Merge remote-tracking branch 'lass/master'

This commit is contained in:
makefu 2019-06-28 22:02:41 +02:00
commit 1ba49c0ffe
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
7 changed files with 238 additions and 80 deletions

View File

@ -1,15 +1,17 @@
{ config, pkgs, lib, ... }:
with import <stockholm/lib>; with import <stockholm/lib>;
let { config, pkgs, lib, ... }: let
cfg = config.krebs.exim-retiolum; cfg = config.krebs.exim-retiolum;
out = { # Due to improvements to the JSON notation, braces around top-level objects
options.krebs.exim-retiolum = api; # are not necessary^Wsupported by rspamd's parser when including files:
config = lib.mkIf cfg.enable imp; # https://github.com/rspamd/rspamd/issues/2674
}; toMostlyJSON = value:
assert typeOf value == "set";
(s: substring 1 (stringLength s - 2) s)
(toJSON value);
api = { in {
options.krebs.exim-retiolum = {
enable = mkEnableOption "krebs.exim-retiolum"; enable = mkEnableOption "krebs.exim-retiolum";
local_domains = mkOption { local_domains = mkOption {
type = with types; listOf hostname; type = with types; listOf hostname;
@ -28,22 +30,70 @@ let
"*.r" "*.r"
]; ];
}; };
rspamd = {
enable = mkEnableOption "krebs.exim-retiolum.rspamd" // {
default = false;
}; };
locals = {
imp = { logging = {
level = mkOption {
type = types.enum [
"error"
"warning"
"notice"
"info"
"debug"
"silent"
];
default = "notice";
};
};
options = {
local_networks = mkOption {
type = types.listOf types.cidr;
default = [
config.krebs.build.host.nets.retiolum.ip4.prefix
config.krebs.build.host.nets.retiolum.ip6.prefix
];
};
};
};
};
};
imports = [
{
config = lib.mkIf cfg.rspamd.enable {
services.rspamd.enable = true;
services.rspamd.locals =
mapAttrs'
(name: value: nameValuePair "${name}.inc" {
text = toMostlyJSON value;
})
cfg.rspamd.locals;
users.users.${config.krebs.exim.user.name}.extraGroups = [
config.services.rspamd.group
];
};
}
];
config = lib.mkIf cfg.enable {
krebs.exim = { krebs.exim = {
enable = true; enable = true;
config = config =
# This configuration makes only sense for retiolum-enabled hosts. # This configuration makes only sense for retiolum-enabled hosts.
# TODO modular configuration # TODO modular configuration
assert config.krebs.tinc.retiolum.enable; assert config.krebs.tinc.retiolum.enable;
'' /* exim */ ''
keep_environment = keep_environment =
primary_hostname = ${cfg.primary_hostname} primary_hostname = ${cfg.primary_hostname}
domainlist local_domains = ${concatStringsSep ":" cfg.local_domains} domainlist local_domains = ${concatStringsSep ":" cfg.local_domains}
domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains} domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains}
${optionalString cfg.rspamd.enable /* exim */ ''
spamd_address = /run/rspamd/rspamd.sock variant=rspamd
''}
acl_smtp_rcpt = acl_check_rcpt acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data acl_smtp_data = acl_check_data
@ -72,6 +122,24 @@ let
acl_check_data: acl_check_data:
${optionalString cfg.rspamd.enable /* exim */ ''
accept condition = ''${if eq{$interface_port}{587}}
warn remove_header = ${concatStringsSep " : " [
"x-spam"
"x-spam-report"
"x-spam-score"
]}
warn
spam = nobody:true
warn
condition = ''${if !eq{$spam_action}{no action}}
add_header = X-Spam: Yes
add_header = X-Spam-Report: $spam_report
add_header = X-Spam-Score: $spam_score
''}
accept accept
@ -118,4 +186,4 @@ let
''; '';
}; };
}; };
in out }

