Merge remote-tracking branch 'cd/master'
This commit is contained in:
commit
d35de37b0d
11
Zhosts/eulerwalk
Normal file
11
Zhosts/eulerwalk
Normal file
@ -0,0 +1,11 @@
|
||||
Subnet = 10.243.176.249
|
||||
Subnet = 42:7429:4e08:14cf:fb5d:9c17:76e5:ddcb
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAv0GyX62KaykRkN9f6ZgtAOPk1rr+ZFG6Il24crrkIJgx0He+VVjr
|
||||
XgXE7EaVwNjNm/7nIhGGWbCzravDIrRzQXzY+IQIzXwSPKv0WZkqFHZj122SIt9L
|
||||
QKtkGnECA136uH3AqbXoxhsz2FnuDunZ6gKAi6XIlq5Qr2Nyv0qKKaM0zTZZ4pI5
|
||||
PqsNfV6r2gc3jo/tOuxVgG86dMAEHLMdwjdBE6/49daGXyhsGG7Gh93c8UlyFKyt
|
||||
r6LC+4Oc1MCMtCbxsmE/iZWJtpUHAcQDzTcAynP916xg1PBLhczfWFCPR0LXOQGe
|
||||
MYSv34G0gZqPmkNJryi1MEFZ61zo/SiO9wIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
11
Zhosts/tmpd
Normal file
11
Zhosts/tmpd
Normal file
@ -0,0 +1,11 @@
|
||||
Subnet = 10.243.235.99
|
||||
Subnet = 42:cd60:2f4b:3382:b9ba:74d7:5a13:ceb7
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAwSNjd1jYjsx+8JDRUV9QXhyMOrAIOMtKUGo/+Ufr+jHIY7h2BlQS
|
||||
6Jy7xjZv6zmHhEenhWs+P4qUCASXJPtZ7URgelA4NgkfVMsbgUQDM6VDZr0JwYXq
|
||||
csmp/9vxWRRbaNifG9x5+N50tMh9E5rMmDCV9ySWr3DAvDQckKAjfMtys2EWajW2
|
||||
sM02mXtMPAy5QgKNRvSbIVDnRjJyZpCkc5xNhv2rl7k+6RZltcec4IarIlnu5nv5
|
||||
f1cTAlPaWwGuyyXZeyFbzD0IAGJeWzCkt8+F8kOobRXJQbgDqYWLdH5BXagxBX4g
|
||||
VpDZTwdWU6oGph8m4kCg4vJCW1/XYOU1aQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
@ -7,6 +7,7 @@ let
|
||||
out = {
|
||||
imports = [
|
||||
./exim-retiolum.nix
|
||||
./exim-smarthost.nix
|
||||
./github-hosts-sync.nix
|
||||
./git.nix
|
||||
./nginx.nix
|
||||
@ -309,9 +310,11 @@ let
|
||||
users = addNames {
|
||||
lass = {
|
||||
pubkey = readFile ../../Zpubkeys/lass.ssh.pub;
|
||||
mail = "lass@mors.retiolum";
|
||||
};
|
||||
uriel = {
|
||||
pubkey = readFile ../../Zpubkeys/uriel.ssh.pub;
|
||||
mail = "uriel@mors.retiolum";
|
||||
};
|
||||
};
|
||||
};
|
||||
@ -455,6 +458,13 @@ let
|
||||
cd = {
|
||||
cores = 2;
|
||||
dc = "tv"; #dc = "cac";
|
||||
extraZones = {
|
||||
"de.krebsco" = ''
|
||||
mx23 IN A ${elemAt nets.internet.addrs4 0}
|
||||
cd IN A ${elemAt nets.internet.addrs4 0}
|
||||
krebsco.de. IN MX 5 mx23
|
||||
'';
|
||||
};
|
||||
nets = rec {
|
||||
internet = {
|
||||
addrs4 = ["162.219.7.216"];
|
||||
|
@ -8,11 +8,7 @@ let
|
||||
out = {
|
||||
options.krebs.exim-retiolum = api;
|
||||
config =
|
||||
# This configuration makes only sense for retiolum-enabled hosts.
|
||||
# TODO modular configuration
|
||||
mkIf cfg.enable (
|
||||
#assert config.krebs.retiolum.enable;
|
||||
imp);
|
||||
mkIf cfg.enable imp;
|
||||
};
|
||||
|
||||
api = {
|
||||
@ -20,121 +16,125 @@ let
|
||||
};
|
||||
|
||||
imp = {
|
||||
services.exim = {
|
||||
enable = true;
|
||||
config = ''
