summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2015-08-13 11:46:09 +0200
committertv <tv@krebsco.de>2015-08-13 11:50:38 +0200
commit47e8797f9b4715930bb64176d25779f82cfe55d7 (patch)
tree6d8ba297860b32b5678fb56db4c6086178f73c9a
parentec3e450bfda4a7754f24916c7cd4ddd88e1dbbc4 (diff)
{tv 2 => krebs 3}/exim-retiolum
-rw-r--r--tv/1systems/nomic.nix4
-rw-r--r--tv/1systems/wu.nix4
-rw-r--r--tv/2configs/exim-retiolum.nix126
3 files changed, 6 insertions, 128 deletions
diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix
index b9a10cb..896c1ad 100644
--- a/tv/1systems/nomic.nix
+++ b/tv/1systems/nomic.nix
@@ -25,7 +25,6 @@ with lib;
../2configs/AO753.nix
../2configs/base.nix
../2configs/consul-server.nix
- ../2configs/exim-retiolum.nix
../2configs/git.nix
{
tv.iptables = {
@@ -39,6 +38,9 @@ with lib;
};
}
{
+ krebs.exim-retiolum = true;
+ }
+ {
krebs.nginx = {
enable = true;
servers.default.locations = [
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index ae6ef13..a5cbde3 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -29,7 +29,6 @@ in
../2configs/w110er.nix
../2configs/base.nix
../2configs/consul-client.nix
- ../2configs/exim-retiolum.nix
../2configs/git.nix
../2configs/mail-client.nix
../2configs/xserver.nix
@@ -166,6 +165,9 @@ in
};
}
{
+ krebs.exim-retiolum = true;
+ }
+ {
krebs.nginx = {
enable = true;
servers.default.locations = [
diff --git a/tv/2configs/exim-retiolum.nix b/tv/2configs/exim-retiolum.nix
deleted file mode 100644
index 851a0c6..0000000
--- a/tv/2configs/exim-retiolum.nix
+++ /dev/null
@@ -1,126 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- services.exim =
- # This configuration makes only sense for retiolum-enabled hosts.
- # TODO modular configuration
- assert config.krebs.retiolum.enable;
- let
- # TODO get the hostname from config.krebs.retiolum.
- retiolumHostname = "${config.networking.hostName}.retiolum";
- in
- { enable = true;
- config = ''
- primary_hostname = ${retiolumHostname}
- domainlist local_domains = @ : localhost
- domainlist relay_to_domains = *.retiolum
- hostlist relay_from_hosts = <; 127.0.0.1 ; ::1
-
- acl_smtp_rcpt = acl_check_rcpt
- acl_smtp_data = acl_check_data
-
- host_lookup = *
- rfc1413_hosts = *
- rfc1413_query_timeout = 5s
-
- log_file_path = syslog
- syslog_timestamp = false
- syslog_duplication = false
-
- begin acl
-
- acl_check_rcpt:
- accept hosts = :
- control = dkim_disable_verify
-
- deny message = Restricted characters in address
- domains = +local_domains
- local_parts = ^[.] : ^.*[@%!/|]
-
- deny message = Restricted characters in address
- domains = !+local_domains
- local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
-
- accept local_parts = postmaster
- domains = +local_domains
-
- #accept
- # hosts = *.retiolum
- # domains = *.retiolum
- # control = dkim_disable_verify
-
- #require verify = sender
-
- accept hosts = +relay_from_hosts
- control = submission
- control = dkim_disable_verify
-
- accept authenticated = *
- control = submission
- control = dkim_disable_verify
-
- require message = relay not permitted
- domains = +local_domains : +relay_to_domains
-
- require verify = recipient
-
- accept
-
-
- acl_check_data:
- accept
-
-
- begin routers
-
- retiolum:
- driver = manualroute
- domains = ! ${retiolumHostname} : *.retiolum
- transport = remote_smtp
- route_list = ^.* $0 byname
- no_more
-
- nonlocal:
- debug_print = "R: nonlocal for $local_part@$domain"
- driver = redirect
- domains = ! +local_domains
- allow_fail
- data = :fail: Mailing to remote domains not supported
- no_more
-
- local_user:
- # debug_print = "R: local_user for $local_part@$domain"
- driver = accept
- check_local_user
- # local_part_suffix = +* : -*
- # local_part_suffix_optional
- transport = home_maildir
- cannot_route_message = Unknown user
-
-
- begin transports
-
- remote_smtp:
- driver = smtp
-
- home_maildir:
- driver = appendfile
- maildir_format
- directory = $home/Maildir
- directory_mode = 0700
- delivery_date_add
- envelope_to_add
- return_path_add
- # group = mail
- # mode = 0660
-
- begin retry
- *.retiolum * F,42d,1m
- * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
-
- begin rewrite
-
- begin authenticators
- '';
- };
-}