diff options
author | aszlig <aszlig@redmoonstudios.org> | 2015-03-18 20:58:26 +0100 |
---|---|---|
committer | aszlig <aszlig@redmoonstudios.org> | 2015-03-18 20:58:26 +0100 |
commit | 915e56fb4453b0701a423b0c96fb145318162ffd (patch) | |
tree | 5f401c864936101b93bb42c96a8d0c0b48710ae1 /labernix | |
parent | 58ff88492066a01db4348a7ec54390373ee5b0a3 (diff) |
Move last machine from labernix to vuizvui.
I've moved the restrictions config of Postfix into the default module for now and actually fixed it so that it's actually working (the config value wasn't set before). Also, the option type was incorrectly set to types.list, which aliases to types.listOf and expects another function (kind) as its argument. This marks the end of LaberNix and the beginning of a new Vuizvui! Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Diffstat (limited to 'labernix')
-rw-r--r-- | labernix/README.md | 10 | ||||
-rw-r--r-- | labernix/common.nix | 4 | ||||
-rw-r--r-- | labernix/default.nix | 7 | ||||
-rw-r--r-- | labernix/machines/mailserver.nix | 119 | ||||
-rw-r--r-- | labernix/modules/config/labernix-pkgs.nix | 7 | ||||
-rw-r--r-- | labernix/modules/module-list.nix | 4 | ||||
-rw-r--r-- | labernix/modules/services/postfix/default.nix | 1 | ||||
-rw-r--r-- | labernix/modules/services/postfix/restrictions.nix | 53 |
8 files changed, 0 insertions, 205 deletions
diff --git a/labernix/README.md b/labernix/README.md deleted file mode 100644 index dd081f1c..00000000 --- a/labernix/README.md +++ /dev/null @@ -1,10 +0,0 @@ -# LaberNix - -A collection of [Nix][] expressions for (Open)Labers (people from the OpenLab), -which **of course** is the only reason why the name of this repository is like -this. - -No coincidences, right? - -[Nix]: https://nixos.org/nix/ -Hydra builds: https://headcounter.org/hydra/jobset/openlab/labernix diff --git a/labernix/common.nix b/labernix/common.nix deleted file mode 100644 index b012032a..00000000 --- a/labernix/common.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ - imports = import ./modules/module-list.nix; - networking.firewall.enable = false; -} diff --git a/labernix/default.nix b/labernix/default.nix deleted file mode 100644 index 20118162..00000000 --- a/labernix/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - machines = { - heinrich = import ./machines/heinrich.nix; - labtop = import ./machines/labtop.nix; - mailserver = import ./machines/mailserver.nix; - }; -} diff --git a/labernix/machines/mailserver.nix b/labernix/machines/mailserver.nix deleted file mode 100644 index 7d4bd397..00000000 --- a/labernix/machines/mailserver.nix +++ /dev/null @@ -1,119 +0,0 @@ -{ config, pkgs, lib, ... }: let - vhostMap = { - smtpd_sender_login_maps = [ - "SELECT username AS allowedUser" - "FROM mailbox" - "WHERE username='%s' AND active = 1" - "UNION SELECT goto FROM alias" - "WHERE address='%s' AND active = 1" - ]; - - virtual_alias_maps = [ - "SELECT goto" - "FROM alias" - "WHERE address='%s' AND active = '1'" - ]; - - virtual_mailbox_domains = [ - "SELECT domain" - "FROM domain" - "WHERE domain='%s' AND active = '1'" - ]; - - virtual_mailbox_maps = [ - "SELECT maildir" - "FROM mailbox" - "WHERE username='%s' AND active = '1'" - ]; - }; - - mkDbMap = query: "proxy:pgsql:${pkgs.writeText "database.cf" '' - hosts = localhost - user = postfix - dbname = postfix - query = ${query} - ''}"; - -in { - imports = [ ../common.nix ]; - - services.spamassassin.enable = true; - - services.postfix.enable = true; - services.postfix.hostname = "mailtest.lan"; - - # TODO: This is a dummy, replace it once we know about the real root fs. - fileSystems."/".label = "root"; - boot.loader.grub.device = "nodev"; - - labernix.postfix.restrictions = { - sender = [ - "reject_authenticated_sender_login_mismatch" - "reject_unknown_sender_domain" - ]; - recipient = [ - "permit_sasl_authenticated" - "permit_mynetworks" - "reject_unauth_destination" - "reject_invalid_hostname" - "reject_non_fqdn_hostname" - "reject_non_fqdn_sender" - "reject_non_fqdn_recipient" - "reject_unknown_reverse_client_hostname" - ]; - helo = [ - "permit_sasl_authenticated" - "permit_mynetworks" - "reject_invalid_hostname" - "reject_unauth_pipelining" - "reject_non_fqdn_hostname" - ]; - }; - - services.postfix.extraConfig = '' - ${lib.concatStrings (lib.mapAttrsToList (cfgvar: query: '' - ${cfgvar} = ${mkDbMap (lib.concatStringsSep " " query)} - '') vhostMap)} - - # a bit more spam protection - disable_vrfy_command = yes - - smtpd_sasl_type=dovecot - smtpd_sasl_path=private/auth_dovecot XXXXXXXXXXXXXXX - smtpd_sasl_auth_enable = yes - smtpd_sasl_authenticated_header = yes - broken_sasl_auth_clients = yes - - proxy_read_maps = ${lib.concatStringsSep " " (map (s: "\$${s}") [ - "local_recipient_maps" "mydestination" "virtual_alias_maps" - "virtual_alias_domains" "virtual_mailbox_maps" "virtual_mailbox_domains" - "relay_recipient_maps" "relay_domains" "canonical_maps" - "sender_canonical_maps" "recipient_canonical_maps" "relocated_maps" - "transport_maps" "mynetworks" "smtpd_sender_login_maps" - ])} - - local_transport = virtual - virtual_transport = dovecot - - virtual_uid_maps = static:5000 XXXXXXXXXXXX - virtual_gid_maps = static:5000 XXXXXXXXXXXX - - smtpd_tls_cert_file=/etc/ssl/mail.crt XXXX: KEYS - smtpd_tls_key_file=/etc/ssl/mail.key XXXX: KEYS - smtpd_use_tls=yes - ''; - - services.postfix.extraMasterConf = '' - mailman unix - n n - - pipe - flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ''${nexthop} ''${user} - # ^^^ FIXME: maybe not needed! - - dovecot unix - n n - - pipe - flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ''${recipient} - # ^^^ FIXME: maybe not needed! - - spamassassin unix - n n - - pipe - user=${toString config.ids.uids.spamd} argv=${pkgs.spamassassin}/bin/spamc -f -e /var/setuid-wrappers/sendmail -oi -f ''${sender} ''${recipient} - # ^^^ FIXME: maybe not needed! - ''; -} diff --git a/labernix/modules/config/labernix-pkgs.nix b/labernix/modules/config/labernix-pkgs.nix deleted file mode 100644 index c1f6d807..00000000 --- a/labernix/modules/config/labernix-pkgs.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - nixpkgs.config.packageOverrides = pkgs: { - labernix = import ../../pkgs { - inherit pkgs; - }; - }; -} diff --git a/labernix/modules/module-list.nix b/labernix/modules/module-list.nix deleted file mode 100644 index 5137c672..00000000 --- a/labernix/modules/module-list.nix +++ /dev/null @@ -1,4 +0,0 @@ -[ - ./config/labernix-pkgs.nix - ./services/postfix -] diff --git a/labernix/modules/services/postfix/default.nix b/labernix/modules/services/postfix/default.nix deleted file mode 100644 index 4103a41b..00000000 --- a/labernix/modules/services/postfix/default.nix +++ /dev/null @@ -1 +0,0 @@ -import ./restrictions.nix # TODO: Dummy for now, implement me! diff --git a/labernix/modules/services/postfix/restrictions.nix b/labernix/modules/services/postfix/restrictions.nix deleted file mode 100644 index fbb47f10..00000000 --- a/labernix/modules/services/postfix/restrictions.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ config, lib, ... }: - -with lib; - -let - mkRestriction = name: specificDescription: { - option.${name} = mkOption { - default = null; - type = types.nullOr types.list; - description = '' - A list of restrictions to apply or <option>null</option> to use the - built-in default value from Postfix. - ${specificDescription} - ''; - }; - config = let - cfg = config.labernix.postfix.restrictions.${name}; - in mkIf (cfg != null) '' - smtpd_${name}_restrictions = ${concatStringsSep ", " cfg} - ''; - }; - restrictions = mapAttrsToList mkRestriction { - client = mkRestriction '' - SMTP server access restrictions in the context of a client SMTP connection - request. - ''; - data = mkRestriction '' - Access restrictions that the Postfix SMTP server applies in the context of - the SMTP DATA command. - ''; - end_of_data = mkRestriction '' - Access restrictions that the Postfix SMTP server applies in the context of - the SMTP END-OF-DATA command. - ''; - etrn = mkRestriction '' - SMTP server access restrictions in the context of a client ETRN request. - ''; - helo = mkRestriction '' - Restrictions that the Postfix SMTP server applies in the context of the - SMTP HELO command. - ''; - recipient = mkRestriction '' - Access restrictions that the Postfix SMTP server applies in the context of - the RCPT TO command. - ''; - sender = mkRestriction '' - Restrictions that the Postfix SMTP server applies in the context of the - MAIL FROM command. - ''; - }; -in { - options.labernix.postfix.restrictions = mapAttrs mkRestriction restrictions; -} |