summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authornin <nineinchnade@gmail.com>2017-10-17 21:37:13 +0200
committernin <nineinchnade@gmail.com>2017-10-17 21:37:13 +0200
commit10850a202732728f4b95da7208005617606c2062 (patch)
treec3d506a70fc715369b42dfc31849c7155f035c6a
parent9afe5210f2a44cacac4f3527b6c8b561d9e4296b (diff)
parent9af86e7134ae2f134bc93baf5d0332ad2a77f9f9 (diff)
Merge remote-tracking branch 'temp/master'
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/exim-retiolum.nix69
-rw-r--r--krebs/3modules/exim-smarthost.nix45
-rw-r--r--krebs/5pkgs/simple/populate/default.nix4
-rw-r--r--krebs/5pkgs/simple/quote.nix13
-rw-r--r--krebs/5pkgs/simple/withGetopt.nix5
-rw-r--r--shell.nix24
-rw-r--r--tv/5pkgs/simple/xmonad-tv/default.nix6
8 files changed, 61 insertions, 106 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 48cf7971b..c89f3229d 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -202,6 +202,7 @@ let
"kontakt@eloop.org" = eloop-ml;
"root@eloop.org" = eloop-ml;
"eloop2016@krebsco.de" = eloop-ml;
+ "eloop2017@krebsco.de" = eloop-ml;
"postmaster@krebsco.de" = spam-ml; # RFC 822
"lass@krebsco.de" = lass;
"makefu@krebsco.de" = makefu;
diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix
index ca363c8d7..e08024977 100644
--- a/krebs/3modules/exim-retiolum.nix
+++ b/krebs/3modules/exim-retiolum.nix
@@ -43,7 +43,6 @@ let
primary_hostname = ${cfg.primary_hostname}
domainlist local_domains = ${concatStringsSep ":" cfg.local_domains}
domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains}
- hostlist relay_from_hosts = <; 127.0.0.1 ; ::1
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
@@ -61,41 +60,15 @@ let
begin acl
acl_check_rcpt:
- accept hosts = :
- control = dkim_disable_verify
-
- deny message = Restricted characters in address
- domains = +local_domains
- local_parts = ^[.] : ^.*[@%!/|]
-
- deny message = Restricted characters in address
- domains = !+local_domains
- local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
-
- accept local_parts = postmaster
- domains = +local_domains
-
- #accept
- # hosts = *.r
- # domains = *.r
- # control = dkim_disable_verify
-
- #require verify = sender
-
- accept hosts = +relay_from_hosts
- control = submission
- control = dkim_disable_verify
-
- accept authenticated = *
- control = submission
- control = dkim_disable_verify
-
- require message = relay not permitted
- domains = +local_domains : +relay_to_domains
-
- require verify = recipient
+ deny
+ local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
+ message = restricted characters in address
accept
+ domains = +local_domains : +relay_to_domains
+
+ deny
+ message = relay not permitted
acl_check_data:
@@ -104,29 +77,19 @@ let
begin routers
- retiolum:
- driver = manualroute
- domains = ! +local_domains : +relay_to_domains
- transport = remote_smtp
- route_list = ^.* $0 byname
- no_more
-
- nonlocal:
- debug_print = "R: nonlocal for $local_part@$domain"
- driver = redirect
- domains = ! +local_domains
- allow_fail
- data = :fail: Mailing to remote domains not supported
- no_more
-
- local_user:
- # debug_print = "R: local_user for $local_part@$domain"
+ local:
driver = accept
+ domains = +local_domains
check_local_user
- # local_part_suffix = +* : -*
+ # local_part_suffix = +*
# local_part_suffix_optional
transport = home_maildir
- cannot_route_message = Unknown user
+
+ remote:
+ driver = manualroute
+ domains = +relay_to_domains
+ transport = remote_smtp
+ route_list = ^.* $0 byname
begin transports
diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix
index dd4a7ccc9..5f93ae937 100644
--- a/krebs/3modules/exim-smarthost.nix
+++ b/krebs/3modules/exim-smarthost.nix
@@ -157,39 +157,28 @@ let
begin acl
acl_check_rcpt:
- accept hosts = :
- control = dkim_disable_verify
+ deny
+ local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
+ message = restricted characters in address
- deny message = Restricted characters in address
- domains = +local_domains
- local_parts = ^[.] : ^.*[@%!/|]
-
- deny message = Restricted characters in address
- domains = !+local_domains
- local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
-
- accept local_parts = postmaster
- domains = +local_domains
-
- accept hosts = +relay_from_hosts
- control = submission
- control = dkim_disable_verify
-
- accept authenticated = *
- control = submission
- control = dkim_disable_verify
-
- accept message = relay not permitted 2
- recipients = lsearch*@;${lsearch.internet-aliases}
+ accept
+ recipients = lsearch*@;${lsearch.internet-aliases}
- require message = relay not permitted
- domains = +local_domains : +relay_to_domains
+ accept
+ authenticated = *
+ control = dkim_disable_verify
+ control = submission
- require
- message = unknown user
- verify = recipient/callout
+ accept
+ control = dkim_disable_verify
+ control = submission
+ hosts = +relay_from_hosts
accept
+ domains = +local_domains : +relay_to_domains
+
+ deny
+ message = relay not permitted
acl_check_data:
diff --git a/krebs/5pkgs/simple/populate/default.nix b/krebs/5pkgs/simple/populate/default.nix
index 3989585ab..78ee2f042 100644
--- a/krebs/5pkgs/simple/populate/default.nix
+++ b/krebs/5pkgs/simple/populate/default.nix
@@ -13,12 +13,12 @@ in
stdenv.mkDerivation rec {
name = "populate";
- version = "1.2.4";
+ version = "1.2.5";
src = fetchgit {
url = http://cgit.ni.krebsco.de/populate;
rev = "refs/tags/v${version}";
- sha256 = "0az41vaxfwrh9l19z3cbc7in8pylrnyc0xkzk6773xg2nj4g8a28";
+ sha256 = "10s4x117zp5whqq991xzw1i2jc1xhl580kx8hhzv8f1b4c9carx1";
};
phases = [
diff --git a/krebs/5pkgs/simple/quote.nix b/krebs/5pkgs/simple/quote.nix
new file mode 100644
index 000000000..7731e14bf
--- /dev/null
+++ b/krebs/5pkgs/simple/quote.nix
@@ -0,0 +1,13 @@
+{ jq, writeDashBin }:
+
+# usage: quote [ARGS...]
