libexec/opensmtpd";
};

194
nixos/modules/services/mail/postgrey.nix Normal file
View file

@ -0,0 +1,194 @@
{ config, lib, pkgs, ... }:
with lib; let
cfg = config.services.postgrey;
natural = with types; addCheck int (x: x >= 0);
natural' = with types; addCheck int (x: x > 0);
socket = with types; addCheck (either (submodule unixSocket) (submodule inetSocket)) (x: x ? "path" || x ? "port");
inetSocket = with types; {
options = {
addr = mkOption {
type = nullOr string;
default = null;
example = "127.0.0.1";
description = "The address to bind to. Localhost if null";
};
port = mkOption {
type = natural';
default = 10030;
description = "Tcp port to bind to";
};
};
};
unixSocket = with types; {
options = {
path = mkOption {
type = path;
default = "/var/run/postgrey.sock";
description = "Path of the unix socket";
};
mode = mkOption {
type = string;
default = "0777";
description = "Mode of the unix socket";
};
};
};
in {
options = {
services.postgrey = with types; {
enable = mkOption {
type = bool;
default = false;
description = "Whether to run the Postgrey daemon";
};
socket = mkOption {
type = socket;
default = {
path = "/var/run/postgrey.sock";
mode = "0777";
};
example = {
addr = "127.0.0.1";
port = 10030;
};
description = "Socket to bind to";
};
greylistText = mkOption {
type = string;
default = "Greylisted for %%s seconds";
description = "Response status text for greylisted messages; use %%s for seconds left until greylisting is over and %%r for mail domain of recipient";
};
greylistAction = mkOption {
type = string;
default = "DEFER_IF_PERMIT";
description = "Response status for greylisted messages (see access(5))";
};
greylistHeader = mkOption {
type = string;
default = "X-Greylist: delayed %%t seconds by postgrey-%%v at %%h; %%d";
description = "Prepend header to greylisted mails; use %%t for seconds delayed due to greylisting, %%v for the version of postgrey, %%d for the date, and %%h for the host";
};
delay = mkOption {
type = natural;
default = 300;
description = "Greylist for N seconds";
};
maxAge = mkOption {
type = natural;
default = 35;
description = "Delete entries from whitelist if they haven't been seen for N days";
};
retryWindow = mkOption {
type = either string natural;
default = 2;
example = "12h";
description = "Allow N days for the first retry. Use string with appended 'h' to specify time in hours";
};
lookupBySubnet = mkOption {
type = bool;
default = true;
description = "Strip the last N bits from IP addresses, determined by IPv4CIDR and IPv6CIDR";
};
IPv4CIDR = mkOption {
type = natural;
default = 24;
description = "Strip N bits from IPv4 addresses if lookupBySubnet is true";
};
IPv6CIDR = mkOption {
type = natural;
default = 64;
description = "Strip N bits from IPv6 addresses if lookupBySubnet is true";
};
privacy = mkOption {
type = bool;
default = true;
description = "Store data using one-way hash functions (SHA1)";
};
autoWhitelist = mkOption {
type = nullOr natural';
default = 5;
description = "Whitelist clients after successful delivery of N messages";
};
whitelistClients = mkOption {
type = listOf path;
default = [];
description = "Client address whitelist files (see postgrey(8))";
};
whitelistRecipients = mkOption {
type = listOf path;
default = [];
description = "Recipient address whitelist files (see postgrey(8))";
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.postgrey ];
users = {
extraUsers = {
postgrey = {
description = "Postgrey Daemon";
uid = config.ids.uids.postgrey;
group = "postgrey";
};
};
extraGroups = {
postgrey = {
gid = config.ids.gids.postgrey;
};
};
};
systemd.services.postgrey = let
bind-flag = if cfg.socket ? "path" then
''--unix=${cfg.socket.path} --socketmode=${cfg.socket.mode}''
else
''--inet=${optionalString (cfg.socket.addr != null) (cfg.socket.addr + ":")}${toString cfg.socket.port}'';
in {
description = "Postfix Greylisting Service";
wantedBy = [ "multi-user.target" ];
before = [ "postfix.service" ];
preStart = ''
mkdir -p /var/postgrey
chown postgrey:postgrey /var/postgrey
chmod 0770 /var/postgrey
'';
serviceConfig = {
Type = "simple";
ExecStart = ''${pkgs.postgrey}/bin/postgrey \
${bind-flag} \
--group=postgrey --user=postgrey \
--dbdir=/var/postgrey \
--delay=${toString cfg.delay} \
--max-age=${toString cfg.maxAge} \
--retry-window=${toString cfg.retryWindow} \
${if cfg.lookupBySubnet then "--lookup-by-subnet" else "--lookup-by-host"} \
--ipv4cidr=${toString cfg.IPv4CIDR} --ipv6cidr=${toString cfg.IPv6CIDR} \
${optionalString cfg.privacy "--privacy"} \
--auto-whitelist-clients=${toString (if cfg.autoWhitelist == null then 0 else cfg.autoWhitelist)} \
--greylist-action=${cfg.greylistAction} \
--greylist-text="${cfg.greylistText}" \
--x-greylist-header="${cfg.greylistHeader}" \
${concatMapStringsSep " " (x: "--whitelist-clients=" + x) cfg.whitelistClients} \
${concatMapStringsSep " " (x: "--whitelist-recipients=" + x) cfg.whitelistRecipients}
'';
Restart = "always";
RestartSec = 5;
TimeoutSec = 10;
};
};
};
}

