diff options
| author | nin <nineinchnade@gmail.com> | 2017-10-17 21:37:13 +0200 |
|---|---|---|
| committer | nin <nineinchnade@gmail.com> | 2017-10-17 21:37:13 +0200 |
| commit | 10850a202732728f4b95da7208005617606c2062 (patch) | |
| tree | c3d506a70fc715369b42dfc31849c7155f035c6a | |
| parent | 9afe5210f2a44cacac4f3527b6c8b561d9e4296b (diff) | |
| parent | 9af86e7134ae2f134bc93baf5d0332ad2a77f9f9 (diff) | |
Merge remote-tracking branch 'temp/master'
| -rw-r--r-- | krebs/3modules/default.nix | 1 | ||||
| -rw-r--r-- | krebs/3modules/exim-retiolum.nix | 69 | ||||
| -rw-r--r-- | krebs/3modules/exim-smarthost.nix | 45 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/populate/default.nix | 4 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/quote.nix | 13 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/withGetopt.nix | 5 | ||||
| -rw-r--r-- | shell.nix | 24 | ||||
| -rw-r--r-- | tv/5pkgs/simple/xmonad-tv/default.nix | 6 |
8 files changed, 61 insertions, 106 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 48cf7971b..c89f3229d 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -202,6 +202,7 @@ let "kontakt@eloop.org" = eloop-ml; "root@eloop.org" = eloop-ml; "eloop2016@krebsco.de" = eloop-ml; + "eloop2017@krebsco.de" = eloop-ml; "postmaster@krebsco.de" = spam-ml; # RFC 822 "lass@krebsco.de" = lass; "makefu@krebsco.de" = makefu; diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix index ca363c8d7..e08024977 100644 --- a/krebs/3modules/exim-retiolum.nix +++ b/krebs/3modules/exim-retiolum.nix @@ -43,7 +43,6 @@ let primary_hostname = ${cfg.primary_hostname} domainlist local_domains = ${concatStringsSep ":" cfg.local_domains} domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains} - hostlist relay_from_hosts = <; 127.0.0.1 ; ::1 acl_smtp_rcpt = acl_check_rcpt acl_smtp_data = acl_check_data @@ -61,41 +60,15 @@ let begin acl acl_check_rcpt: - accept hosts = : - control = dkim_disable_verify - - deny message = Restricted characters in address - domains = +local_domains - local_parts = ^[.] : ^.*[@%!/|] - - deny message = Restricted characters in address - domains = !+local_domains - local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ - - accept local_parts = postmaster - domains = +local_domains - - #accept - # hosts = *.r - # domains = *.r - # control = dkim_disable_verify - - #require verify = sender - - accept hosts = +relay_from_hosts - control = submission - control = dkim_disable_verify - - accept authenticated = * - control = submission - control = dkim_disable_verify - - require message = relay not permitted - domains = +local_domains : +relay_to_domains - - require verify = recipient + deny + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + message = restricted characters in address accept + domains = +local_domains : +relay_to_domains + + deny + message = relay not permitted acl_check_data: @@ -104,29 +77,19 @@ let begin routers - retiolum: - driver = manualroute - domains = ! +local_domains : +relay_to_domains - transport = remote_smtp - route_list = ^.* $0 byname - no_more - - nonlocal: - debug_print = "R: nonlocal for $local_part@$domain" - driver = redirect - domains = ! +local_domains - allow_fail - data = :fail: Mailing to remote domains not supported - no_more - - local_user: - # debug_print = "R: local_user for $local_part@$domain" + local: driver = accept + domains = +local_domains check_local_user - # local_part_suffix = +* : -* + # local_part_suffix = +* # local_part_suffix_optional transport = home_maildir - cannot_route_message = Unknown user + + remote: + driver = manualroute + domains = +relay_to_domains + transport = remote_smtp + route_list = ^.* $0 byname begin transports diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index dd4a7ccc9..5f93ae937 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -157,39 +157,28 @@ let begin acl acl_check_rcpt: - accept hosts = : - control = dkim_disable_verify + deny + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + message = restricted characters in address - deny message = Restricted characters in address - domains = +local_domains - local_parts = ^[.] : ^.*[@%!/|] - - deny message = Restricted characters in address - domains = !