+writeDashBin "quote" ''
+ set -efu
+ prefix=
+ for x; do
+ y=$(${jq}/bin/jq -nr --arg x "$x" '$x | @sh "\(.)"')
+ echo -n "$prefix$y"
+ prefix=' '
+ done
+ echo
+''
diff --git a/krebs/5pkgs/simple/withGetopt.nix b/krebs/5pkgs/simple/withGetopt.nix
index 196e6765a..179051bdf 100644
--- a/krebs/5pkgs/simple/withGetopt.nix
+++ b/krebs/5pkgs/simple/withGetopt.nix
@@ -1,5 +1,5 @@
with import <stockholm/lib>;
-{ utillinux, writeDash }:
+{ coreutils, quote, utillinux, writeDash }:
opt-spec: cmd-spec: let
@@ -43,6 +43,9 @@ in writeDash wrapper-name ''
unset ${opt.varname}
'') opts)}
+ WITHGETOPT_ORIG_ARGS=$(${quote}/bin/quote "$@")
+ export WITHGETOPT_ORIG_ARGS
+
args=$(${utillinux}/bin/getopt \
-l ${shell.escape
(concatMapStringsSep ","
diff --git a/shell.nix b/shell.nix
index c9b197a26..53b0f964a 100644
--- a/shell.nix
+++ b/shell.nix
@@ -20,7 +20,7 @@ let
set -efu
. ${init.env}
- . ${init.proxy opts}
+ . ${init.proxy "deploy" opts}
# Use system's nixos-rebuild, which is not self-contained
export PATH=/run/current-system/sw/bin
@@ -55,7 +55,7 @@ let
# TODO inline prepare.sh?
fi
- . ${init.proxy opts}
+ . ${init.proxy "install" opts}
# Reset PATH because we need access to nixos-install.
# TODO provide nixos-install instead of relying on prepare.sh
@@ -93,7 +93,7 @@ let
export dummy_secrets=true
. ${init.env}
- . ${init.proxy opts}
+ . ${init.proxy "test" opts}
exec ${utils.build} config.system.build.toplevel
'');
@@ -143,18 +143,6 @@ let
''}
'');
- # usage: quote [ARGS...]
- cmds.quote = pkgs.writeDash "cmds.quote" ''
- set -efu
- prefix=
- for x; do
- y=$(${pkgs.jq}/bin/jq -nr --arg x "$x" '$x | @sh "\(.)"')
- echo -n "$prefix$y"
- prefix=' '
- done
- echo
- '';
-
init.env = pkgs.writeText "init.env" /* sh */ ''
export quiet
export system
@@ -171,7 +159,7 @@ let
export target_local="$(echo $target_object | ${pkgs.jq}/bin/jq -r .local)"
'';
- init.proxy = opts: pkgs.writeText "init.proxy" /* sh */ ''
+ init.proxy = command: opts: pkgs.writeText "init.proxy" /* sh */ ''
if \test "''${using_proxy-}" != true; then
source=$(get-source "$source_file")
@@ -194,7 +182,8 @@ let
opts
)} \
using_proxy=true \
- $(quote "$0" "$@")
+ ${lib.shell.escape command} \
+ $WITHGETOPT_ORIG_ARGS \
")"
fi
fi
@@ -243,6 +232,7 @@ in pkgs.stdenv.mkDerivation {
fi
export PATH=${lib.makeBinPath [
pkgs.populate
+ pkgs.quote
shell.cmdspkg
]}
diff --git a/tv/5pkgs/simple/xmonad-tv/default.nix b/tv/5pkgs/simple/xmonad-tv/default.nix
index 5ac8f8372..f73175bb1 100644
--- a/tv/5pkgs/simple/xmonad-tv/default.nix
+++ b/tv/5pkgs/simple/xmonad-tv/default.nix
@@ -80,7 +80,7 @@ mainNoArgs = do
, modMask = mod4Mask
, keys = myKeys
, workspaces = workspaces0
- , layoutHook = smartBorders $ myLayout
+ , layoutHook = smartBorders $ FixedColumn 1 20 80 10 ||| Full
-- , handleEventHook = myHandleEventHooks <+> handleTimerEvent
--, handleEventHook = handleTimerEvent
, manageHook = placeHook (smart (1,0)) <+> floatNextHook
@@ -91,10 +91,6 @@ mainNoArgs = do
, focusedBorderColor = "#f000b0"
, handleEventHook = handleShutdownEvent
}
- where
- myLayout =
- (onWorkspace "im" $ reflectVert $ Mirror $ Tall 1 (3/100) (12/13))
- (FixedColumn 1 20 80 10 ||| Full)
xmonad' :: (LayoutClass l Window, Read (l Window)) => XConfig l -> IO ()