From 662f22a1ddd32d33157d3807756b0742e7d21752 Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Wed, 5 Aug 2015 15:24:50 +0200
Subject: [PATCH 1/9] make eval: don't use $json anymore
---
Makefile | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/Makefile b/Makefile
index ca828fd2b..54656e9e1 100644
--- a/Makefile
+++ b/Makefile
@@ -25,7 +25,7 @@ deploy:;@
eval:
@
ifeq ($(filter),json)
- extraArgs=--json
+ extraArgs='--json --strict'
filter() { jq -r .; }
else
filter() { cat; }
@@ -33,8 +33,6 @@ endif
NIX_PATH=stockholm=$$PWD:$$NIX_PATH \
nix-instantiate \
$${extraArgs-} \
- $${json+--json} \
- $${json+--strict} \
--eval \
-A "$$get" \
'<stockholm>' \
From 01681b908f58e988f028054dd10de44579ca24ff Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Thu, 6 Aug 2015 00:11:26 +0200
Subject: [PATCH 2/9] tv 2 git: add public repo: cac
---
tv/2configs/git.nix | 3 +++
1 file changed, 3 insertions(+)
diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix
index ecb98cef2..8d662494c 100644
--- a/tv/2configs/git.nix
+++ b/tv/2configs/git.nix
@@ -20,6 +20,9 @@ let
rules = concatMap make-rules (attrValues repos);
public-repos = mapAttrs make-public-repo {
+ cac = {
+ desc = "CloudAtCost command line interface";
+ };
cgserver = {};
crude-mail-setup = {};
dot-xmonad = {};
From a982edd25d442e443bc67159064eeb080ed3339c Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Thu, 6 Aug 2015 00:21:40 +0200
Subject: [PATCH 3/9] krebs pkgs cac: init at 07ef31c
---
krebs/5pkgs/cac.nix | 36 ++++++++++++++++++++++++++++++++++++
krebs/5pkgs/default.nix | 1 +
tv/1systems/wu.nix | 1 +
3 files changed, 38 insertions(+)
create mode 100644 krebs/5pkgs/cac.nix
diff --git a/krebs/5pkgs/cac.nix b/krebs/5pkgs/cac.nix
new file mode 100644
index 000000000..3322e1a13
--- /dev/null
+++ b/krebs/5pkgs/cac.nix
@@ -0,0 +1,36 @@
+{ stdenv, fetchgit, coreutils, curl, gnused, jq, ... }:
+
+stdenv.mkDerivation {
+ name = "cac";
+
+ src = fetchgit {
+ url = http://cgit.cd.retiolum/cac;
+ rev = "07ef31c50613634e88a31233d1fcd2ec3e52bfe8";
+ sha256 = "4e94709a3f580a53983ca418fa0b470817ac917aa1b2d095f2420afd36ea9158";
+ };
+
+ phases = [
+ "unpackPhase"
+ "installPhase"
+ ];
+
+ installPhase =
+ let
+ path = stdenv.lib.makeSearchPath "bin" [
+ coreutils
+ curl
+ gnused
+ jq
+ ];
+ in
+ ''
+ mkdir -p $out/bin
+
+ sed \
+ 's,^\( true) \)\(cac "$@";;\)$,\1 PATH=${path} \2,' \
+ < ./cac \
+ > $out/bin/cac
+
+ chmod +x $out/bin/cac
+ '';
+}
diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix
index 231fda797..5de84f66c 100644
--- a/krebs/5pkgs/default.nix
+++ b/krebs/5pkgs/default.nix
@@ -6,6 +6,7 @@ in
pkgs //
{
+ cac = callPackage ./cac.nix {};
dic = callPackage ./dic.nix {};
genid = callPackage ./genid.nix {};
github-hosts-sync = callPackage ./github-hosts-sync.nix {};
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index 27691ec56..ae6ef1327 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -91,6 +91,7 @@ in
sxiv
texLive
tmux
+ tvpkgs.cac
tvpkgs.dic
zathura
From 7d9f1a321dfc8a27f7dbf65ba9ddf00202d3b53e Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Thu, 6 Aug 2015 00:56:28 +0200
Subject: [PATCH 4/9] krebs pkgs cac: add missing dep: sshpass
---
krebs/5pkgs/cac.nix | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/krebs/5pkgs/cac.nix b/krebs/5pkgs/cac.nix
index 3322e1a13..336f96b92 100644
--- a/krebs/5pkgs/cac.nix