|
||||
primary_hostname = ${retiolumHostname}
|
||||
domainlist local_domains = @ : localhost
|
||||
domainlist relay_to_domains = *.retiolum
|
||||
hostlist relay_from_hosts = <; 127.0.0.1 ; ::1
|
||||
services.exim =
|
||||
# This configuration makes only sense for retiolum-enabled hosts.
|
||||
# TODO modular configuration
|
||||
assert config.krebs.retiolum.enable;
|
||||
{
|
||||
enable = true;
|
||||
config = ''
|
||||
primary_hostname = ${retiolumHostname}
|
||||
domainlist local_domains = @ : localhost
|
||||
domainlist relay_to_domains = *.retiolum
|
||||
hostlist relay_from_hosts = <; 127.0.0.1 ; ::1
|
||||
|
||||
acl_smtp_rcpt = acl_check_rcpt
|
||||
acl_smtp_data = acl_check_data
|
||||
acl_smtp_rcpt = acl_check_rcpt
|
||||
acl_smtp_data = acl_check_data
|
||||
|
||||
host_lookup = *
|
||||
rfc1413_hosts = *
|
||||
rfc1413_query_timeout = 5s
|
||||
host_lookup = *
|
||||
rfc1413_hosts = *
|
||||
rfc1413_query_timeout = 5s
|
||||
|
||||
log_file_path = syslog
|
||||
syslog_timestamp = false
|
||||
syslog_duplication = false
|
||||
log_file_path = syslog
|
||||
syslog_timestamp = false
|
||||
syslog_duplication = false
|
||||
|
||||
begin acl
|
||||
begin acl
|
||||
|
||||
acl_check_rcpt:
|
||||
accept hosts = :
|
||||
control = dkim_disable_verify
|
||||
acl_check_rcpt:
|
||||
accept hosts = :
|
||||
control = dkim_disable_verify
|
||||
|
||||
deny message = Restricted characters in address
|
||||
domains = +local_domains
|
||||
local_parts = ^[.] : ^.*[@%!/|]
|
||||
deny message = Restricted characters in address
|
||||
domains = +local_domains
|
||||
local_parts = ^[.] : ^.*[@%!/|]
|
||||
|
||||
deny message = Restricted characters in address
|
||||
domains = !+local_domains
|
||||
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
|
||||
deny message = Restricted characters in address
|
||||
domains = !+local_domains
|
||||
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
|
||||
|
||||
accept local_parts = postmaster
|
||||
domains = +local_domains
|
||||
accept local_parts = postmaster
|
||||
domains = +local_domains
|
||||
|
||||
#accept
|
||||
# hosts = *.retiolum
|
||||
# domains = *.retiolum
|
||||
# control = dkim_disable_verify
|
||||
#accept
|
||||
# hosts = *.retiolum
|
||||
# domains = *.retiolum
|
||||
# control = dkim_disable_verify
|
||||
|
||||
#require verify = sender
|
||||
#require verify = sender
|
||||
|
||||
accept hosts = +relay_from_hosts
|
||||
control = submission
|
||||
control = dkim_disable_verify
|
||||
accept hosts = +relay_from_hosts
|
||||
control = submission
|
||||
control = dkim_disable_verify
|
||||
|
||||
accept authenticated = *
|
||||
control = submission
|
||||
control = dkim_disable_verify
|
||||
accept authenticated = *
|
||||
control = submission
|
||||
control = dkim_disable_verify
|
||||
|
||||
require message = relay not permitted
|
||||
domains = +local_domains : +relay_to_domains
|
||||
require message = relay not permitted
|
||||
domains = +local_domains : +relay_to_domains
|
||||
|
||||
require verify = recipient
|
||||
require verify = recipient
|
||||
|
||||
accept
|
||||
accept
|
||||
|
||||
|
||||
acl_check_data:
|
||||
accept
|
||||
acl_check_data:
|
||||
accept
|
||||
|
||||
|
||||
begin routers
|
||||
begin routers
|
||||
|
||||
retiolum:
|
||||
driver = manualroute
|
||||
domains = ! ${retiolumHostname} : *.retiolum
|
||||
transport = remote_smtp
|
||||
route_list = ^.* $0 byname
|
||||
no_more
|
||||
retiolum:
|
||||
driver = manualroute
|
||||
domains = ! ${retiolumHostname} : *.retiolum
|
||||
transport = remote_smtp
|
||||
route_list = ^.* $0 byname
|
||||
no_more
|
||||
|
||||
nonlocal:
|
||||
debug_print = "R: nonlocal for $local_part@$domain"
|
||||
driver = redirect
|
||||
domains = ! +local_domains
|
||||
allow_fail
|
||||
data = :fail: Mailing to remote domains not supported
|
||||
no_more
|
||||
nonlocal:
|
||||
debug_print = "R: nonlocal for $local_part@$domain"
|
||||
driver = redirect
|
||||
domains = ! +local_domains
|
||||
allow_fail
|
||||
data = :fail: Mailing to remote domains not supported
|
||||
no_more
|
||||
|
||||
local_user:
|
||||
# debug_print = "R: local_user for $local_part@$domain"
|
||||
driver = accept
|
||||
check_local_user
|
||||
# local_part_suffix = +* : -*
|
||||
# local_part_suffix_optional
|
||||
transport = home_maildir
|
||||
cannot_route_message = Unknown user
|
||||
local_user:
|
||||
# debug_print = "R: local_user for $local_part@$domain"
|
||||
driver = accept
|
||||
check_local_user
|
||||
# local_part_suffix = +* : -*
|
||||
# local_part_suffix_optional
|
||||
transport = home_maildir
|
||||
cannot_route_message = Unknown user
|
||||
|
||||
|
||||
begin transports
|
||||
begin transports
|
||||
|
||||
remote_smtp:
|
||||
driver = smtp
|
||||
remote_smtp:
|
||||
driver = smtp
|
||||
|
||||
home_maildir:
|
||||
driver = appendfile
|
||||
maildir_format
|
||||
directory = $home/Maildir
|
||||
directory_mode = 0700
|
||||
delivery_date_add
|
||||
envelope_to_add
|
||||
return_path_add
|
||||
# group = mail
|
||||
# mode = 0660
|
||||
home_maildir:
|
||||
driver = appendfile
|
||||
maildir_format
|
||||
directory = $home/Maildir
|
||||
directory_mode = 0700
|
||||
delivery_date_add
|
||||
envelope_to_add
|
||||
return_path_add
|
||||
# group = mail
|
||||
# mode = 0660
|
||||
|
||||
begin retry
|
||||
*.retiolum * F,42d,1m
|
||||
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
|
||||
begin retry
|
||||
*.retiolum * F,42d,1m
|
||||
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
|
||||
|
||||
begin rewrite
|
||||
begin rewrite
|
||||
|
||||
begin authenticators
|
||||
'';
|
||||
};
