2016-10-20 20:54:38 +02:00
|
|
|
with import <stockholm/lib>;
|
2019-06-22 12:43:32 +02:00
|
|
|
{ config, pkgs, lib, ... }: let
|
2015-08-13 11:46:09 +02:00
|
|
|
cfg = config.krebs.exim-retiolum;
|
2019-06-22 12:43:32 +02:00
|
|
|
in {
|
|
|
|
options.krebs.exim-retiolum = {
|
2015-08-13 11:46:09 +02:00
|
|
|
enable = mkEnableOption "krebs.exim-retiolum";
|
2016-02-21 21:51:11 +01:00
|
|
|
local_domains = mkOption {
|
|
|
|
type = with types; listOf hostname;
|
|
|
|
default = ["localhost"] ++ config.krebs.build.host.nets.retiolum.aliases;
|
|
|
|
};
|
|
|
|
primary_hostname = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
default = let x = "${config.krebs.build.host.name}.r"; in
|
|
|
|
assert elem x config.krebs.build.host.nets.retiolum.aliases;
|
|
|
|
x;
|
|
|
|
};
|
|
|
|
relay_to_domains = mkOption {
|
|
|
|
# TODO hostname with wildcards
|
|
|
|
type = with types; listOf str;
|
|
|
|
default = [
|
|
|
|
"*.r"
|
|
|
|
];
|
|
|
|
};
|
2015-08-13 11:46:09 +02:00
|
|
|
};
|
2019-06-22 12:43:32 +02:00
|
|
|
config = lib.mkIf cfg.enable {
|
2016-04-27 01:54:58 +02:00
|
|
|
krebs.exim = {
|
2015-12-30 14:54:04 +01:00
|
|
|
enable = true;
|
|
|
|
config =
|
|
|
|
# This configuration makes only sense for retiolum-enabled hosts.
|
|
|
|
# TODO modular configuration
|
2016-07-20 16:51:25 +02:00
|
|
|
assert config.krebs.tinc.retiolum.enable;
|
2019-06-22 12:55:16 +02:00
|
|
|
/* exim */ ''
|
2016-03-05 11:46:30 +01:00
|
|
|
keep_environment =
|
|
|
|
|
2016-02-21 21:51:11 +01:00
|
|
|
primary_hostname = ${cfg.primary_hostname}
|
|
|
|
domainlist local_domains = ${concatStringsSep ":" cfg.local_domains}
|
|
|
|
domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains}
|
2015-08-13 11:46:09 +02:00
|
|
|
|
2015-08-13 12:08:36 +02:00
|
|
|
acl_smtp_rcpt = acl_check_rcpt
|
|
|
|
acl_smtp_data = acl_check_data
|
2015-08-13 11:46:09 +02:00
|
|
|
|
2015-08-13 12:08:36 +02:00
|
|
|
host_lookup = *
|
|
|
|
rfc1413_hosts = *
|
|
|
|
rfc1413_query_timeout = 5s
|
2015-08-13 11:46:09 +02:00
|
|
|
|
2015-08-13 12:08:36 +02:00
|
|
|
log_file_path = syslog
|
|
|
|
syslog_timestamp = false
|
|
|
|
syslog_duplication = false
|
2015-08-13 11:46:09 +02:00
|
|
|
|
2016-05-24 20:58:19 +02:00
|
|
|
tls_advertise_hosts =
|
|
|
|
|
2015-08-13 12:08:36 +02:00
|
|
|
begin acl
|
2015-08-13 11:46:09 +02:00
|
|
|
|
2015-08-13 12:08:36 +02:00
|
|
|
acl_check_rcpt:
|
2017-10-16 00:45:27 +02:00
|
|
|
deny
|
|
|
|
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
|
|
|
|
message = restricted characters in address
|
2015-08-13 11:46:09 +02:00
|
|
|
|
2015-08-13 12:08:36 +02:00
|
|
|
accept
|
2017-10-16 00:45:27 +02:00
|
|
|
domains = +local_domains : +relay_to_domains
|
|
|
|
|
|
|
|
deny
|
|
|
|
message = relay not permitted
|
2015-08-13 11:46:09 +02:00
|
|
|
|
|
|
|
|
2015-08-13 12:08:36 +02:00
|
|
|
acl_check_data:
|
|
|
|
accept
|
2015-08-13 11:46:09 +02:00
|
|
|
|
|
|
|
|
2015-08-13 12:08:36 +02:00
|
|
|
begin routers
|
2015-08-13 11:46:09 +02:00
|
|
|
|
2017-10-16 00:45:27 +02:00
|
|
|
local:
|
2015-08-13 12:08:36 +02:00
|
|
|
driver = accept
|
2017-10-16 00:45:27 +02:00
|
|
|
domains = +local_domains
|
2015-08-13 12:08:36 +02:00
|
|
|
check_local_user
|
2017-10-16 00:45:27 +02:00
|
|
|
# local_part_suffix = +*
|
2015-08-13 12:08:36 +02:00
|
|
|
# local_part_suffix_optional
|
|
|
|
transport = home_maildir
|
2017-10-16 00:45:27 +02:00
|
|
|
|
|
|
|
remote:
|
|
|
|
driver = manualroute
|
|
|
|
domains = +relay_to_domains
|
|
|
|
transport = remote_smtp
|
|
|
|
route_list = ^.* $0 byname
|
2015-08-13 11:46:09 +02:00
|
|
|
|
|
|
|
|
2015-08-13 12:08:36 +02:00
|
|
|
begin transports
|
2015-08-13 11:46:09 +02:00
|
|
|
|
2015-08-13 12:08:36 +02:00
|
|
|
remote_smtp:
|
|
|
|
driver = smtp
|
2015-08-13 11:46:09 +02:00
|
|
|
|
2015-08-13 12:08:36 +02:00
|
|
|
home_maildir:
|
|
|
|
driver = appendfile
|
|
|
|
maildir_format
|
|
|
|
directory = $home/Maildir
|
|
|
|
directory_mode = 0700
|
|
|
|
delivery_date_add
|
|
|
|
envelope_to_add
|
|
|
|
return_path_add
|
|
|
|
# group = mail
|
|
|
|
# mode = 0660
|
2015-08-13 11:46:09 +02:00
|
|
|
|
2015-08-13 12:08:36 +02:00
|
|
|
begin retry
|
2016-02-21 21:51:11 +01:00
|
|
|
${concatMapStringsSep "\n" (k: "${k} * F,42d,1m") cfg.relay_to_domains}
|
|
|
|
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
|
2015-08-13 11:46:09 +02:00
|
|
|
|
2015-08-13 12:08:36 +02:00
|
|
|
begin rewrite
|
2015-08-13 11:46:09 +02:00
|
|
|
|
2015-08-13 12:08:36 +02:00
|
|
|
begin authenticators
|
|
|
|
'';
|
2015-12-30 14:54:04 +01:00
|
|
|
};
|
2015-08-13 11:46:09 +02:00
|
|
|
};
|
2019-06-22 12:43:32 +02:00
|
|
|
}
|