+++ b/krebs/5pkgs/cac.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchgit, coreutils, curl, gnused, jq, ... }:
+{ stdenv, fetchgit, coreutils, curl, gnused, jq, sshpass, ... }:
stdenv.mkDerivation {
name = "cac";
@@ -21,6 +21,7 @@ stdenv.mkDerivation {
curl
gnused
jq
+ sshpass
];
in
''
From c98cbf2169f6399bab88f936db0a21bd46cefd65 Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Thu, 6 Aug 2015 00:59:34 +0200
Subject: [PATCH 5/9] krebs pkgs cac: 07ef31c -> 0fc9cbe
---
krebs/5pkgs/cac.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/krebs/5pkgs/cac.nix b/krebs/5pkgs/cac.nix
index 336f96b92..cce88920d 100644
--- a/krebs/5pkgs/cac.nix
+++ b/krebs/5pkgs/cac.nix
@@ -5,8 +5,8 @@ stdenv.mkDerivation {
src = fetchgit {
url = http://cgit.cd.retiolum/cac;
- rev = "07ef31c50613634e88a31233d1fcd2ec3e52bfe8";
- sha256 = "4e94709a3f580a53983ca418fa0b470817ac917aa1b2d095f2420afd36ea9158";
+ rev = "0fc9cbeba4060380f698f51bb74081e2fcefadf3";
+ sha256 = "9759c78aa9aa04ab82486d0f24264bff1081513bc07cac0f8b3c0bdf52260fb3";
};
phases = [
From 3e7220b417c398479e13617bd85d5c2c316c6bcd Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Thu, 6 Aug 2015 01:01:43 +0200
Subject: [PATCH 6/9] krebs pkgs cac: add missing dep: ncurses
---
krebs/5pkgs/cac.nix | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/krebs/5pkgs/cac.nix b/krebs/5pkgs/cac.nix
index cce88920d..223d1ccf9 100644
--- a/krebs/5pkgs/cac.nix
+++ b/krebs/5pkgs/cac.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchgit, coreutils, curl, gnused, jq, sshpass, ... }:
+{ stdenv, fetchgit, coreutils, curl, gnused, jq, ncurses, sshpass, ... }:
stdenv.mkDerivation {
name = "cac";
@@ -21,6 +21,7 @@ stdenv.mkDerivation {
curl
gnused
jq
+ ncurses
sshpass
];
in
From 1692022c670e96a78b0d452d1ecbd6cb81961391 Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Thu, 6 Aug 2015 01:02:49 +0200
Subject: [PATCH 7/9] krebs pkgs cac: leak $PATH for $PAGER
---
krebs/5pkgs/cac.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/5pkgs/cac.nix b/krebs/5pkgs/cac.nix
index 223d1ccf9..49a5bd276 100644
--- a/krebs/5pkgs/cac.nix
+++ b/krebs/5pkgs/cac.nix
@@ -29,7 +29,7 @@ stdenv.mkDerivation {
mkdir -p $out/bin
sed \
- 's,^\( true) \)\(cac "$@";;\)$,\1 PATH=${path} \2,' \
+ 's,^\( true) \)\(cac "$@";;\)$,\1 PATH=${path}${PATH+:$PATH} \2,' \
< ./cac \
> $out/bin/cac
From 90e0d14b3ec91cebb0119974c54a9bc9cdc6d70c Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Thu, 6 Aug 2015 19:39:18 +0200
Subject: [PATCH 8/9] krebs pkgs cac: 0fc9cbe -> f458915
---
krebs/5pkgs/cac.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/krebs/5pkgs/cac.nix b/krebs/5pkgs/cac.nix
index 49a5bd276..eff523048 100644
--- a/krebs/5pkgs/cac.nix
+++ b/krebs/5pkgs/cac.nix
@@ -5,8 +5,8 @@ stdenv.mkDerivation {
src = fetchgit {
url = http://cgit.cd.retiolum/cac;
- rev = "0fc9cbeba4060380f698f51bb74081e2fcefadf3";
- sha256 = "9759c78aa9aa04ab82486d0f24264bff1081513bc07cac0f8b3c0bdf52260fb3";
+ rev = "f4589158572ab35969b9bccf801ea07e115705e1";
+ sha256 = "9d761cd1d7ff68507392cbfd6c3f6000ddff9cc540293da2b3c4ee902321fb27";
};
phases = [
From 7c578b1cad5d33c4a2773459ef62a8a72c585972 Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Thu, 13 Aug 2015 11:46:09 +0200
Subject: [PATCH 9/9] {tv 2 => krebs 3}/exim-retiolum
---
krebs/3modules/default.nix | 1 +
krebs/3modules/exim-retiolum.nix | 142 +++++++++++++++++++++++++++++++
tv/1systems/nomic.nix | 4 +-
tv/1systems/wu.nix | 4 +-
