Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'cd/master'

Browse Source
This commit is contained in:
makefu 2015-08-13 12:02:38 +02:00
commit 4d08db7462
9 changed files with 193 additions and 131 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Makefile
View File

@ -25,7 +25,7 @@ deploy:;@
eval: eval:
@ @
ifeq ($(filter),json) ifeq ($(filter),json)
extraArgs=--json extraArgs='--json --strict'
filter() { jq -r .; } filter() { jq -r .; }
else else
filter() { cat; } filter() { cat; }
@ -33,8 +33,6 @@ endif
NIX_PATH=stockholm=$$PWD:$$NIX_PATH \ NIX_PATH=stockholm=$$PWD:$$NIX_PATH \
nix-instantiate \ nix-instantiate \
$${extraArgs-} \ $${extraArgs-} \
$${json+--json} \
$${json+--strict} \
--eval \ --eval \
-A "$$get" \ -A "$$get" \
'<stockholm>' \ '<stockholm>' \

1
krebs/3modules/default.nix
View File

@ -6,6 +6,7 @@ let
out = { out = {
imports = [ imports = [
./exim-retiolum.nix
./github-hosts-sync.nix ./github-hosts-sync.nix
./git.nix ./git.nix
./nginx.nix ./nginx.nix

142
krebs/3modules/exim-retiolum.nix Normal file
View File

@ -0,0 +1,142 @@
{ config, pkgs, lib, ... }:
with builtins;
with lib;
let
cfg = config.krebs.exim-retiolum;
out = {
options.krebs.exim-retiolum = api;
config =
# This configuration makes only sense for retiolum-enabled hosts.
# TODO modular configuration
assert config.krebs.retiolum.enable;
mkIf cfg.enable imp;
};
api = {
enable = mkEnableOption "krebs.exim-retiolum";
};
imp = {
services.exim = {
enable = true;
config = ''
primary_hostname = ${retiolumHostname}
domainlist local_domains = @ : localhost
domainlist relay_to_domains = *.retiolum
hostlist relay_from_hosts = <; 127.0.0.1 ; ::1
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 5s
log_file_path = syslog
syslog_timestamp = false
syslog_duplication = false
begin acl
acl_check_rcpt:
accept hosts = :
control = dkim_disable_verify
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
accept local_parts = postmaster
domains = +local_domains
#accept
# hosts = *.retiolum
# domains = *.retiolum
# control = dkim_disable_verify
#require verify = sender
accept hosts = +relay_from_hosts
control = submission
control = dkim_disable_verify
accept authenticated = *
control = submission
control = dkim_disable_verify
require message = relay not permitted
domains = +local_domains : +relay_to_domains
require verify = recipient
accept
acl_check_data:
accept
begin routers
retiolum:
driver = manualroute
domains = ! ${retiolumHostname} : *.retiolum
transport = remote_smtp
route_list = ^.* $0 byname
no_more
nonlocal:
debug_print = "R: nonlocal for $local_part@$domain"
driver = redirect
domains = ! +local_domains
allow_fail
data = :fail: Mailing to remote domains not supported
no_more
local_user:
# debug_print = "R: local_user for $local_part@$domain"
driver = accept
check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
transport = home_maildir
cannot_route_message = Unknown user
begin transports
remote_smtp:
driver = smtp
home_maildir:
driver = appendfile
maildir_format
directory = $home/Maildir
directory_mode = 0700
delivery_date_add
envelope_to_add
return_path_add
# group = mail
# mode = 0660
begin retry
*.retiolum * F,42d,1m
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
begin rewrite
begin authenticators
'';
};
};
# TODO get the hostname from somewhere else.
retiolumHostname = "${config.networking.hostName}.retiolum";
in
out

38
krebs/5pkgs/cac.nix Normal file
View File

@ -0,0 +1,38 @@
{ stdenv, fetchgit, coreutils, curl, gnused, jq, ncurses, sshpass, ... }:
stdenv.mkDerivation {
name = "cac";
src = fetchgit {
url = http://cgit.cd.retiolum/cac;
rev = "f4589158572ab35969b9bccf801ea07e115705e1";
sha256 = "9d761cd1d7ff68507392cbfd6c3f6000ddff9cc540293da2b3c4ee902321fb27";
};
phases = [
"unpackPhase"
"installPhase"
];
installPhase =
let
path = stdenv.lib.makeSearchPath "bin" [
coreutils
curl
gnused
jq
ncurses
sshpass
];
in
''
mkdir -p $out/bin
sed \
's,^\( true) \)\(cac "$@";;\)$,\1 PATH=${path}${PATH+:$PATH} \2,' \
< ./cac \
> $out/bin/cac
chmod +x $out/bin/cac
'';
}