36
nixos/modules/services/mail/postsrsd.nix
View file

@ -20,17 +20,29 @@ in {
description = "Whether to enable the postsrsd SRS server for Postfix.";
};
domain = mkOption {
type = types.str;
description = "Domain name for rewrite";
};
secretsFile = mkOption {
type = types.path;
default = "/var/lib/postsrsd/postsrsd.secret";
description = "Secret keys used for signing and verification";
};
domain = mkOption {
type = types.str;
description = "Domain name for rewrite";
};
separator = mkOption {
type = types.enum ["-" "=" "+"];
default = "=";
description = "First separator character in generated addresses";
};
# bindAddress = mkOption { # uncomment once 1.5 is released
# type = types.str;
# default = "127.0.0.1";
# description = "Socket listen address";
# };
forwardPort = mkOption {
type = types.int;
default = 10001;
@ -43,6 +55,18 @@ in {
description = "Port for the reverse SRS lookup";
};
timeout = mkOption {
type = types.int;
default = 1800;
description = "Timeout for idle client connections in seconds";
};
excludeDomains = mkOption {
type = types.listOf types.str;
default = [];
description = "Origin domains to exclude from rewriting in addition to primary domain";
};
user = mkOption {
type = types.str;
default = "postsrsd";
@ -86,7 +110,7 @@ in {
path = [ pkgs.coreutils ];
serviceConfig = {
ExecStart = ''${pkgs.postsrsd}/sbin/postsrsd "-s${cfg.secretsFile}" "-d${cfg.domain}" -f${toString cfg.forwardPort} -r${toString cfg.reversePort}'';
ExecStart = ''${pkgs.postsrsd}/sbin/postsrsd "-s${cfg.secretsFile}" "-d${cfg.domain}" -a${cfg.separator} -f${toString cfg.forwardPort} -r${toString cfg.reversePort} -t${toString cfg.timeout} "-X${concatStringsSep "," cfg.excludeDomains}"'';
User = cfg.user;
Group = cfg.group;
PermissionsStartOnly = true;

2
nixos/modules/services/mail/rmilter.nix
View file

@ -203,7 +203,7 @@ milter_default_action = accept
PermissionsStartOnly = true;
Restart = "always";
RuntimeDirectory = "rmilter";
RuntimeDirectoryPermissions="0755";
RuntimeDirectoryMode = "0755";
};
};