tv/2configs/exim-retiolum.nix | 126 ---------------------------
5 files changed, 149 insertions(+), 128 deletions(-)
create mode 100644 krebs/3modules/exim-retiolum.nix
delete mode 100644 tv/2configs/exim-retiolum.nix
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index e677ba5ea..fd795a036 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -6,6 +6,7 @@ let
out = {
imports = [
+ ./exim-retiolum.nix
./github-hosts-sync.nix
./git.nix
./nginx.nix
diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix
new file mode 100644
index 000000000..09372f074
--- /dev/null
+++ b/krebs/3modules/exim-retiolum.nix
@@ -0,0 +1,142 @@
+{ config, pkgs, lib, ... }:
+
+with builtins;
+with lib;
+let
+ cfg = config.krebs.exim-retiolum;
+
+ out = {
+ options.krebs.exim-retiolum = api;
+ config =
+ # This configuration makes only sense for retiolum-enabled hosts.
+ # TODO modular configuration
+ assert config.krebs.retiolum.enable;
+ mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "krebs.exim-retiolum";
+ };
+
+ imp = {
+ services.exim = {
+ enable = true;
+ config = ''
+ primary_hostname = ${retiolumHostname}
+ domainlist local_domains = @ : localhost
+ domainlist relay_to_domains = *.retiolum
+ hostlist relay_from_hosts = <; 127.0.0.1 ; ::1
+
+ acl_smtp_rcpt = acl_check_rcpt
+ acl_smtp_data = acl_check_data
+
+ host_lookup = *
+ rfc1413_hosts = *
+ rfc1413_query_timeout = 5s
+
+ log_file_path = syslog
+ syslog_timestamp = false
+ syslog_duplication = false
+
+ begin acl
+
+ acl_check_rcpt:
+ accept hosts = :
+ control = dkim_disable_verify
+
+ deny message = Restricted characters in address
+ domains = +local_domains
+ local_parts = ^[.] : ^.*[@%!/|]
+
+ deny message = Restricted characters in address
+ domains = !+local_domains
+ local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
+
+ accept local_parts = postmaster
+ domains = +local_domains
+
+ #accept
+ # hosts = *.retiolum
+ # domains = *.retiolum
+ # control = dkim_disable_verify
+
+ #require verify = sender
+
+ accept hosts = +relay_from_hosts
+ control = submission
+ control = dkim_disable_verify
+
+ accept authenticated = *
+ control = submission
+ control = dkim_disable_verify
+
+ require message = relay not permitted
+ domains = +local_domains : +relay_to_domains
+
+ require verify = recipient
+
+ accept
+
+
+ acl_check_data:
+ accept
+
+
+ begin routers
+
+ retiolum:
+ driver = manualroute
+ domains = ! ${retiolumHostname} : *.retiolum
+ transport = remote_smtp
+ route_list = ^.* $0 byname
+ no_more
+
+ nonlocal:
+ debug_print = "R: nonlocal for $local_part@$domain"
+ driver = redirect
+ domains = ! +local_domains
+ allow_fail
+ data = :fail: Mailing to remote domains not supported
+ no_more
+
+ local_user:
+ # debug_print = "R: local_user for $local_part@$domain"
+ driver = accept
+ check_local_user
+ # local_part_suffix = +* : -*
+ # local_part_suffix_optional
+ transport = home_maildir
+ cannot_route_message = Unknown user
+
+
+ begin transports
+
+ remote_smtp:
+ driver = smtp
+
+ home_maildir:
+ driver = appendfile
+ maildir_format
+ directory = $home/Maildir
+ directory_mode = 0700
+ delivery_date_add
+ envelope_to_add
+ return_path_add
+ # group = mail
+ # mode = 0660
+
+ begin retry
+ *.retiolum * F,42d,1m
+ * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
+
+ begin rewrite
+
+ begin authenticators
+ '';
+ };
+ };
+
+ # TODO get the hostname from somewhere else.
