krebs.exim*: admit *.r

This commit is contained in:
tv 2016-02-21 21:51:11 +01:00
parent de5de37a12
commit a73eaae18c
5 changed files with 61 additions and 32 deletions

View file

@ -143,12 +143,11 @@ let
{ text=(stripEmptyLines value); }) all-zones;
krebs.exim-smarthost.internet-aliases = let
format = from: to:
format = from: to: {
inherit from;
# TODO assert is-retiolum-mail-address to;
{ inherit from;
to = if typeOf to == "list"
then concatMapStringsSep "," (getAttr "mail") to
else to.mail; };
to = concatMapStringsSep "," (getAttr "mail") (toList to);
};
in mapAttrsToList format (with config.krebs.users; let
spam-ml = [
lass
@ -167,6 +166,10 @@ let
"makefu@retiolum" = makefu;
"spam@retiolum" = spam-ml;
"tv@retiolum" = tv;
"lass@r" = lass;
"makefu@r" = makefu;
"spam@r" = spam-ml;
"tv@r" = tv;
});
services.openssh.hostKeys =

View file

@ -11,6 +11,24 @@ let
api = {
enable = mkEnableOption "krebs.exim-retiolum";
local_domains = mkOption {
type = with types; listOf hostname;
default = ["localhost"] ++ config.krebs.build.host.nets.retiolum.aliases;
};
primary_hostname = mkOption {
type = types.str;
default = let x = "${config.krebs.build.host.name}.r"; in
assert elem x config.krebs.build.host.nets.retiolum.aliases;
x;
};
relay_to_domains = mkOption {
# TODO hostname with wildcards
type = with types; listOf str;
default = [
"*.r"
"*.retiolum"
];
};
};
imp = {
@ -21,9 +39,9 @@ let
# TODO modular configuration
assert config.krebs.retiolum.enable;
''
primary_hostname = ${retiolumHostname}
domainlist local_domains = @ : localhost
domainlist relay_to_domains = *.retiolum
primary_hostname = ${cfg.primary_hostname}
domainlist local_domains = ${concatStringsSep ":" cfg.local_domains}
domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains}
hostlist relay_from_hosts = <; 127.0.0.1 ; ::1
acl_smtp_rcpt = acl_check_rcpt
@ -85,7 +103,7 @@ let
retiolum:
driver = manualroute
domains = ! ${retiolumHostname} : *.retiolum
domains = ! +local_domains : +relay_to_domains
transport = remote_smtp
route_list = ^.* $0 byname
no_more
@ -125,8 +143,8 @@ let
# mode = 0660
begin retry
*.retiolum * F,42d,1m
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
${concatMapStringsSep "\n" (k: "${k} * F,42d,1m") cfg.relay_to_domains}
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
begin rewrite
@ -134,8 +152,4 @@ let
'';
};
};
# TODO get the hostname from somewhere else.
retiolumHostname = "${config.networking.hostName}.retiolum";
in
out
in out

View file

@ -25,14 +25,31 @@ let
}));
};
local_domains = mkOption {
type = with types; listOf hostname;
default = ["localhost"] ++ config.krebs.build.host.nets.retiolum.aliases;
};
relay_from_hosts = mkOption {
type = with types; listOf str;
default = [];
apply = xs: ["127.0.0.1" "::1"] ++ xs;
};
relay_to_domains = mkOption {
# TODO hostname with wildcards
type = with types; listOf str;
default = [
"*.r"
"*.retiolum"
];
};
primary_hostname = mkOption {
type = types.str;
default = "${config.networking.hostName}.retiolum";
default = let x = "${config.krebs.build.host.name}.r"; in
assert elem x config.krebs.build.host.nets.retiolum.aliases;
x;
};
sender_domains = mkOption {
@ -63,19 +80,11 @@ let
# HOST_REDIR contains the real destinations for "local_domains".
#HOST_REDIR = /etc/exim4/host_redirect
# Domains not listed in local_domains need to be deliverable remotely.
# XXX We abuse local_domains to mean "domains, we're the gateway for".
domainlist local_domains = @ : localhost
domainlist relay_to_domains =
hostlist relay_from_hosts = <;${concatStringsSep ";" (
[
"127.0.0.1"
"::1"
]
++
cfg.relay_from_hosts
)}
domainlist local_domains = ${concatStringsSep ":" cfg.local_domains}
domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains}
hostlist relay_from_hosts = <;${concatStringsSep ";" cfg.relay_from_hosts}
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
@ -144,7 +153,7 @@ let
retiolum:
debug_print = "R: retiolum for $local_part@$domain"
driver = manualroute
domains = ! ${cfg.primary_hostname} : *.retiolum
domains = ! +local_domains : +relay_to_domains
transport = retiolum_smtp
route_list = ^.* $0 byname
no_more
@ -197,8 +206,11 @@ let
return_path_add
begin retry
*.retiolum * F,42d,1m
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
${concatMapStringsSep "\n" (k: "${k} * F,42d,1m") cfg.relay_to_domains}
${concatMapStringsSep "\n" (k: "${k} * F,42d,1m")
# TODO don't include relay_to_domains
(map (getAttr "from") cfg.internet-aliases)}
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
begin rewrite
begin authenticators

View file

@ -15,6 +15,7 @@ let
addrs4 = ["10.243.111.111"];
addrs6 = ["42:0:0:0:0:0:0:7357"];
aliases = [
"test.r"
"test.retiolum"
];
tinc.pubkey = ''

View file

@ -5,7 +5,6 @@ with config.krebs.lib;
{
krebs.exim-smarthost = {
enable = true;
primary_hostname = "${config.networking.hostName}.retiolum";
sender_domains = [
"shackspace.de"
"viljetic.de"