From ffa1a1e456360f94b84f35680f5ed6a9ccea52a6 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 3 Mar 2016 19:45:46 +0100 Subject: s/makeSearchPath "bin"/makeBinPath/g --- krebs/3modules/git.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 0cc2f11c9..d2d73ba3d 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -400,7 +400,7 @@ let #! /bin/sh set -euf - PATH=${makeSearchPath "bin" (with pkgs; [ + PATH=${makeBinPath (with pkgs; [ coreutils git gnugrep @@ -451,7 +451,7 @@ let #! /bin/sh set -euf - PATH=${makeSearchPath "bin" (with pkgs; [ + PATH=${makeBinPath (with pkgs; [ coreutils findutils gawk @@ -511,7 +511,7 @@ let #! /bin/sh set -euf - PATH=${makeSearchPath "bin" (with pkgs; [ + PATH=${makeBinPath (with pkgs; [ coreutils # env git systemd -- cgit v1.2.3 From 89f731a8986d00ec850e4ebebd90259bda12f24a Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 5 Mar 2016 11:46:30 +0100 Subject: krebs.exim-*: add empty keep_environment --- krebs/3modules/exim-retiolum.nix | 2 ++ krebs/3modules/exim-smarthost.nix | 2 ++ 2 files changed, 4 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix index 6e6928f89..696c48baf 100644 --- a/krebs/3modules/exim-retiolum.nix +++ b/krebs/3modules/exim-retiolum.nix @@ -39,6 +39,8 @@ let # TODO modular configuration assert config.krebs.retiolum.enable; '' + keep_environment = + primary_hostname = ${cfg.primary_hostname} domainlist local_domains = ${concatStringsSep ":" cfg.local_domains} domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains} diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index c976e89de..93e4deace 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -75,6 +75,8 @@ let services.exim = { enable = true; config = '' + keep_environment = + primary_hostname = ${cfg.primary_hostname} # HOST_REDIR contains the real destinations for "local_domains". -- cgit v1.2.3 From 54129c440e467160b4b7339d20a9380fa48a017e Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 5 Mar 2016 12:40:20 +0100 Subject: krebs os-release: init --- krebs/3modules/default.nix | 1 + krebs/3modules/os-release.nix | 28 ++++++++++++++++++++++++++++ 2 files changed, 29 insertions(+) create mode 100644 krebs/3modules/os-release.nix (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 186469e97..bdd9049cb 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -23,6 +23,7 @@ let ./lib.nix ./nginx.nix ./nixpkgs.nix + ./os-release.nix ./per-user.nix ./Reaktor.nix ./realwallpaper.nix diff --git a/krebs/3modules/os-release.nix b/krebs/3modules/os-release.nix new file mode 100644 index 000000000..4c803fff8 --- /dev/null +++ b/krebs/3modules/os-release.nix @@ -0,0 +1,28 @@ +{ config, ... }: +with config.krebs.lib; +let + nixos-version-id = "${config.system.nixosVersion}"; + nixos-version = "${nixos-version-id} (${config.system.nixosCodeName})"; + nixos-pretty-name = "NixOS ${nixos-version}"; + + stockholm-version-id = maybeEnv "STOCKHOLM_VERSION" "unknown"; + stockholm-version = "${stockholm-version-id}"; + stockholm-pretty-name = "stockholm ${stockholm-version}"; + + version = "${stockholm-version}/${nixos-version}"; + version-id = "${stockholm-version-id}/${nixos-version-id}"; + pretty-name = "${stockholm-pretty-name} / ${nixos-pretty-name}"; + + home-url = http://cgit.cd.krebsco.de/stockholm; +in +{ + # http://0pointer.de/public/systemd-man/os-release.html + environment.etc."os-release".text = mkForce '' + NAME="stockholm/NixOS" + ID=stockholm + VERSION="${version}" + VERSION_ID="${version-id}" + PRETTY_NAME="${pretty-name}" + HOME_URL="${home-url}" + ''; +} -- cgit v1.2.3 From fdebe33d4138ed3fa728193906e1b5e39f432a40 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 5 Mar 2016 12:58:10 +0100 Subject: krebs.nginx: don't include (redundant) mime.types --- krebs/3modules/nginx.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/nginx.nix b/krebs/3modules/nginx.nix index ec39715d8..2aa023443 100644 --- a/krebs/3modules/nginx.nix +++ b/krebs/3modules/nginx.nix @@ -49,7 +49,6 @@ let services.nginx = { enable = true; httpConfig = '' - include ${pkgs.nginx}/conf/mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; -- cgit v1.2.3 From 08146e483489acaea9542d55d5a37fb28ab1e8d6 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 5 Mar 2016 19:51:29 +0100 Subject: krebs.exim-smarthost: add DKIM support to remote_smtp --- krebs/3modules/exim-smarthost.nix | 46 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 44 insertions(+), 2 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index 93e4deace..45219885f 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -12,6 +12,34 @@ let api = { enable = mkEnableOption "krebs.exim-smarthost"; + # TODO DKIM for multiple domains + dkim = mkOption { + default = null; + type = types.nullOr (types.submodule ({ config, ... }: { + options = { + canon = mkOption { + type = types.enum ["relaxed"]; + default = "relaxed"; + }; + domain = mkOption { + type = types.str; + }; + private_key = mkOption { + type = types.secret-file; + default = { + path = "/run/krebs.secret/${config.domain}.dkim_private_key"; + owner.name = "exim"; + source-path = toString + "/${config.domain}.dkim.priv"; + }; + }; + selector = mkOption { + type = types.str; + default = "default"; + }; + }; + })); + }; + internet-aliases = mkOption { type = types.listOf (types.submodule ({ options = { @@ -72,6 +100,15 @@ let }; imp = { + krebs.secret.files = mkIf (cfg.dkim != null) { + exim-dkim_private_key = cfg.dkim.private_key; + }; + systemd.services = mkIf (cfg.dkim != null) { + exim = { + after = [ "secret.service" ]; + requires = [ "secret.service" ]; + }; + }; services.exim = { enable = true; config = '' @@ -193,6 +230,12 @@ let remote_smtp: driver = smtp + ${optionalString (cfg.dkim != null) '' + dkim_domain = ${cfg.dkim.domain} + dkim_selector = ${cfg.dkim.selector} + dkim_private_key = ${cfg.dkim.private_key.path} + dkim_canon = ${cfg.dkim.canon} + ''} helo_data = ''${if eq{$acl_m_special_dom}{} \ {$primary_hostname} \ {$acl_m_special_dom} } @@ -228,5 +271,4 @@ let to-lsearch = concatMapStringsSep "\n" ({ from, to, ... }: "${from}: ${to}"); -in -out +in out -- cgit v1.2.3 From 421f346257ac19612822b1f0fde9f21d3b5e7955 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 5 Mar 2016 20:28:08 +0100 Subject: krebs.exim-smarthost.dkim: support multiple domains --- krebs/3modules/exim-smarthost.nix | 41 ++++++++++++++++++++++----------------- 1 file changed, 23 insertions(+), 18 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index 45219885f..6c48f1225 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -12,15 +12,9 @@ let api = { enable = mkEnableOption "krebs.exim-smarthost"; - # TODO DKIM for multiple domains dkim = mkOption { - default = null; - type = types.nullOr (types.submodule ({ config, ... }: { + type = types.listOf (types.submodule ({ config, ... }: { options = { - canon = mkOption { - type = types.enum ["relaxed"]; - default = "relaxed"; - }; domain = mkOption { type = types.str; }; @@ -38,6 +32,7 @@ let }; }; })); + default = []; }; internet-aliases = mkOption { @@ -100,10 +95,11 @@ let }; imp = { - krebs.secret.files = mkIf (cfg.dkim != null) { - exim-dkim_private_key = cfg.dkim.private_key; - }; - systemd.services = mkIf (cfg.dkim != null) { + krebs.secret.files = listToAttrs (flip map cfg.dkim (dkim: { + name = "exim.dkim_private_key/${dkim.domain}"; + value = dkim.private_key; + })); + systemd.services = mkIf (cfg.dkim != []) { exim = { after = [ "secret.service" ]; requires = [ "secret.service" ]; @@ -230,11 +226,11 @@ let remote_smtp: driver = smtp - ${optionalString (cfg.dkim != null) '' - dkim_domain = ${cfg.dkim.domain} - dkim_selector = ${cfg.dkim.selector} - dkim_private_key = ${cfg.dkim.private_key.path} - dkim_canon = ${cfg.dkim.canon} + ${optionalString (cfg.dkim != []) '' + dkim_canon = relaxed + dkim_domain = $sender_address_domain + dkim_private_key = ''${lookup{$sender_address_domain}lsearch{${lsearch.dkim_private_key}}} + dkim_selector = ''${lookup{$sender_address_domain}lsearch{${lsearch.dkim_selector}}} ''} helo_data = ''${if eq{$acl_m_special_dom}{} \ {$primary_hostname} \ @@ -264,10 +260,19 @@ let }; - lsearch = mapAttrs (name: set: toFile name (to-lsearch set)) { + lsearch = mapAttrs (name: set: toFile name (to-lsearch set)) ({ inherit (cfg) internet-aliases; inherit (cfg) system-aliases; - }; + } // optionalAttrs (cfg.dkim != []) { + dkim_private_key = flip map cfg.dkim (dkim: { + from = dkim.domain; + to = dkim.private_key.path; + }); + dkim_selector = flip map cfg.dkim (dkim: { + from = dkim.domain; + to = dkim.selector; + }); + }); to-lsearch = concatMapStringsSep "\n" ({ from, to, ... }: "${from}: ${to}"); -- cgit v1.2.3 From 64f2e2075d099bf1fe3a70b7b207de3738dae614 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 5 Mar 2016 20:31:59 +0100 Subject: krebs.exim-smarthost to-lsearch: append \n to each entry --- krebs/3modules/exim-smarthost.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index 6c48f1225..cee10ce7d 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -274,6 +274,6 @@ let }); }); - to-lsearch = concatMapStringsSep "\n" ({ from, to, ... }: "${from}: ${to}"); + to-lsearch = concatMapStrings ({ from, to, ... }: "${from}: ${to}\n"); in out -- cgit v1.2.3