makefu/stockholm
1
0
Fork 0
Code Issues Pull requests Actions 1 Packages Projects Releases Wiki Activity

krebs.exim*: admit *.r

Browse source
This commit is contained in:
tv 2016-02-21 21:51:11 +01:00
parent de5de37a12
commit a73eaae18c
5 changed files with 61 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
krebs/3modules/default.nix
View file

@ -143,12 +143,11 @@ let
{ text=(stripEmptyLines value); }) all-zones; { text=(stripEmptyLines value); }) all-zones;
krebs.exim-smarthost.internet-aliases = let krebs.exim-smarthost.internet-aliases = let
format = from: to: format = from: to: {
inherit from;
# TODO assert is-retiolum-mail-address to; # TODO assert is-retiolum-mail-address to;
{ inherit from; to = concatMapStringsSep "," (getAttr "mail") (toList to);
to = if typeOf to == "list" };
then concatMapStringsSep "," (getAttr "mail") to
else to.mail; };
in mapAttrsToList format (with config.krebs.users; let in mapAttrsToList format (with config.krebs.users; let
spam-ml = [ spam-ml = [
lass lass
@ -167,6 +166,10 @@ let
"makefu@retiolum" = makefu; "makefu@retiolum" = makefu;
"spam@retiolum" = spam-ml; "spam@retiolum" = spam-ml;
"tv@retiolum" = tv; "tv@retiolum" = tv;
"lass@r" = lass;
"makefu@r" = makefu;
"spam@r" = spam-ml;
"tv@r" = tv;
}); });
services.openssh.hostKeys = services.openssh.hostKeys =

36
krebs/3modules/exim-retiolum.nix
View file

@ -11,6 +11,24 @@ let
api = { api = {
enable = mkEnableOption "krebs.exim-retiolum"; enable = mkEnableOption "krebs.exim-retiolum";
local_domains = mkOption {
type = with types; listOf hostname;
default = ["localhost"] ++ config.krebs.build.host.nets.retiolum.aliases;
};
primary_hostname = mkOption {
type = types.str;
default = let x = "${config.krebs.build.host.name}.r"; in
assert elem x config.krebs.build.host.nets.retiolum.aliases;
x;
};
relay_to_domains = mkOption {
# TODO hostname with wildcards
type = with types; listOf str;
default = [
"*.r"
"*.retiolum"
];
};
}; };
imp = { imp = {
@ -21,9 +39,9 @@ let
# TODO modular configuration # TODO modular configuration
assert config.krebs.retiolum.enable; assert config.krebs.retiolum.enable;
'' ''
primary_hostname = ${retiolumHostname} primary_hostname = ${cfg.primary_hostname}
domainlist local_domains = @ : localhost domainlist local_domains = ${concatStringsSep ":" cfg.local_domains}
domainlist relay_to_domains = *.retiolum domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains}
hostlist relay_from_hosts = <; 127.0.0.1 ; ::1 hostlist relay_from_hosts = <; 127.0.0.1 ; ::1
acl_smtp_rcpt = acl_check_rcpt acl_smtp_rcpt = acl_check_rcpt
@ -85,7 +103,7 @@ let
retiolum: retiolum:
driver = manualroute driver = manualroute
domains = ! ${retiolumHostname} : *.retiolum domains = ! +local_domains : +relay_to_domains
transport = remote_smtp transport = remote_smtp
route_list = ^.* $0 byname route_list = ^.* $0 byname
no_more no_more
@ -125,8 +143,8 @@ let
# mode = 0660 # mode = 0660
begin retry begin retry
*.retiolum * F,42d,1m ${concatMapStringsSep "\n" (k: "${k} * F,42d,1m") cfg.relay_to_domains}
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
begin rewrite begin rewrite
@ -134,8 +152,4 @@ let
''; '';
}; };
}; };
in out
# TODO get the hostname from somewhere else.
retiolumHostname = "${config.networking.hostName}.retiolum";
in
out