+ retiolumHostname = "${config.networking.hostName}.retiolum";
+in
+out
diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix
index b9a10cb4f..896c1ad29 100644
--- a/tv/1systems/nomic.nix
+++ b/tv/1systems/nomic.nix
@@ -25,7 +25,6 @@ with lib;
../2configs/AO753.nix
../2configs/base.nix
../2configs/consul-server.nix
- ../2configs/exim-retiolum.nix
../2configs/git.nix
{
tv.iptables = {
@@ -38,6 +37,9 @@ with lib;
];
};
}
+ {
+ krebs.exim-retiolum = true;
+ }
{
krebs.nginx = {
enable = true;
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index ae6ef1327..a5cbde3ec 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -29,7 +29,6 @@ in
../2configs/w110er.nix
../2configs/base.nix
../2configs/consul-client.nix
- ../2configs/exim-retiolum.nix
../2configs/git.nix
../2configs/mail-client.nix
../2configs/xserver.nix
@@ -165,6 +164,9 @@ in
];
};
}
+ {
+ krebs.exim-retiolum = true;
+ }
{
krebs.nginx = {
enable = true;
diff --git a/tv/2configs/exim-retiolum.nix b/tv/2configs/exim-retiolum.nix
deleted file mode 100644
index 851a0c625..000000000
--- a/tv/2configs/exim-retiolum.nix
+++ /dev/null
@@ -1,126 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- services.exim =
- # This configuration makes only sense for retiolum-enabled hosts.
- # TODO modular configuration
- assert config.krebs.retiolum.enable;
- let
- # TODO get the hostname from config.krebs.retiolum.
- retiolumHostname = "${config.networking.hostName}.retiolum";
- in
- { enable = true;
- config = ''
- primary_hostname = ${retiolumHostname}
- domainlist local_domains = @ : localhost
- domainlist relay_to_domains = *.retiolum
- hostlist relay_from_hosts = <; 127.0.0.1 ; ::1
-
- acl_smtp_rcpt = acl_check_rcpt
- acl_smtp_data = acl_check_data
-
- host_lookup = *
- rfc1413_hosts = *
- rfc1413_query_timeout = 5s
-
- log_file_path = syslog
- syslog_timestamp = false
- syslog_duplication = false
-
- begin acl
-
- acl_check_rcpt:
- accept hosts = :
- control = dkim_disable_verify
-
- deny message = Restricted characters in address
- domains = +local_domains
- local_parts = ^[.] : ^.*[@%!/|]
-
- deny message = Restricted characters in address
- domains = !+local_domains
- local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
-
- accept local_parts = postmaster
- domains = +local_domains
-
- #accept
- # hosts = *.retiolum
- # domains = *.retiolum
- # control = dkim_disable_verify
-
- #require verify = sender
-
- accept hosts = +relay_from_hosts
- control = submission
- control = dkim_disable_verify
-
- accept authenticated = *
- control = submission
- control = dkim_disable_verify
-
- require message = relay not permitted
- domains = +local_domains : +relay_to_domains
-
- require verify = recipient
-
- accept
-
-
- acl_check_data:
- accept
-
-
- begin routers
-
- retiolum:
- driver = manualroute
- domains = ! ${retiolumHostname} : *.retiolum
- transport = remote_smtp
- route_list = ^.* $0 byname
- no_more
-
- nonlocal:
- debug_print = "R: nonlocal for $local_part@$domain"
- driver = redirect
- domains = ! +local_domains
- allow_fail
- data = :fail: Mailing to remote domains not supported
- no_more
-
- local_user:
- # debug_print = "R: local_user for $local_part@$domain"
- driver = accept
- check_local_user
- # local_part_suffix = +* : -*
- # local_part_suffix_optional
- transport = home_maildir
- cannot_route_message = Unknown user
-
-
- begin transports
-
- remote_smtp:
- driver = smtp
-
- home_maildir:
- driver = appendfile
- maildir_format
- directory = $home/Maildir
- directory_mode = 0700
- delivery_date_add
- envelope_to_add
- return_path_add
- # group = mail
- # mode = 0660
-
- begin retry
- *.retiolum * F,42d,1m
- * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
-
- begin rewrite
-
- begin authenticators
- '';
- };
-}