View File

@ -121,7 +121,7 @@ let
}; };
krebs.exim = { krebs.exim = {
enable = true; enable = true;
config = '' config = /* exim */ ''
keep_environment = keep_environment =
primary_hostname = ${cfg.primary_hostname} primary_hostname = ${cfg.primary_hostname}
@ -233,7 +233,7 @@ let
remote_smtp: remote_smtp:
driver = smtp driver = smtp
${optionalString (cfg.dkim != []) (indent '' ${optionalString (cfg.dkim != []) (indent /* exim */ ''
dkim_canon = relaxed dkim_canon = relaxed
dkim_domain = $sender_address_domain dkim_domain = $sender_address_domain
dkim_private_key = ''${lookup{$sender_address_domain}lsearch{${lsearch.dkim_private_key}}} dkim_private_key = ''${lookup{$sender_address_domain}lsearch{${lsearch.dkim_private_key}}}
@ -262,7 +262,7 @@ let
begin rewrite begin rewrite
begin authenticators begin authenticators
${concatStringsSep "\n" (mapAttrsToList (name: text: '' ${concatStringsSep "\n" (mapAttrsToList (name: text: /* exim */ ''
${name}: ${name}:
${indent text} ${indent text}
'') cfg.authenticators)} '') cfg.authenticators)}

View File

@ -37,7 +37,7 @@ in {
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment = { environment = {
etc."exim.conf".source = pkgs.writeEximConfig "exim.conf" '' etc."exim.conf".source = pkgs.writeEximConfig "exim.conf" /* exim */ ''
exim_user = ${cfg.user.name} exim_user = ${cfg.user.name}
exim_group = ${cfg.group.name} exim_group = ${cfg.group.name}
exim_path = /run/wrappers/bin/exim exim_path = /run/wrappers/bin/exim