42
krebs/3modules/exim-smarthost.nix
View file

@ -25,14 +25,31 @@ let
})); }));
}; };
local_domains = mkOption {
type = with types; listOf hostname;
default = ["localhost"] ++ config.krebs.build.host.nets.retiolum.aliases;
};
relay_from_hosts = mkOption { relay_from_hosts = mkOption {
type = with types; listOf str; type = with types; listOf str;
default = []; default = [];
apply = xs: ["127.0.0.1" "::1"] ++ xs;
};
relay_to_domains = mkOption {
# TODO hostname with wildcards
type = with types; listOf str;
default = [
"*.r"
"*.retiolum"
];
}; };
primary_hostname = mkOption { primary_hostname = mkOption {
type = types.str; type = types.str;
default = "${config.networking.hostName}.retiolum"; default = let x = "${config.krebs.build.host.name}.r"; in
assert elem x config.krebs.build.host.nets.retiolum.aliases;
x;
}; };
sender_domains = mkOption { sender_domains = mkOption {
@ -63,19 +80,11 @@ let
# HOST_REDIR contains the real destinations for "local_domains". # HOST_REDIR contains the real destinations for "local_domains".
#HOST_REDIR = /etc/exim4/host_redirect #HOST_REDIR = /etc/exim4/host_redirect
# Domains not listed in local_domains need to be deliverable remotely. # Domains not listed in local_domains need to be deliverable remotely.
# XXX We abuse local_domains to mean "domains, we're the gateway for". # XXX We abuse local_domains to mean "domains, we're the gateway for".
domainlist local_domains = @ : localhost domainlist local_domains = ${concatStringsSep ":" cfg.local_domains}
domainlist relay_to_domains = domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains}
hostlist relay_from_hosts = <;${concatStringsSep ";" ( hostlist relay_from_hosts = <;${concatStringsSep ";" cfg.relay_from_hosts}
[
"127.0.0.1"
"::1"
]
++
cfg.relay_from_hosts
)}
acl_smtp_rcpt = acl_check_rcpt acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data acl_smtp_data = acl_check_data
@ -144,7 +153,7 @@ let
retiolum: retiolum:
debug_print = "R: retiolum for $local_part@$domain" debug_print = "R: retiolum for $local_part@$domain"
driver = manualroute driver = manualroute
domains = ! ${cfg.primary_hostname} : *.retiolum domains = ! +local_domains : +relay_to_domains
transport = retiolum_smtp transport = retiolum_smtp
route_list = ^.* $0 byname route_list = ^.* $0 byname
no_more no_more
@ -197,8 +206,11 @@ let
return_path_add return_path_add
begin retry begin retry
*.retiolum * F,42d,1m ${concatMapStringsSep "\n" (k: "${k} * F,42d,1m") cfg.relay_to_domains}
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h ${concatMapStringsSep "\n" (k: "${k} * F,42d,1m")
# TODO don't include relay_to_domains
(map (getAttr "from") cfg.internet-aliases)}
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
begin rewrite begin rewrite
begin authenticators begin authenticators

1
krebs/3modules/shared/default.nix
View file

@ -15,6 +15,7 @@ let
addrs4 = ["10.243.111.111"]; addrs4 = ["10.243.111.111"];
addrs6 = ["42:0:0:0:0:0:0:7357"]; addrs6 = ["42:0:0:0:0:0:0:7357"];
aliases = [ aliases = [
"test.r"
"test.retiolum" "test.retiolum"
]; ];
tinc.pubkey = '' tinc.pubkey = ''

1
tv/2configs/exim-smarthost.nix
View file

@ -5,7 +5,6 @@ with config.krebs.lib;
{ {
krebs.exim-smarthost = { krebs.exim-smarthost = {
enable = true; enable = true;
primary_hostname = "${config.networking.hostName}.retiolum";
sender_domains = [ sender_domains = [
"shackspace.de" "shackspace.de"
"viljetic.de" "viljetic.de"