|
||||
begin authenticators
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
# TODO get the hostname from somewhere else.
|
||||
|
219
krebs/3modules/exim-smarthost.nix
Normal file
219
krebs/3modules/exim-smarthost.nix
Normal file
@ -0,0 +1,219 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
with builtins;
|
||||
with lib;
|
||||
let
|
||||
cfg = config.krebs.exim-smarthost;
|
||||
|
||||
out = {
|
||||
options.krebs.exim-smarthost = api;
|
||||
config = mkIf cfg.enable imp;
|
||||
};
|
||||
|
||||
api = {
|
||||
enable = mkEnableOption "krebs.exim-smarthost";
|
||||
|
||||
internet-aliases = mkOption {
|
||||
type = types.listOf (types.submodule ({
|
||||
options = {
|
||||
from = mkOption {
|
||||
type = types.str; # TODO e-mail address
|
||||
};
|
||||
to = mkOption {
|
||||
type = types.str; # TODO e-mail address / TODO listOf
|
||||
};
|
||||
};
|
||||
}));
|
||||
};
|
||||
|
||||
relay_from_hosts = mkOption {
|
||||
type = with types; listOf str;
|
||||
default = [];
|
||||
};
|
||||
|
||||
primary_hostname = mkOption {
|
||||
type = types.str;
|
||||
default = "${config.networking.hostName}.retiolum";
|
||||
};
|
||||
|
||||
sender_domains = mkOption {
|
||||
type = with types; listOf str;
|
||||
default = [];
|
||||
};
|
||||
|
||||
system-aliases = mkOption {
|
||||
type = types.listOf (types.submodule ({
|
||||
options = {
|
||||
from = mkOption {
|
||||
type = types.str; # TODO e-mail address
|
||||
};
|
||||
to = mkOption {
|
||||
type = types.str; # TODO e-mail address / TODO listOf
|
||||
};
|
||||
};
|
||||
}));
|
||||
};
|
||||
};
|
||||
|
||||
imp = {
|
||||
services.exim = {
|
||||
enable = true;
|
||||
config = ''
|
||||
primary_hostname = ${cfg.primary_hostname}
|
||||
|
||||
# HOST_REDIR contains the real destinations for "local_domains".
|
||||
#HOST_REDIR = /etc/exim4/host_redirect
|
||||
|
||||
|
||||
# Domains not listed in local_domains need to be deliverable remotely.
|
||||
# XXX We abuse local_domains to mean "domains, we're the gateway for".
|
||||
domainlist local_domains = @ : localhost
|
||||
domainlist relay_to_domains =
|
||||
hostlist relay_from_hosts = <;${concatStringsSep ";" (
|
||||
[
|
||||
"127.0.0.1"
|
||||
"::1"
|
||||
]
|
||||
++
|
||||
cfg.relay_from_hosts
|
||||
)}
|
||||
|
||||
acl_smtp_rcpt = acl_check_rcpt
|
||||
acl_smtp_data = acl_check_data
|
||||
|
||||
never_users = root
|
||||
|
||||
host_lookup = *
|
||||
|
||||
rfc1413_hosts = *
|
||||
rfc1413_query_timeout = 5s
|
||||
|
||||
log_selector = -queue_run +address_rewrite +all_parents +queue_time
|
||||
log_file_path = syslog
|
||||
syslog_timestamp = false
|
||||
syslog_duplication = false
|
||||
|
||||
begin acl
|
||||
|
||||
acl_check_rcpt:
|
||||
accept hosts = :
|
||||
control = dkim_disable_verify
|
||||
|
||||
deny message = Restricted characters in address
|
||||
domains = +local_domains
|
||||
local_parts = ^[.] : ^.*[@%!/|]
|
||||
|
||||
deny message = Restricted characters in address
|
||||
domains = !+local_domains
|
||||
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
|
||||
|
||||
accept local_parts = postmaster
|
||||
domains = +local_domains
|
||||
|
||||
accept hosts = +relay_from_hosts
|
||||
control = submission
|
||||
control = dkim_disable_verify
|
||||
|
||||
accept authenticated = *
|
||||
control = submission
|
||||
control = dkim_disable_verify
|
||||
|
||||
accept message = relay not permitted 2
|
||||
recipients = lsearch;${lsearch.internet-aliases}
|
||||
|
||||
require message = relay not permitted
|
||||
domains = +local_domains : +relay_to_domains
|
||||
|
||||
require
|
||||
message = unknown user
|
||||
verify = recipient/callout
|
||||
|
||||
accept
|
||||
|
||||
|
||||
acl_check_data:
|
||||
warn
|
||||
sender_domains = ${concatStringsSep ":" cfg.sender_domains}
|
||||
set acl_m_special_dom = $sender_address_domain
|
||||
|
||||
accept
|
||||
|
||||
|
||||
begin routers
|
||||
|
||||
# feature RETIOLUM_MAIL
|
||||
retiolum:
|
||||
debug_print = "R: retiolum for $local_part@$domain"
|
||||
driver = manualroute
|
||||
domains = ! ${cfg.primary_hostname} : *.retiolum
|
||||
transport = retiolum_smtp
|
||||
route_list = ^.* $0 byname
|
||||
no_more
|
||||
|
||||
internet_aliases:
|
||||
debug_print = "R: internet_aliases for $local_part@$domain"
|
||||
driver = redirect
|
||||
data = ''${lookup{$local_part@$domain}lsearch{${lsearch.internet-aliases}}}
|
||||
|
||||
dnslookup:
|
||||
debug_print = "R: dnslookup for $local_part@$domain"
|
||||
driver = dnslookup
|
||||
domains = ! +local_domains
|
||||
transport = remote_smtp
|
||||
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
|
||||
no_more
|
||||
|
||||
system_aliases:
|
||||
debug_print = "R: system_aliases for $local_part@$domain"
|
||||
driver = redirect
|
||||
data = ''${lookup{$local_part}lsearch{${lsearch.system-aliases}}}
|
||||
|
||||
local_user:
|
||||
debug_print = "R: local_user for $local_part@$domain"
|
||||
driver = accept
|
||||
check_local_user
|
||||
transport = home_maildir
|
||||
cannot_route_message = Unknown user
|
||||
|
||||
begin transports
|
||||
|
||||
retiolum_smtp:
|
||||
driver = smtp
|
||||
retry_include_ip_address = false
|
||||
|
||||
remote_smtp:
|
||||
driver = smtp
|
||||
helo_data = ''${if eq{$acl_m_special_dom}{} \
|
||||
{$primary_hostname} \
|
||||
{$acl_m_special_dom} }
|
||||
|
||||
home_maildir:
|
||||
driver = appendfile
|
||||
maildir_format
|
||||
maildir_use_size_file
|
||||
directory = $home/Mail
|
||||
directory_mode = 0700
|
||||
delivery_date_add
|
||||
envelope_to_add
