Merge remote-tracking branch 'ni/master'

2017-10-17 21:35:17 +02:00 · 2017-10-17 21:35:17 +02:00 · 9af86e7134
commit 9af86e7134
parent 4667bb8e41 3c810fef8a
8 changed files with 64 additions and 109 deletions
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@ -202,6 +202,7 @@ let
        "kontakt@eloop.org" = eloop-ml;
        "root@eloop.org" = eloop-ml;
        "eloop2016@krebsco.de" = eloop-ml;
        "eloop2017@krebsco.de" = eloop-ml;
        "postmaster@krebsco.de" = spam-ml; # RFC 822
        "lass@krebsco.de" = lass;
        "makefu@krebsco.de" = makefu;
--- a/krebs/3modules/exim-retiolum.nix
+++ b/krebs/3modules/exim-retiolum.nix
@ -43,7 +43,6 @@ let
          primary_hostname = ${cfg.primary_hostname}
          domainlist local_domains = ${concatStringsSep ":" cfg.local_domains}
          domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains}
          hostlist   relay_from_hosts = <; 127.0.0.1 ; ::1
          acl_smtp_rcpt = acl_check_rcpt
          acl_smtp_data = acl_check_data
@ -61,41 +60,15 @@ let
          begin acl
          acl_check_rcpt:
-            accept  hosts = :
+            deny
                    control = dkim_disable_verify
            deny    message       = Restricted characters in address
                    domains       = +local_domains
                    local_parts   = ^[.] : ^.*[@%!/|]
            deny    message       = Restricted characters in address
                    domains       = !+local_domains
              local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
-
+              message = restricted characters in address
            accept  local_parts   = postmaster
                    domains       = +local_domains
            #accept
            #  hosts = *.r
            #  domains = *.r
            #  control = dkim_disable_verify
            #require verify        = sender
            accept  hosts         = +relay_from_hosts
                    control       = submission
                    control       = dkim_disable_verify
            accept  authenticated = *
                    control       = submission
                    control       = dkim_disable_verify
            require message = relay not permitted
                    domains = +local_domains : +relay_to_domains
            require verify = recipient
            accept
              domains = +local_domains : +relay_to_domains
            deny
              message = relay not permitted
          acl_check_data:
@ -104,29 +77,19 @@ let
          begin routers
-          retiolum:
+          local:
            driver = manualroute
            domains = ! +local_domains : +relay_to_domains
            transport = remote_smtp
            route_list = ^.* $0 byname
            no_more
          nonlocal:
            debug_print = "R: nonlocal for $local_part@$domain"
            driver = redirect
            domains = ! +local_domains
            allow_fail
            data = :fail: Mailing to remote domains not supported
            no_more
          local_user:
            # debug_print = "R: local_user for $local_part@$domain"
            driver = accept
            domains = +local_domains
            check_local_user
-          # local_part_suffix = +* : -*
+          # local_part_suffix = +*
          # local_part_suffix_optional
            transport = home_maildir
-            cannot_route_message = Unknown user
+
          remote:
            driver = manualroute
            domains = +relay_to_domains
            transport = remote_smtp
            route_list = ^.* $0 byname
          begin transports
--- a/krebs/3modules/exim-smarthost.nix
+++ b/krebs/3modules/exim-smarthost.nix
@ -157,39 +157,28 @@ let
        begin acl
        acl_check_rcpt:
-          accept  hosts = :
+          deny
                  control = dkim_disable_verify
          deny    message       = Restricted characters in address
                  domains       = +local_domains
                  local_parts   = ^[.] : ^.*[@%!/|]
          deny    message       = Restricted characters in address
                  domains       = !+local_domains
            local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
-
+            message = restricted characters in address
          accept  local_parts   = postmaster
                  domains       = +local_domains
          accept  hosts         = +relay_from_hosts
                  control       = submission
                  control       = dkim_disable_verify
          accept  authenticated = *
                  control       = submission
                  control       = dkim_disable_verify
          accept message = relay not permitted 2
                  recipients = lsearch*@;${lsearch.internet-aliases}
          require message = relay not permitted
                  domains = +local_domains : +relay_to_domains
          require
            message = unknown user
            verify = recipient/callout
          accept
            recipients = lsearch*@;${lsearch.internet-aliases}
          accept
            authenticated = *
            control = dkim_disable_verify
            control = submission
          accept
            control = dkim_disable_verify
            control = submission
            hosts = +relay_from_hosts
          accept
            domains = +local_domains : +relay_to_domains
          deny
            message = relay not permitted
        acl_check_data:
--- a/krebs/5pkgs/simple/populate/default.nix
+++ b/krebs/5pkgs/simple/populate/default.nix
@ -13,12 +13,12 @@ in
 stdenv.mkDerivation rec {
  name = "populate";
-  version = "1.2.4";
+  version = "1.2.5";
  src = fetchgit {
    url = http://cgit.ni.krebsco.de/populate;
    rev = "refs/tags/v${version}";
-    sha256 = "0az41vaxfwrh9l19z3cbc7in8pylrnyc0xkzk6773xg2nj4g8a28";
+    sha256 = "10s4x117zp5whqq991xzw1i2jc1xhl580kx8hhzv8f1b4c9carx1";
  };
  phases = [
--- a/krebs/5pkgs/simple/quote.nix
+++ b/krebs/5pkgs/simple/quote.nix
@ -0,0 +1,13 @@
 { jq, writeDashBin }:
 # usage: quote [ARGS...]
 writeDashBin "quote" ''
  set -efu
  prefix=
  for x; do
    y=$(${jq}/bin/jq -nr --arg x "$x" '$x | @sh "\(.)"')
    echo -n "$prefix$y"
    prefix=' '
  done
  echo
 ''
--- a/krebs/5pkgs/simple/withGetopt.nix
+++ b/krebs/5pkgs/simple/withGetopt.nix
@ -1,5 +1,5 @@
 with import <stockholm/lib>;
-{ utillinux, writeDash }:
+{ coreutils, quote, utillinux, writeDash }:
 opt-spec: cmd-spec: let
@ -43,6 +43,9 @@ in writeDash wrapper-name ''
    unset ${opt.varname}
  '') opts)}
  WITHGETOPT_ORIG_ARGS=$(${quote}/bin/quote "$@")
  export WITHGETOPT_ORIG_ARGS
  args=$(${utillinux}/bin/getopt \
      -l ${shell.escape
            (concatMapStringsSep ","
--- a/shell.nix
+++ b/shell.nix
@ -20,7 +20,7 @@ let
    set -efu
    . ${init.env}
-    . ${init.proxy opts}
+    . ${init.proxy "deploy" opts}
    # Use system's nixos-rebuild, which is not self-contained
    export PATH=/run/current-system/sw/bin
@ -55,7 +55,7 @@ let
              # TODO inline prepare.sh?
    fi
-    . ${init.proxy opts}
+    . ${init.proxy "install" opts}
    # Reset PATH because we need access to nixos-install.
    # TODO provide nixos-install instead of relying on prepare.sh
@ -93,7 +93,7 @@ let
    export dummy_secrets=true
    . ${init.env}
-    . ${init.proxy opts}
+    . ${init.proxy "test" opts}
    exec ${utils.build} config.system.build.toplevel
  '');
@ -143,18 +143,6 @@ let
        ''}
  '');
  # usage: quote [ARGS...]
  cmds.quote = pkgs.writeDash "cmds.quote" ''
    set -efu
    prefix=
    for x; do
      y=$(${pkgs.jq}/bin/jq -nr --arg x "$x" '$x | @sh "\(.)"')
      echo -n "$prefix$y"
      prefix=' '
    done
    echo
  '';
  init.env = pkgs.writeText "init.env" /* sh */ ''
    export quiet
    export system
@ -171,7 +159,7 @@ let
    export target_local="$(echo $target_object | ${pkgs.jq}/bin/jq -r .local)"
  '';
-  init.proxy = opts: pkgs.writeText "init.proxy" /* sh */ ''
+  init.proxy = command: opts: pkgs.writeText "init.proxy" /* sh */ ''
    if \test "''${using_proxy-}" != true; then
      source=$(get-source "$source_file")
@ -194,7 +182,8 @@ let
                opts
              )} \
              using_proxy=true \
-              $(quote "$0" "$@")
+              ${lib.shell.escape command} \
              $WITHGETOPT_ORIG_ARGS \
            ")"
      fi
    fi
@ -243,6 +232,7 @@ in pkgs.stdenv.mkDerivation {
    fi
    export PATH=${lib.makeBinPath [
      pkgs.populate
      pkgs.quote
      shell.cmdspkg
    ]}
--- a/tv/5pkgs/simple/xmonad-tv/default.nix
+++ b/tv/5pkgs/simple/xmonad-tv/default.nix
@ -80,7 +80,7 @@ mainNoArgs = do
            , modMask           = mod4Mask
            , keys              = myKeys
            , workspaces        = workspaces0
-            , layoutHook        = smartBorders $ myLayout
+            , layoutHook        = smartBorders $ FixedColumn 1 20 80 10 ||| Full
            -- , handleEventHook   = myHandleEventHooks <+> handleTimerEvent
            --, handleEventHook   = handleTimerEvent
            , manageHook        = placeHook (smart (1,0)) <+> floatNextHook
@ -91,10 +91,6 @@ mainNoArgs = do
            , focusedBorderColor = "#f000b0"
            , handleEventHook = handleShutdownEvent
            }
  where
    myLayout =
        (onWorkspace "im" $ reflectVert $ Mirror $ Tall 1 (3/100) (12/13))
        (FixedColumn 1 20 80 10 ||| Full)
 xmonad' :: (LayoutClass l Window, Read (l Window)) => XConfig l -> IO ()