1
krebs/5pkgs/default.nix
View File

@ -6,6 +6,7 @@ in
pkgs // pkgs //
{ {
cac = callPackage ./cac.nix {};
dic = callPackage ./dic.nix {}; dic = callPackage ./dic.nix {};
genid = callPackage ./genid.nix {}; genid = callPackage ./genid.nix {};
github-hosts-sync = callPackage ./github-hosts-sync.nix {}; github-hosts-sync = callPackage ./github-hosts-sync.nix {};

4
tv/1systems/nomic.nix
View File

@ -25,7 +25,6 @@ with lib;
../2configs/AO753.nix ../2configs/AO753.nix
../2configs/base.nix ../2configs/base.nix
../2configs/consul-server.nix ../2configs/consul-server.nix
../2configs/exim-retiolum.nix
../2configs/git.nix ../2configs/git.nix
{ {
tv.iptables = { tv.iptables = {
@ -38,6 +37,9 @@ with lib;
]; ];
}; };
} }
{
krebs.exim-retiolum = true;
}
{ {
krebs.nginx = { krebs.nginx = {
enable = true; enable = true;

5
tv/1systems/wu.nix
View File

@ -29,7 +29,6 @@ in
../2configs/w110er.nix ../2configs/w110er.nix
../2configs/base.nix ../2configs/base.nix
../2configs/consul-client.nix ../2configs/consul-client.nix
../2configs/exim-retiolum.nix
../2configs/git.nix ../2configs/git.nix
../2configs/mail-client.nix ../2configs/mail-client.nix
../2configs/xserver.nix ../2configs/xserver.nix
@ -91,6 +90,7 @@ in
sxiv sxiv
texLive texLive
tmux tmux
tvpkgs.cac
tvpkgs.dic tvpkgs.dic
zathura zathura
@ -164,6 +164,9 @@ in
]; ];
}; };
} }
{
krebs.exim-retiolum = true;
}
{ {
krebs.nginx = { krebs.nginx = {
enable = true; enable = true;

126
tv/2configs/exim-retiolum.nix
View File

@ -1,126 +0,0 @@
{ config, pkgs, ... }:
{
services.exim =
# This configuration makes only sense for retiolum-enabled hosts.
# TODO modular configuration
assert config.krebs.retiolum.enable;
let
# TODO get the hostname from config.krebs.retiolum.
retiolumHostname = "${config.networking.hostName}.retiolum";
in
{ enable = true;
config = ''
primary_hostname = ${retiolumHostname}
domainlist local_domains = @ : localhost
domainlist relay_to_domains = *.retiolum
hostlist relay_from_hosts = <; 127.0.0.1 ; ::1
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 5s
log_file_path = syslog
syslog_timestamp = false
syslog_duplication = false
begin acl
acl_check_rcpt:
accept hosts = :
control = dkim_disable_verify
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
accept local_parts = postmaster
domains = +local_domains
#accept
# hosts = *.retiolum
# domains = *.retiolum
# control = dkim_disable_verify
#require verify = sender
accept hosts = +relay_from_hosts
control = submission
control = dkim_disable_verify
accept authenticated = *
control = submission
control = dkim_disable_verify
require message = relay not permitted
domains = +local_domains : +relay_to_domains
require verify = recipient
accept
acl_check_data:
accept
begin routers
retiolum:
driver = manualroute
domains = ! ${retiolumHostname} : *.retiolum
transport = remote_smtp
route_list = ^.* $0 byname
no_more
nonlocal:
debug_print = "R: nonlocal for $local_part@$domain"
driver = redirect
domains = ! +local_domains
allow_fail
data = :fail: Mailing to remote domains not supported
no_more
local_user:
# debug_print = "R: local_user for $local_part@$domain"
driver = accept
check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
transport = home_maildir
cannot_route_message = Unknown user
begin transports
remote_smtp:
driver = smtp
home_maildir:
driver = appendfile
maildir_format
directory = $home/Maildir
directory_mode = 0700
delivery_date_add
envelope_to_add
return_path_add
# group = mail
# mode = 0660
begin retry
*.retiolum * F,42d,1m
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
begin rewrite
begin authenticators
'';
};
}

3
tv/2configs/git.nix
View File

@ -20,6 +20,9 @@ let
rules = concatMap make-rules (attrValues repos); rules = concatMap make-rules (attrValues repos);
public-repos = mapAttrs make-public-repo { public-repos = mapAttrs make-public-repo {
cac = {
desc = "CloudAtCost command line interface";
};
cgserver = {}; cgserver = {};
crude-mail-setup = {}; crude-mail-setup = {};
dot-xmonad = {}; dot-xmonad = {};