|
||||
return_path_add
|
||||
|
||||
begin retry
|
||||
*.retiolum * F,42d,1m
|
||||
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
|
||||
|
||||
begin rewrite
|
||||
begin authenticators
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
lsearch = mapAttrs (name: set: toFile name (to-lsearch set)) {
|
||||
inherit (cfg) internet-aliases;
|
||||
inherit (cfg) system-aliases;
|
||||
};
|
||||
|
||||
to-lsearch = concatMapStringsSep "\n" ({ from, to, ... }: "${from}: ${to}");
|
||||
|
||||
in
|
||||
out
|
@ -20,6 +20,7 @@
|
||||
../2configs/new-repos.nix
|
||||
#../../2configs/tv/synaptics.nix
|
||||
../2configs/retiolum.nix
|
||||
../2configs/wordpress.nix
|
||||
];
|
||||
|
||||
krebs.build = {
|
||||
@ -29,7 +30,7 @@
|
||||
deps = {
|
||||
nixpkgs = {
|
||||
url = https://github.com/Lassulus/nixpkgs;
|
||||
rev = "1879a011925c561f0a7fd4043da0768bbff41d0b";
|
||||
rev = "961fd7b7a0f88dde7dac2f7a4c05ee4e1a25381d";
|
||||
};
|
||||
secrets = {
|
||||
url = "/home/lass/secrets/${config.krebs.build.host.name}";
|
||||
|
@ -3,15 +3,15 @@
|
||||
with builtins;
|
||||
{
|
||||
imports = [
|
||||
../../2configs/lass/desktop-base.nix
|
||||
../../2configs/lass/browsers.nix
|
||||
../../2configs/lass/games.nix
|
||||
../../2configs/lass/pass.nix
|
||||
../../2configs/lass/urxvt.nix
|
||||
../../2configs/lass/bird.nix
|
||||
../../2configs/lass/new-repos.nix
|
||||
../../2configs/lass/chromium-patched.nix
|
||||
../../2configs/lass/retiolum.nix
|
||||
../2configs/desktop-base.nix
|
||||
../2configs/browsers.nix
|
||||
../2configs/games.nix
|
||||
../2configs/pass.nix
|
||||
../2configs/urxvt.nix
|
||||
../2configs/bird.nix
|
||||
../2configs/new-repos.nix
|
||||
../2configs/chromium-patched.nix
|
||||
../2configs/retiolum.nix
|
||||
{
|
||||
users.extraUsers = {
|
||||
root = {
|
||||
|
67
lass/2configs/downloading.nix
Normal file
67
lass/2configs/downloading.nix
Normal file
@ -0,0 +1,67 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
../3modules/iptables.nix
|
||||
../3modules/folderPerms.nix
|
||||
];
|
||||
|
||||
users.extraUsers = {
|
||||
download = {
|
||||
name = "download";
|
||||
home = "/var/download";
|
||||
createHome = true;
|
||||
extraGroups = [
|
||||
"download"
|
||||
];
|
||||
};
|
||||
|
||||
transmission = {
|
||||
extraGroups = [
|
||||
"download"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
users.extraGroups = {
|
||||
download = {
|
||||
members = [
|
||||
"download"
|
||||
"transmission"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
services.transmission = {
|
||||
enable = true;
|
||||
settings = {
|
||||
download-dir = "/var/download/finished";
|
||||
incomplete-dir = "/var/download/incoming";
|
||||
incomplete-dir-enabled = true;
|
||||
|
||||
rpc-authentication-required = true;
|
||||
rpc-whitelist-enabled = false;
|
||||
rpc-username = "download";
|
||||
#add rpc-password in secrets
|
||||
rpc-password = "test123";
|
||||
};
|
||||
};
|
||||
|
||||
lass.iptables = {
|
||||
enable = true;
|
||||
tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport 9091"; target = "ACCEPT"; }
|
||||
];
|
||||
};
|
||||
|
||||
lass.folderPerms = {
|
||||
enable = true;
|
||||
permissions = [
|
||||
{
|
||||
path = "/var/download";
|
||||
permission = "775";
|
||||
owner = "transmission:download";
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
@ -20,8 +20,8 @@ let
|
||||
# 10.243.206.102 ${domain}
|
||||
#'';
|
||||
users.extraUsers = {
|
||||
"${domain}" = {
|
||||
name = "${domain}";
|
||||
${domain} = {
|
||||
name = domain;
|
||||
home = "/var/lib/http/${domain}";
|
||||
createHome = true;
|
||||
};
|
||||
@ -90,9 +90,9 @@ in {
|
||||
};
|
||||
};
|
||||
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
};
|
||||
#services.postgresql = {
|
||||
# enable = true;
|
||||
#};
|
||||
|
||||
#config.services.vsftpd = {
|
||||
# enable = true;
|
||||
|
59
lass/2configs/wordpress.nix
Normal file
59
lass/2configs/wordpress.nix
Normal file
@ -0,0 +1,59 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
containers.wordpress = {
|
||||
privateNetwork = true;
|
||||
hostAddress = "192.168.101.1";
|
||||
localAddress = "192.168.101.2";
|
||||
|
||||
config = {
|
||||
imports = [
|
||||
../3modules/iptables.nix
|
||||
];
|
||||
|
||||
lass.iptables = {
|
||||
enable = true;
|
||||
tables = {
|
||||
filter.INPUT.policy = "DROP";
|
||||
filter.FORWARD.policy = "DROP";
|
||||
filter.INPUT.rules = [
|
||||
{ predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
|
||||
{ predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
|
||||
{ predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
|
||||
{ predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
|
||||
{ predicate = "-p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
iptables
|
||||
];
|
||||
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
package = pkgs.postgresql;
|
||||
};
|
||||
|
||||
services.httpd = {
|
||||
enable = true;
|
||||
adminAddr = "root@apanowicz.de";
|
||||
extraModules = [
|
||||
{ name = "php5"; path = "${pkgs.php}/modules/libphp5.so"; }
|
||||
];
|
||||
virtualHosts = [
|
||||
{
|
||||
hostName = "wordpress";
|
||||
serverAliases = [ "wordpress" "www.wordpress" ];
|
||||
|
||||
extraSubservices = [
|
||||
{
|
||||
serviceName = "wordpress";
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
104
lass/3modules/folderPerms.nix
Normal file
104
lass/3modules/folderPerms.nix
Normal file
@ -0,0 +1,104 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
#TODO: implement recursive mode maybe?