View File

@ -229,6 +229,35 @@ in {
}; };
}; };
}; };
inspector = {
owner = config.krebs.users.Mic92;
nets = rec {
internet = {
ip4.addr = "141.76.44.154";
aliases = [ "inspector.i" ];
};
retiolum = {
via = internet;
ip4.addr = "10.243.29.172";
aliases = [ "inspector.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG
EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ
7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF
m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw
WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd
eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03
OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau
ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x
B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG
q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj
7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
justraute = { justraute = {
owner = config.krebs.users.raute; # laptop owner = config.krebs.users.raute; # laptop
nets = { nets = {
@ -241,6 +270,30 @@ in {
}; };
}; };
}; };
matchbox = {
owner = config.krebs.users.Mic92;
nets = {
retiolum = {
ip4.addr = "10.243.29.176";
aliases = [ "matchbox.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAqwB9pzV889vpMp/am+T0sfm5qO/wAWS/tv0auYK3Zyx3ChxrQX2m
VrxO5a/bjR/g1fi/t2kJIV/6tsVSRHfzKuKHprE2KxeNOmwUuSjjiM4CboASMR+w
nra6U0Ldf5vBxtEj5bj384QxwxxVLhSw8NbE43FCM07swSvAT8Y/ZmGUd738674u
TNC6zM6zwLvN0dxCDLuD5bwUq7y73JNQTm2YXv1Hfw3T8XqJK/Xson2Atv2Y5ZbE
TA0RaH3PoEkhkVeJG/EuUIJhvmunS5bBjFSiOiUZ8oEOSjo9nHUMD0u+x1BZIg/1
yy5B5iB4YSGPAtjMJhwD/LRIoI8msWpdVCCnA+FlKCKAsgC7JbJgcOUtK9eDFdbO
4FyzdUJbK+4PDguraPGzIX7p+K3SY8bbyo3SSp5rEb+CEWtFf26oJm7eBhDBT6K4
Ofmzp0GjFbS8qkqEGCQcfi4cAsXMVCn4AJ6CKs89y19pLZ42fUtWg7WgUZA7GWV/
bPE2RSBMUkGb0ovgoe7Z7NXsL3AST8EQEy+3lAEyUrPFLiwoeGJZmfTDTy1VBFI4
nCShp7V+MSmz4DnLK1HLksLVLmGyZmouGsLjYUnEa414EI6NJF3bfEO2ZRGaswyR
/vW066YCTe7wi+YrvrMDgkdbyfn/ecMTn2iXsTb4k9/fuO0+hsqL+isCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
qubasa = { qubasa = {
owner = config.krebs.users.qubasa; owner = config.krebs.users.qubasa;
nets = { nets = {
@ -411,55 +464,52 @@ in {
}; };
}; };
}; };
inspector = { uppreisn = {
owner = config.krebs.users.Mic92; owner = config.krebs.users.ilmu;
nets = rec { nets = {
internet = {
ip4.addr = "141.76.44.154";
aliases = [ "inspector.i" ];
};
retiolum = { retiolum = {
via = internet; ip4.addr = "10.243.42.13";
ip4.addr = "10.243.29.172"; aliases = [ "ilmu.r" ];
aliases = [ "inspector.r" ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY----- -----BEGIN PUBLIC KEY-----
MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAweAz7KtgYVuAfqP7Zoax
EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ BrQ++qig30Aabnou5C62bYIf1Fn8Z9RbDROTmkGeF7No7mZ7wH0hNpRXo1N/sLNt
7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF gr4bX7fXAvQ3NeeoMmM6VcC+pExnE4NMMnu0Dm3Z/WcQkCsJukkcvpC1gWkjPXea
m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw gn3ODl2wbKMiRBhQDA2Ro0zDQ+gAIsgtS9fDA85Rb0AToLwifHHavz81SXF+9piv
WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd qIl3rJZVBo1kOiolv5BCh4/O+R5boiFfPGAiqEcob0cTcmSCXaMqis8UNorlm08j
eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03 ytNG7kazeRQb9olJ/ovCA1b+6iAZ4251twuQkHfNdfC3VM32jbGq7skMyhX3qN/b
OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau WoHHeBZR8eH5MpTTIODI+r4cLswAJqlCk816bGMmg6MuZutTlQCRTy1S/wXY/8ei
ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x STAZ1IZH6dnwCJ9HXgMC6hcYuOs/KmvSdaa7F+yTEq83IAASewbRgn/YHsMksftI
B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG d8db17rEOT5uC1jOGKF98d7e30MX5saTJZLB6XmNDsql/lFoooGzTz/L80JUYiJ0
q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj fQFADznZpA+NE+teOH9aXsucDQkX6BOPSO4XKXV86RIejHUSEx5WdaqGOUfmhFUo
7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ== 9hZhr0qiiKNlXlP8noM9n+hPNKNkOlctQcpnatgdU3uQMtITPyKSLMUDoQIJlSgq
-----END RSA PUBLIC KEY----- lak5LCqzwU9qa9EQSU4nLZ0CAwEAAQ==
-----END PUBLIC KEY-----
''; '';
}; };
}; };
}; };
matchbox = { unnamed = {
owner = config.krebs.users.Mic92; owner = config.krebs.users.pie_;
nets = { nets = {
retiolum = { retiolum = {
ip4.addr = "10.243.29.176"; ip4.addr = "10.243.3.14";
aliases = [ "matchbox.r" ]; aliases = [ "unnamed.r" ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY----- -----BEGIN PUBLIC KEY-----
MIICCgKCAgEAqwB9pzV889vpMp/am+T0sfm5qO/wAWS/tv0auYK3Zyx3ChxrQX2m MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvGXVl+WV/bDxFAnYnAhZ
VrxO5a/bjR/g1fi/t2kJIV/6tsVSRHfzKuKHprE2KxeNOmwUuSjjiM4CboASMR+w 2rHCU5dqtBvSg0sywV1j++lEuELBx4Zq14qyjDRGkkIGdgzCZBLK2cCgxPJ3MRFx
nra6U0Ldf5vBxtEj5bj384QxwxxVLhSw8NbE43FCM07swSvAT8Y/ZmGUd738674u ZwiO3jPscTu3I7zju7ULO/LqGQG+Yf86estfGh394zFJ2rnFSwegeMNqCpOaurOH
TNC6zM6zwLvN0dxCDLuD5bwUq7y73JNQTm2YXv1Hfw3T8XqJK/Xson2Atv2Y5ZbE GuYtNdjkxn/2wj00s+JEJjCNRMg8bkTMT3czuTr2k+6ICI8SgLZMDH7TjRfePHEW
TA0RaH3PoEkhkVeJG/EuUIJhvmunS5bBjFSiOiUZ8oEOSjo9nHUMD0u+x1BZIg/1 X9/v4O3kMSZccT/wZWmezXuYlO7CJs7f4VV98z+sgubmIZz3uLfQFY8y9gmGp46y
yy5B5iB4YSGPAtjMJhwD/LRIoI8msWpdVCCnA+FlKCKAsgC7JbJgcOUtK9eDFdbO 5n5QyD0iIqkLNGIldNnToVJPToRaW5OdNKtZFayU4pWZ296sEcJI0NWLYqy7yZfD
4FyzdUJbK+4PDguraPGzIX7p+K3SY8bbyo3SSp5rEb+CEWtFf26oJm7eBhDBT6K4 PG2FlCQmebUxMYk+iK0cYRLFzOgnr14uXihXxhuHYJ8R1VIbWuto1YFGUv5J/Jct
Ofmzp0GjFbS8qkqEGCQcfi4cAsXMVCn4AJ6CKs89y19pLZ42fUtWg7WgUZA7GWV/ 3vgjwOlHwZKC9FTqnRjgp58QtnKneXGNZ446eKHUCmSRDKl8fc/m9ePHrISnGROY
bPE2RSBMUkGb0ovgoe7Z7NXsL3AST8EQEy+3lAEyUrPFLiwoeGJZmfTDTy1VBFI4 gXMieAmOZtsQIxwRpBGCLjrr3sx8RRNY8ROycqPaQWp3upp61jAvvQW3SIvkp1+M
nCShp7V+MSmz4DnLK1HLksLVLmGyZmouGsLjYUnEa414EI6NJF3bfEO2ZRGaswyR jGvfebJOSkEZurwGcWUar9w9t/oDfsV+R9Nm9n2IkdkNlnvXD1rcj7KqbFPtGf1a
/vW066YCTe7wi+YrvrMDgkdbyfn/ecMTn2iXsTb4k9/fuO0+hsqL+isCAwEAAQ== MmB3AmwyIVv9Rk1Vpjkz4EtL4kPqiuhPrf1bHQhAdcwqwFGyo8HXsoMedb3Irhwm
-----END RSA PUBLIC KEY----- OxwCRYLtEweku7HLhUVTnDkCAwEAAQ==
-----END PUBLIC KEY-----
''; '';
}; };
}; };
@ -495,6 +545,9 @@ in {
mail = "dickbutt@excogitation.de"; mail = "dickbutt@excogitation.de";
pubkey = ssh-for "exco"; pubkey = ssh-for "exco";
}; };
ilmu = {
mail = "ilmu@rishi.is";
};
jan = { jan = {
mail = "jan.heidbrink@posteo.de"; mail = "jan.heidbrink@posteo.de";
}; };
@ -527,5 +580,6 @@ in {
}; };
filly = { filly = {
}; };
pie_ = {};
}; };
} }

