Merge remote-tracking branch 'ni/master'
This commit is contained in:
commit
d7341bbff6
@ -12,6 +12,8 @@ let
|
||||
api = {
|
||||
enable = mkEnableOption "krebs.exim-smarthost";
|
||||
|
||||
enableSPFVerification = mkEnableOption "SPF verification";
|
||||
|
||||
authenticators = mkOption {
|
||||
type = types.attrsOf types.str;
|
||||
default = {};
|
||||
@ -126,8 +128,9 @@ let
|
||||
domainlist sender_domains = ${concatStringsSep ":" cfg.sender_domains}
|
||||
hostlist relay_from_hosts = <;${concatStringsSep ";" cfg.relay_from_hosts}
|
||||
|
||||
acl_smtp_rcpt = acl_check_rcpt
|
||||
acl_smtp_data = acl_check_data
|
||||
acl_smtp_mail = acl_check_mail
|
||||
acl_smtp_rcpt = acl_check_rcpt
|
||||
|
||||
never_users = root
|
||||
|
||||
@ -179,6 +182,41 @@ let
|
||||
|
||||
accept
|
||||
|
||||
acl_check_mail:
|
||||
${if cfg.enableSPFVerification then indent /* exim */ ''
|
||||
accept
|
||||
authenticated = *
|
||||
accept
|
||||
hosts = +relay_from_hosts
|
||||
deny
|
||||
spf = fail : softfail
|
||||
log_message = spf=$spf_result
|
||||
message = SPF validation failed: \
|
||||
$sender_host_address is not allowed to send mail from \
|
||||
''${if def:sender_address_domain\
|
||||
{$sender_address_domain}\
|
||||
{$sender_helo_name}}
|
||||
deny
|
||||
spf = permerror
|
||||
log_message = spf=$spf_result
|
||||
message = SPF validation failed: \
|
||||
syntax error in SPF record(s) for \
|
||||
''${if def:sender_address_domain\
|
||||
{$sender_address_domain}\
|
||||
{$sender_helo_name}}
|
||||
defer
|
||||
spf = temperror
|
||||
log_message = spf=$spf_result; deferred
|
||||
message = temporary error during SPF validation; \
|
||||
please try again later
|
||||
warn
|
||||
spf = none : neutral
|
||||
log_message = spf=$spf_result
|
||||
accept
|
||||
add_header = $spf_received
|
||||
'' else indent /* exim */ ''
|
||||
accept
|
||||
''}
|
||||
|
||||
begin routers
|
||||
|
||||
|
@ -2,6 +2,12 @@
|
||||
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
optionalAttr = name: value:
|
||||
if name != null then
|
||||
{ ${name} = value; }
|
||||
else
|
||||
{};
|
||||
|
||||
cfg = config.krebs.htgen;
|
||||
|
||||
out = {
|
||||
@ -30,8 +36,15 @@ let
|
||||
};
|
||||
|
||||
script = mkOption {
|
||||
type = types.str;
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
};
|
||||
|
||||
scriptFile = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.user;
|
||||
default = {
|
||||
@ -54,8 +67,10 @@ let
|
||||
after = [ "network.target" ];
|
||||
environment = {
|
||||
HTGEN_PORT = toString htgen.port;
|
||||
HTGEN_SCRIPT = htgen.script;
|
||||
};
|
||||
}
|
||||
// optionalAttr "HTGEN_SCRIPT" htgen.script
|
||||
// optionalAttr "HTGEN_SCRIPT_FILE" htgen.scriptFile
|
||||
;
|
||||
serviceConfig = {
|
||||
SyslogIdentifier = "htgen";
|
||||
User = htgen.user.name;
|
||||
|
@ -1,13 +1,12 @@
|
||||
{ fetchgit, lib, pkgs, stdenv }:
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "htgen";
|
||||
version = "1.3.1";
|
||||
version = "1.4.0";
|
||||
|
||||
#src = <htgen>;
|
||||
src = fetchgit {
|
||||
url = "http://cgit.krebsco.de/htgen";
|
||||
url = "https://cgit.krebsco.de/htgen";
|
||||
rev = "refs/tags/${version}";
|
||||
sha256 = "0ml8kp89bwkrwy6iqclzyhxgv2qn9dcpwaafbmsr4mgcl70zx22r";
|
||||
sha256 = "1k6xdr4g1p2wjiyizwh33ihw3azbar7kmhyxywcq0whpip9inpmj";
|
||||
};
|
||||
|
||||
installPhase = ''
|
||||
|
@ -61,6 +61,9 @@ in
|
||||
emulateWheel = true;
|
||||
};
|
||||
|
||||
# Conflicts with TLP, but gets enabled by DEs.
|
||||
services.power-profiles-daemon.enable = false;
|
||||
|
||||
services.tlp.enable = true;
|
||||
services.tlp.settings = {
|
||||
START_CHARGE_THRESH_BAT0 = 80;
|
||||
|
@ -18,8 +18,6 @@ with import <stockholm/lib>;
|
||||
|
||||
krebs.htgen.imgur = {
|
||||
port = 7771;
|
||||
script = /* sh */ ''
|
||||
(. ${pkgs.htgen-imgur}/bin/htgen-imgur)
|
||||
'';
|
||||
scriptFile = "${pkgs.htgen-imgur}/bin/htgen-imgur";
|
||||
};
|
||||
}
|
||||
|
@ -32,7 +32,7 @@ stdenv.mkDerivation rec {
|
||||
|
||||
preFixup = ''
|
||||
patchelf --set-interpreter \
|
||||
${stdenv.glibc}/lib/ld-linux-x86-64.so.2 \
|
||||
${pkgs.pkgsi686Linux.glibc}/lib/ld-linux-x86-64.so.2 \
|
||||
$out/lib/utsushi/networkscan
|
||||
|
||||
# libstdc++.so.6
|
||||
|
Loading…
Reference in New Issue
Block a user