|
||||
# enable different mods for files and folders
|
||||
|
||||
let
|
||||
inherit (pkgs)
|
||||
writeScript
|
||||
;
|
||||
|
||||
inherit (lib)
|
||||
concatMapStringsSep
|
||||
concatStringsSep
|
||||
mkEnableOption
|
||||
mkIf
|
||||
mkOption
|
||||
types
|
||||
;
|
||||
|
||||
cfg = config.lass.folderPerms;
|
||||
|
||||
out = {
|
||||
options.lass.folderPerms = api;
|
||||
config = mkIf cfg.enable imp;
|
||||
};
|
||||
|
||||
api = {
|
||||
enable = mkEnableOption "folder permissions";
|
||||
permissions = mkOption {
|
||||
type = with types; listOf (submodule ({
|
||||
options = {
|
||||
path = mkOption {
|
||||
type = str;
|
||||
};
|
||||
permission = mkOption {
|
||||
type = nullOr str;
|
||||
example = "755";
|
||||
description = ''
|
||||
basically anything that chmod takes as permission
|
||||
'';
|
||||
default = null;
|
||||
};
|
||||
owner = mkOption {
|
||||
type = nullOr str;
|
||||
example = "root:root";
|
||||
description = ''
|
||||
basically anything that chown takes as owner
|
||||
'';
|
||||
default = null;
|
||||
};
|
||||
};
|
||||
}));
|
||||
};
|
||||
};
|
||||
|
||||
imp = {
|
||||
systemd.services.lass-folderPerms = {
|
||||
description = "lass-folderPerms";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
path = with pkgs; [
|
||||
coreutils
|
||||
];
|
||||
|
||||
restartIfChanged = true;
|
||||
|
||||
serviceConfig = {
|
||||
type = "simple";
|
||||
RemainAfterExit = true;
|
||||
Restart = "always";
|
||||
ExecStart = "@${startScript}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
startScript = writeScript "lass-folderPerms" ''
|
||||
${concatMapStringsSep "\n" writeCommand cfg.permissions}
|
||||
'';
|
||||
|
||||
writeCommand = fperm:
|
||||
concatStringsSep "\n" [
|
||||
(buildPermission fperm)
|
||||
(buildOwner fperm)
|
||||
];
|
||||
|
||||
buildPermission = perm:
|
||||
#TODO: create folder maybe
|
||||
#TODO: check if permission is valid
|
||||
if (perm.permission == null) then
|
||||
""
|
||||
else
|
||||
"chmod ${perm.permission} ${perm.path}"
|
||||
;
|
||||
|
||||
buildOwner = perm:
|
||||
#TODO: create folder maybe
|
||||
#TODO: check if owner/group valid
|
||||
if (perm.owner == null) then
|
||||
""
|
||||
else
|
||||
"chown ${perm.owner} ${perm.path}"
|
||||
;
|
||||
|
||||
in out
|
@ -30,7 +30,6 @@ in
|
||||
../2configs/CAC-CentOS-7-64bit.nix
|
||||
../2configs/base.nix
|
||||
../2configs/consul-server.nix
|
||||
../2configs/exim-smarthost.nix
|
||||
../2configs/git.nix
|
||||
{
|
||||
imports = [ ../2configs/charybdis.nix ];
|
||||
@ -45,6 +44,59 @@ in
|
||||
hosts = [ "jabber.viljetic.de" ];
|
||||
};
|
||||
}
|
||||
{
|
||||
krebs.exim-smarthost = {
|
||||
enable = true;
|
||||
primary_hostname = "${config.networking.hostName}.retiolum";
|
||||
sender_domains = [
|
||||
"shackspace.de"
|
||||
"viljetic.de"
|
||||
];
|
||||
relay_from_hosts = [
|
||||
"10.243.13.37"
|
||||
];
|
||||
internet-aliases = with config.krebs.users; [
|
||||
{ from = "tomislav@viljetic.de"; to = tv.mail; }
|
||||
|
||||
# (mindestens) lisp-stammtisch und elli haben die:
|
||||
{ from = "tv@viljetic.de"; to = tv.mail; }
|
||||
|
||||
{ from = "tv@destroy.dyn.shackspace.de"; to = tv.mail; }
|
||||
|
||||
{ from = "mirko@viljetic.de"; to = mv.mail; }
|
||||
|
||||
# TODO killme (wo wird die benutzt?)
|
||||
{ from = "tv@cd.retiolum"; to = tv.mail; }
|
||||
|
||||
# TODO lists@smtp.retiolum [consul]
|
||||
{ from = "postmaster@krebsco.de"; to = tv.mail; }
|
||||
|
||||
{ from = "spam@krebsco.de";
|
||||
to = pkgs.lib.concatStringsSep "," [
|
||||
tv.mail
|
||||
"lass@mors.retiolum"
|
||||
makefu.mail
|
||||
];
|
||||
}
|
||||
];
|
||||
system-aliases = [
|
||||
{ from = "mailer-daemon"; to = "postmaster"; }
|
||||
{ from = "postmaster"; to = "root"; }
|
||||
{ from = "nobody"; to = "root"; }
|
||||
{ from = "hostmaster"; to = "root"; }
|
||||
{ from = "usenet"; to = "root"; }
|
||||
{ from = "news"; to = "root"; }
|
||||
{ from = "webmaster"; to = "root"; }
|
||||
{ from = "www"; to = "root"; }
|
||||
{ from = "ftp"; to = "root"; }
|
||||
{ from = "abuse"; to = "root"; }
|
||||
{ from = "noc"; to = "root"; }
|
||||
{ from = "security"; to = "root"; }
|
||||
{ from = "root"; to = "tv"; }
|
||||
{ from = "mirko"; to = "mv"; }
|
||||
];
|
||||
};
|
||||
}
|
||||
{
|
||||
krebs.github-hosts-sync.enable = true;
|
||||
tv.iptables.input-internet-accept-new-tcp =
|
||||
|
@ -38,7 +38,7 @@ with lib;
|
||||
};
|
||||
}
|
||||
{
|
||||
krebs.exim-retiolum = true;
|
||||
krebs.exim-retiolum.enable = true;
|
||||
}
|
||||
{
|
||||
krebs.nginx = {
|
||||
|
@ -165,7 +165,7 @@ in
|
||||
};
|
||||
}
|
||||
{
|
||||
krebs.exim-retiolum = true;
|
||||
krebs.exim-retiolum.enable = true;
|
||||
}
|
||||
{
|
||||
krebs.nginx = {
|
||||
|
@ -1,475 +0,0 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
inherit (builtins) toFile;
|
||||
inherit (pkgs.lib.attrsets) mapAttrs;
|
||||
inherit (pkgs.lib.strings) concatMapStringsSep;
|
||||
in
|
||||
|
||||
{
|
||||
services.exim =
|
||||
let
|
||||
retiolumHostname = "${config.networking.hostName}.retiolum";