View File

@ -2,40 +2,69 @@
let let
cfg = config.krebs.syncthing; kcfg = config.krebs.syncthing;
scfg = config.services.syncthing;
devices = mapAttrsToList (name: peer: { devices = mapAttrsToList (name: peer: {
name = name; name = name;
deviceID = peer.id; deviceID = peer.id;
addresses = peer.addresses; addresses = peer.addresses;
}) cfg.peers; }) kcfg.peers;
folders = mapAttrsToList ( _: folder: { folders = mapAttrsToList ( _: folder: {
inherit (folder) path id type; inherit (folder) path id type;
devices = map (peer: { deviceId = cfg.peers.${peer}.id; }) folder.peers; devices = map (peer: { deviceId = kcfg.peers.${peer}.id; }) folder.peers;
rescanIntervalS = folder.rescanInterval; rescanIntervalS = folder.rescanInterval;
fsWatcherEnabled = folder.watch; fsWatcherEnabled = folder.watch;
fsWatcherDelayS = folder.watchDelay; fsWatcherDelayS = folder.watchDelay;
ignoreDelete = folder.ignoreDelete;
ignorePerms = folder.ignorePerms; ignorePerms = folder.ignorePerms;
}) cfg.folders; }) kcfg.folders;
getApiKey = pkgs.writeDash "getAPIKey" '' getApiKey = pkgs.writeDash "getAPIKey" ''
${pkgs.libxml2}/bin/xmllint \ ${pkgs.libxml2}/bin/xmllint \
--xpath 'string(configuration/gui/apikey)'\ --xpath 'string(configuration/gui/apikey)'\
${config.services.syncthing.configDir}/config.xml ${scfg.configDir}/config.xml
''; '';
updateConfig = pkgs.writeDash "merge-syncthing-config" '' updateConfig = pkgs.writeDash "merge-syncthing-config" ''
set -efu set -efu
# XXX this assumes the GUI address to be "IPv4 address and port"
host=${shell.escape (elemAt (splitString ":" scfg.guiAddress) 0)}
port=${shell.escape (elemAt (splitString ":" scfg.guiAddress) 1)}
# wait for service to restart # wait for service to restart
${pkgs.untilport}/bin/untilport localhost 8384 ${pkgs.untilport}/bin/untilport "$host" "$port"
API_KEY=$(${getApiKey}) API_KEY=$(${getApiKey})
CFG=$(${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config)
echo "$CFG" | ${pkgs.jq}/bin/jq -s '.[] as $in | $in * { _curl() {
"devices": (${builtins.toJSON devices}${optionalString (! cfg.overridePeers) " + $in.devices"}), ${pkgs.curl}/bin/curl \
"folders": (${builtins.toJSON folders}${optionalString (! cfg.overrideFolders) " + $in.folders"}) -Ss \
}' | ${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config -d @- -H "X-API-Key: $API_KEY" \
${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/restart -X POST "http://$host:$port/rest""$@"
}
old_config=$(_curl /system/config)
new_config=${shell.escape (toJSON {
inherit devices folders;
})}
new_config=$(${pkgs.jq}/bin/jq -en \
--argjson old_config "$old_config" \
--argjson new_config "$new_config" \
'
$old_config * $new_config
${optionalString (!kcfg.overridePeers) ''
* { devices: $old_config.devices }
''}
${optionalString (!kcfg.overrideFolders) ''
* { folders: $old_config.folders }
''}
'
)
echo $new_config | _curl /system/config -d @-
_curl /system/restart -X POST
''; '';
in in
@ -129,6 +158,11 @@ in
default = 10; default = 10;
}; };
ignoreDelete = mkOption {
type = types.bool;
default = false;
};
ignorePerms = mkOption { ignorePerms = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
@ -139,19 +173,19 @@ in
}; };
}; };
config = (mkIf cfg.enable) { config = mkIf kcfg.enable {
systemd.services.syncthing = mkIf (cfg.cert != null || cfg.key != null) { systemd.services.syncthing = mkIf (kcfg.cert != null || kcfg.key != null) {
preStart = '' preStart = ''
${optionalString (cfg.cert != null) '' ${optionalString (kcfg.cert != null) ''
cp ${toString cfg.cert} ${config.services.syncthing.configDir}/cert.pem cp ${toString kcfg.cert} ${scfg.configDir}/cert.pem
chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.configDir}/cert.pem chown ${scfg.user}:${scfg.group} ${scfg.configDir}/cert.pem
chmod 400 ${config.services.syncthing.configDir}/cert.pem chmod 400 ${scfg.configDir}/cert.pem
''} ''}
${optionalString (cfg.key != null) '' ${optionalString (kcfg.key != null) ''
cp ${toString cfg.key} ${config.services.syncthing.configDir}/key.pem cp ${toString kcfg.key} ${scfg.configDir}/key.pem
chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.configDir}/key.pem chown ${scfg.user}:${scfg.group} ${scfg.configDir}/key.pem
chmod 400 ${config.services.syncthing.configDir}/key.pem chmod 400 ${scfg.configDir}/key.pem
''} ''}
''; '';
}; };
@ -161,7 +195,7 @@ in
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
User = config.services.syncthing.user; User = scfg.user;
RemainAfterExit = true; RemainAfterExit = true;
Type = "oneshot"; Type = "oneshot";
ExecStart = updateConfig; ExecStart = updateConfig;

View File

@ -7,5 +7,6 @@ with import <stockholm/lib>;
pkgs.eximlog pkgs.eximlog
]; ];
krebs.exim-retiolum.enable = true; krebs.exim-retiolum.enable = true;
krebs.exim-retiolum.rspamd.enable = config.krebs.build.host.name == "nomic";
tv.iptables.input-retiolum-accept-tcp = singleton "smtp"; tv.iptables.input-retiolum-accept-tcp = singleton "smtp";
} }

View File

@ -130,6 +130,7 @@ with import <stockholm/lib>;
c = {}; c = {};
cabal = {}; cabal = {};
diff = {}; diff = {};
exim = {};
haskell = {}; haskell = {};
jq.extraStart = alts [ jq.extraStart = alts [
(writer "Jq") (writer "Jq")