+local_domains - local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ - - accept local_parts = postmaster - domains = +local_domains - - accept hosts = +relay_from_hosts - control = submission - control = dkim_disable_verify - - accept authenticated = * - control = submission - control = dkim_disable_verify - - accept message = relay not permitted 2 - recipients = lsearch*@;${lsearch.internet-aliases} + accept + recipients = lsearch*@;${lsearch.internet-aliases} - require message = relay not permitted - domains = +local_domains : +relay_to_domains + accept + authenticated = * + control = dkim_disable_verify + control = submission - require - message = unknown user - verify = recipient/callout + accept + control = dkim_disable_verify + control = submission + hosts = +relay_from_hosts accept + domains = +local_domains : +relay_to_domains + + deny + message = relay not permitted acl_check_data: diff --git a/krebs/5pkgs/simple/populate/default.nix b/krebs/5pkgs/simple/populate/default.nix index 3989585ab..78ee2f042 100644 --- a/krebs/5pkgs/simple/populate/default.nix +++ b/krebs/5pkgs/simple/populate/default.nix @@ -13,12 +13,12 @@ in stdenv.mkDerivation rec { name = "populate"; - version = "1.2.4"; + version = "1.2.5"; src = fetchgit { url = http://cgit.ni.krebsco.de/populate; rev = "refs/tags/v${version}"; - sha256 = "0az41vaxfwrh9l19z3cbc7in8pylrnyc0xkzk6773xg2nj4g8a28"; + sha256 = "10s4x117zp5whqq991xzw1i2jc1xhl580kx8hhzv8f1b4c9carx1"; }; phases = [ diff --git a/krebs/5pkgs/simple/quote.nix b/krebs/5pkgs/simple/quote.nix new file mode 100644 index 000000000..7731e14bf --- /dev/null +++ b/krebs/5pkgs/simple/quote.nix @@ -0,0 +1,13 @@ +{ jq, writeDashBin }: + +# usage: quote [ARGS...] +writeDashBin "quote" '' + set -efu + prefix= + for x; do + y=$(${jq}/bin/jq -nr --arg x "$x" '$x | @sh "\(.)"') + echo -n "$prefix$y" + prefix=' ' + done + echo +'' diff --git a/krebs/5pkgs/simple/withGetopt.nix b/krebs/5pkgs/simple/withGetopt.nix index 196e6765a..179051bdf 100644 --- a/krebs/5pkgs/simple/withGetopt.nix +++ b/krebs/5pkgs/simple/withGetopt.nix @@ -1,5 +1,5 @@ with import <stockholm/lib>; -{ utillinux, writeDash }: +{ coreutils, quote, utillinux, writeDash }: opt-spec: cmd-spec: let @@ -43,6 +43,9 @@ in writeDash wrapper-name '' unset ${opt.varname} '') opts)} + WITHGETOPT_ORIG_ARGS=$(${quote}/bin/quote "$@") + export WITHGETOPT_ORIG_ARGS + args=$(${utillinux}/bin/getopt \ -l ${shell.escape (concatMapStringsSep "," @@ -20,7 +20,7 @@ let set -efu . ${init.env} - . ${init.proxy opts} + . ${init.proxy "deploy" opts} # Use system's nixos-rebuild, which is not self-contained export PATH=/run/current-system/sw/bin @@ -55,7 +55,7 @@ let # TODO inline prepare.sh? fi - . ${init.proxy opts} + . ${init.proxy "install" opts} # Reset PATH because we need access to nixos-install. # TODO provide nixos-install instead of relying on prepare.sh @@ -93,7 +93,7 @@ let export dummy_secrets=true . ${init.env} - . ${init.proxy opts} + . ${init.proxy "test" opts} exec ${utils.build} config.system.build.toplevel ''); @@ -143,18 +143,6 @@ let ''} ''); - # usage: quote [ARGS...] - cmds.quote = pkgs.writeDash "cmds.quote" '' - set -efu - prefix= - for x; do - y=$(${pkgs.jq}/bin/jq -nr --arg x "$x" '$x | @sh "\(.)"') - echo -n "$prefix$y" - prefix=' ' - done - echo - ''; - init.env = pkgs.writeText "init.env" /* sh */ '' export quiet export system @@ -171,7 +159,7 @@ let export target_local="$(echo $target_object | ${pkgs.jq}/bin/jq -r .local)" ''; - init.proxy = opts: pkgs.writeText "init.proxy" /* sh */ '' + init.proxy = command: opts: pkgs.writeText "init.proxy" /* sh */ '' if \test "''${using_proxy-}" != true; then source=$(get-source "$source_file") @@ -194,7 +182,8 @@ let opts )} \ using_proxy=true \ - $(quote "$0" "$@") + ${lib.shell.escape command} \ + $WITHGETOPT_ORIG_ARGS \ ")" fi fi @@ -243,6 +232,7 @@ in pkgs.stdenv.mkDerivation { fi export PATH=${lib.makeBinPath [ pkgs.populate + pkgs.quote shell.cmdspkg ]} diff --git a/tv/5pkgs/simple/xmonad-tv/default.nix b/tv/5pkgs/simple/xmonad-tv/default.nix index 5ac8f8372..f73175bb1 100644 --- a/tv/5pkgs/simple/xmonad-tv/default.nix +++ b/tv/5pkgs/simple/xmonad-tv/default.nix @@ -80,7 +80,7 @@ mainNoArgs = do , modMask = mod4Mask , keys = myKeys , workspaces = workspaces0 - , layoutHook = smartBorders $ myLayout + , layoutHook = smartBorders $ FixedColumn 1 20 80 10 ||| Full -- , handleEventHook = myHandleEventHooks <+> handleTimerEvent --, handleEventHook = handleTimerEvent , manageHook = placeHook (smart (1,0)) <+> floatNextHook @@ -91,10 +91,6 @@ mainNoArgs = do , focusedBorderColor = "#f000b0" , handleEventHook = handleShutdownEvent } - where - myLayout = - (onWorkspace "im" $ reflectVert $ Mirror $ Tall 1 (3/100) (12/13)) - (FixedColumn 1 20 80 10 ||| Full) xmonad' :: (LayoutClass l Window, Read (l Window)) => XConfig l -> IO () |