|
||||
|
||||
internet-aliases = with config.krebs.users; [
|
||||
{ from = "tomislav@viljetic.de"; to = tv.mail; }
|
||||
|
||||
# (mindestens) lisp-stammtisch und elli haben die:
|
||||
{ from = "tv@viljetic.de"; to = tv.mail; }
|
||||
|
||||
{ from = "tv@destroy.dyn.shackspace.de"; to = tv.mail; }
|
||||
|
||||
{ from = "mirko@viljetic.de"; to = mv.mail; }
|
||||
|
||||
# TODO killme (wo wird die benutzt?)
|
||||
{ from = "tv@cd.retiolum"; to = tv.mail; }
|
||||
|
||||
# TODO lists@smtp.retiolum [consul]
|
||||
{ from = "postmaster@krebsco.de"; to = tv.mail; }
|
||||
];
|
||||
|
||||
system-aliases = [
|
||||
{ from = "mailer-daemon"; to = "postmaster"; }
|
||||
{ from = "postmaster"; to = "root"; }
|
||||
{ from = "nobody"; to = "root"; }
|
||||
{ from = "hostmaster"; to = "root"; }
|
||||
{ from = "usenet"; to = "root"; }
|
||||
{ from = "news"; to = "root"; }
|
||||
{ from = "webmaster"; to = "root"; }
|
||||
{ from = "www"; to = "root"; }
|
||||
{ from = "ftp"; to = "root"; }
|
||||
{ from = "abuse"; to = "root"; }
|
||||
{ from = "noc"; to = "root"; }
|
||||
{ from = "security"; to = "root"; }
|
||||
{ from = "root"; to = "tv"; }
|
||||
{ from = "mirko"; to = "mv"; }
|
||||
];
|
||||
|
||||
to-lsearch = concatMapStringsSep "\n" ({ from, to }: "${from}: ${to}");
|
||||
lsearch =
|
||||
mapAttrs (name: set: toFile name (to-lsearch set)) {
|
||||
inherit internet-aliases;
|
||||
inherit system-aliases;
|
||||
};
|
||||
in
|
||||
{
|
||||
enable = true;
|
||||
config =
|
||||
''
|
||||
primary_hostname = ${retiolumHostname}
|
||||
|
||||
# HOST_REDIR contains the real destinations for "local_domains".
|
||||
#HOST_REDIR = /etc/exim4/host_redirect
|
||||
|
||||
|
||||
# Domains not listed in local_domains need to be deliverable remotely.
|
||||
# XXX We abuse local_domains to mean "domains, we're the gateway for".
|
||||
domainlist local_domains = @ : localhost
|
||||
#: viljetic.de : SHACK_REDIR_HOSTNAME
|
||||
domainlist relay_to_domains =
|
||||
hostlist relay_from_hosts = <; 127.0.0.1 ; ::1 ; 10.243.13.37
|
||||
|
||||
acl_smtp_rcpt = acl_check_rcpt
|
||||
acl_smtp_data = acl_check_data
|
||||
|
||||
# av_scanner = clamd:/tmp/clamd
|
||||
# spamd_address = 127.0.0.1 783
|
||||
|
||||
# tls_advertise_hosts = *
|
||||
# tls_certificate = /etc/ssl/exim.crt
|
||||
# tls_privatekey = /etc/ssl/exim.pem
|
||||
# (debian) tls_verify_certificates (to check client certs)
|
||||
|
||||
# daemon_smtp_ports = 25 : 465 : 587
|
||||
# tls_on_connect_ports = 465
|
||||
|
||||
# qualify_domain defaults to primary_hostname
|
||||
# qualify_recipient defaults to qualify_domain
|
||||
|
||||
# allow_domain_literals
|
||||
|
||||
never_users = root
|
||||
|
||||
host_lookup = *
|
||||
|
||||
# ident callbacks for all incoming SMTP calls
|
||||
rfc1413_hosts = *
|
||||
rfc1413_query_timeout = 5s
|
||||
|
||||
# sender_unqualified_hosts =
|
||||
# recipient_unqualified_hosts =
|
||||
|
||||
# percent_hack_domains =
|
||||
|
||||
# arch & debian
|
||||
#ignore_bounce_errors_after = 2d
|
||||
#timeout_frozen_after = 7d
|
||||
# debian
|
||||
#smtp_banner = $smtp_active_hostname ESMTP Exim $version_number $tod_full
|
||||
#freeze_tell = postmaster
|
||||
#trusted_users = uucp
|
||||
# arch
|
||||
#split_spool_directory = true
|
||||
|
||||
log_selector = -queue_run +address_rewrite +all_parents +queue_time
|
||||
log_file_path = syslog
|
||||
syslog_timestamp = false
|
||||
syslog_duplication = false
|
||||
|
||||
begin acl
|
||||
|
||||
acl_check_rcpt:
|
||||
# Accept if the source is local SMTP (i.e. not over TCP/IP).
|
||||
# We do this by testing for an empty sending host field.
|
||||
accept hosts = :
|
||||
# arch & debian:
|
||||
control = dkim_disable_verify
|
||||
|
||||
deny message = Restricted characters in address
|
||||
domains = +local_domains
|
||||
local_parts = ^[.] : ^.*[@%!/|]
|
||||
|
||||
deny message = Restricted characters in address
|
||||
domains = !+local_domains
|
||||
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
|
||||
|
||||
accept local_parts = postmaster
|
||||
domains = +local_domains
|
||||
|
||||
## feature RETIOLUM_MAIL
|
||||
#accept
|
||||
# hosts = *.retiolum
|
||||
# domains = *.retiolum
|
||||
# control = dkim_disable_verify
|
||||
|
||||
#require verify = sender
|
||||
|
||||
accept hosts = +relay_from_hosts
|
||||
control = submission
|
||||
# debian: control = submission/sender_retain
|
||||
# arch & debian:
|
||||
control = dkim_disable_verify
|
||||
|
||||
accept authenticated = *
|
||||
control = submission
|
||||
control = dkim_disable_verify
|
||||
|
||||
accept message = relay not permitted 2
|
||||
recipients = lsearch;${lsearch.internet-aliases}
|
||||
|
||||
require message = relay not permitted
|
||||
domains = +local_domains : +relay_to_domains
|
||||
|
||||
require
|
||||
message = unknown user
|
||||
verify = recipient/callout
|
||||
|
||||
# deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
|
||||
# dnslists = black.list.example
|
||||
#
|
||||
# warn dnslists = black.list.example
|
||||
# add_header = X-Warning: $sender_host_address is in a black list at $dnslist_domain
|
||||
# log_message = found in $dnslist_domain
|
||||
|
||||
# Client SMTP Authorization (csa) checks on the sending host.
|
||||
# Such checks do DNS lookups for special SRV records.
|
||||
# require verify = csa
|
||||
|
||||
accept
|
||||
|
||||
|
||||
acl_check_data:
|
||||
# see av_scanner
|
||||
#deny malware = *
|
||||
# message = This message contains a virus ($malware_name).
|
||||
|
||||
# Add headers to a message if it is judged to be spam. Before enabling this,
|
||||
# you must install SpamAssassin. You may also need to set the spamd_address
|
||||
# option above.
|
||||
#
|
||||
# warn spam = nobody
|
||||
# add_header = X-Spam_score: $spam_score\n\
|
||||
# X-Spam_score_int: $spam_score_int\n\
|
||||
# X-Spam_bar: $spam_bar\n\
|
||||
# X-Spam_report: $spam_report
|
||||
|
||||
# feature HELO_REWRITE
|
||||
# XXX note that the public ip (162.219.5.183) resolves to viljetic.de
|
||||
warn
|
||||
sender_domains = viljetic.de : shackspace.de
|
||||
set acl_m_special_dom = $sender_address_domain
|
||||
|
||||
accept
|
||||
|
||||
|
||||
begin routers
|
||||
|
||||
# feature RETIOLUM_MAIL
|
||||
retiolum:
|
||||
debug_print = "R: retiolum for $local_part@$domain"
|
||||
driver = manualroute
|
||||
domains = ! ${retiolumHostname} : *.retiolum
|
||||
transport = retiolum_smtp
|
||||
route_list = ^.* $0 byname
|
||||
no_more
|
||||
|
||||
internet_aliases:
|
||||
debug_print = "R: internet_aliases for $local_part@$domain"
|
||||
driver = redirect
|
||||
data = ''${lookup{$local_part@$domain}lsearch{${lsearch.internet-aliases}}}
|
||||
|
||||
dnslookup:
|
||||
debug_print = "R: dnslookup for $local_part@$domain"
|
||||
driver = dnslookup
|
||||
domains = ! +local_domains
|
||||
transport = remote_smtp
|
||||
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
|
||||
# if ipv6-enabled then instead use:
|
||||
# ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1
|
||||
|
||||
# (debian) same_domain_copy_routing = yes
|
||||
# (debian) ignore private rfc1918 and APIPA addresses
|
||||
# (debian) ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
|
||||
# 172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16 :\
|
||||
# 255.255.255.255
|
||||
|
||||
# Fail and bounce if the router does not find the domain in the DNS.
|
||||
# I.e. no more routers are tried.
|
||||
# There are a few cases where a dnslookup router will decline to accept an
|
||||
# address; if such a router is expected to handle "all remaining non-local
|
||||
# domains", then it is important to set no_more.
|
||||
no_more
|
||||
|
||||
# XXX this is only used because these "well known aliases" goto tv@cd.retiolum
|
||||
# TODO bounce everything, there is no @cd.retiolum
|
||||
system_aliases:
|
||||
debug_print = "R: system_aliases for $local_part@$domain"
|
||||
driver = redirect
|
||||
data = ''${lookup{$local_part}lsearch{${lsearch.system-aliases}}}
|
||||
|
||||
# TODO this is only b/c mv here... send mv's mails somewhere else...
|
||||
local_user:
|
||||
debug_print = "R: local_user for $local_part@$domain"
|
||||
driver = accept
|
||||
check_local_user
|
||||
# local_part_suffix = +* : -*
|
||||
# local_part_suffix_optional
|
||||
transport = home_maildir
|
||||
cannot_route_message = Unknown user
|
||||
|
||||
begin transports
|
||||
|
||||
retiolum_smtp:
|
||||
driver = smtp
|
||||
retry_include_ip_address = false
|
||||
# serialize_hosts = TODO-all-slow-hosts
|
||||
|
||||
remote_smtp:
|
||||
driver = smtp
|
||||
# debian has also stuff for tls, headers_rewrite and more here
|
||||
|
||||
# feature HELO_REWRITE
|
||||
# XXX note that the public ip (162.219.5.183) resolves to viljetic.de
|
||||
helo_data = ''${if eq{$acl_m_special_dom}{} \
|
||||
{$primary_hostname} \
|
||||
{$acl_m_special_dom} }
|
||||
|
||||
home_maildir:
|
||||
driver = appendfile
|
||||
maildir_format
|
||||
maildir_use_size_file
|
||||
directory = $home/Mail
|
||||
directory_mode = 0700
|
||||
delivery_date_add
|
||||
envelope_to_add
|
||||
return_path_add
|
||||
|
||||
begin retry
|
||||
*.retiolum * F,42d,1m
|
||||
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
|
||||
|
||||
begin rewrite
|
||||
begin authenticators
|
||||
'';
|
||||
|
||||
|
||||
# group = mail
|
||||
# mode = 0660
|
||||
|
||||
|
||||
#address_pipe:
|
||||
# driver = pipe
|
||||
# return_output
|
||||
#
|
||||
#address_file:
|
||||
# driver = appendfile
|
||||
# delivery_date_add
|
||||
# envelope_to_add
|
||||
# return_path_add
|
||||
#
|
||||
#address_reply:
|
||||
# driver = autoreply
|
||||
|
||||
|
||||
#maildrop_pipe:
|
||||
# debug_print = "T: maildrop_pipe for $local_part@$domain"
|
||||
# driver = pipe
|
||||
# path = "/bin:/usr/bin:/usr/local/bin"
|
||||
# command = "/usr/bin/maildrop"
|
||||
# return_path_add
|
||||
# delivery_date_add
|
||||
# envelope_to_add
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
##begin retry
|
||||
# Address or Domain Error Retries
|
||||
|
||||
# Our host_redirect destinations might be offline a lot.
|
||||
# TODO define fallback destinations(?)
|
||||
#lsearch;${lsearch.internet-aliases} * F,42d,1m
|
||||
|
||||
|
||||
## begin rewrite
|
||||
|
||||
# just in case (shackspace.de should already do this)
|
||||
#tv@shackspace.de tv@SHACK_REDIR_HOSTNAME T
|
||||
|
||||
|
||||
## begin authenticators
|
||||
#PLAIN:
|
||||
# driver = plaintext
|
||||
# server_set_id = $auth2
|
||||
# server_prompts = :
|
||||
# server_condition = Authentication is not yet configured
|
||||
# server_advertise_condition = ''${if def:tls_in_cipher }
|
||||
|
||||
#LOGIN:
|
||||
# driver = plaintext
|
||||
# server_set_id = $auth1
|
||||
# server_prompts = <| Username: | Password:
|
||||
# server_condition = Authentication is not yet configured
|
||||
# server_advertise_condition = ''${if def:tls_in_cipher }
|
||||
|
||||
|
||||
|
||||
};
|
||||
|
||||
}
|
||||
|
||||
# config = ''
|
||||
# primary_hostname = ${retiolumHostname}
|
||||
# domainlist local_domains = @ : localhost
|
||||
# domainlist relay_to_domains = *.retiolum
|
||||
# hostlist relay_from_hosts = <; 127.0.0.1 ; ::1
|
||||
#
|
||||
# acl_smtp_rcpt = acl_check_rcpt
|
||||
# acl_smtp_data = acl_check_data
|
||||
#
|
||||
# host_lookup = *
|
||||
# rfc1413_hosts = *
|
||||
# rfc1413_query_timeout = 5s
|
||||
#
|
||||
# log_file_path = syslog
|
||||
# syslog_timestamp = false
|
||||
# syslog_duplication = false
|
||||
#
|
||||
# begin acl
|
||||
#
|
||||
# acl_check_rcpt:
|
||||
# accept hosts = :
|
||||
# control = dkim_disable_verify
|
||||
#
|
||||
# deny message = Restricted characters in address
|
||||
# domains = +local_domains
|
||||
# local_parts = ^[.] : ^.*[@%!/|]
|
||||
#
|
||||
# deny message = Restricted characters in address
|
||||
# domains = !+local_domains
|
||||
# local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
|
||||
#
|
||||
# accept local_parts = postmaster
|
||||
# domains = +local_domains
|
||||
#
|
||||
# #accept
|
||||
# # hosts = *.retiolum
|
||||
# # domains = *.retiolum
|
||||
# # control = dkim_disable_verify
|
||||
#
|
||||
# #require verify = sender
|
||||
#
|
||||
# accept hosts = +relay_from_hosts
|
||||
# control = submission
|
||||
# control = dkim_disable_verify
|
||||
#
|
||||
# accept authenticated = *
|
||||
# control = submission
|
||||
# control = dkim_disable_verify
|
||||
#
|
||||
# require message = relay not permitted
|
||||
# domains = +local_domains : +relay_to_domains
|
||||
#
|
||||
# require verify = recipient
|
||||
#
|
||||
# accept
|
||||
#
|
||||
#
|
||||
# acl_check_data:
|
||||
# accept
|
||||
#
|
||||
#
|
||||
# begin routers
|
||||
#
|
||||
# retiolum:
|
||||
# driver = manualroute
|
||||
# domains = ! ${retiolumHostname} : *.retiolum
|
||||
# transport = remote_smtp
|
||||
# route_list = ^.* $0 byname
|
||||
# no_more
|
||||
#
|
||||
# nonlocal:
|
||||
# debug_print = "R: nonlocal for $local_part@$domain"
|
||||
# driver = redirect
|
||||
# domains = ! +local_domains
|
||||
# allow_fail
|
||||
# data = :fail: Mailing to remote domains not supported
|
||||
# no_more
|
||||
#
|
||||
# local_user:
|
||||
# # debug_print = "R: local_user for $local_part@$domain"
|
||||
# driver = accept
|
||||
# check_local_user
|
||||
# # local_part_suffix = +* : -*
|
||||
# # local_part_suffix_optional
|
||||
# transport = home_maildir
|
||||
# cannot_route_message = Unknown user
|
||||
#
|
||||
#
|
||||
# begin transports
|
||||
#
|
||||
# remote_smtp:
|
||||
# driver = smtp
|
||||
#
|
||||
# home_maildir:
|
||||
# driver = appendfile
|
||||
# maildir_format
|
||||
# directory = $home/Maildir
|
||||
# directory_mode = 0700
|
||||
# delivery_date_add
|
||||
# envelope_to_add
|
||||
# return_path_add
|
||||
# # group = mail
|
||||
# # mode = 0660
|
||||
#
|
||||
# begin retry
|
||||
# *.retiolum * F,42d,1m
|
||||
# * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
|
||||
#
|
||||
# begin rewrite
|
||||
#
|
||||
# begin authenticators
|
||||
# '';
|
||||
# };
|
||||
#}
|
Loading…
Reference in New Issue
Block a user