summaryrefslogtreecommitdiffstats
path: root/krebs/3modules
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2022-12-07 19:51:04 +0100
committertv <tv@krebsco.de>2022-12-07 19:51:04 +0100
commit9bcce729ef7de715cfcd61dfe1146d126878d48f (patch)
treeeab042a912a41b13ceb58b79f4de167779a427f1 /krebs/3modules
parent9a9b8e56eb6234650a369bbd24d41b8f4c66c78d (diff)
parent2eb33e60b45c2b37d51a57b0fbe4a023861a7429 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'krebs/3modules')
-rw-r--r--krebs/3modules/exim-smarthost.nix33
-rw-r--r--krebs/3modules/ssl.nix21
2 files changed, 2 insertions, 52 deletions
diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix
index 5923b610d..38cc828bb 100644
--- a/krebs/3modules/exim-smarthost.nix
+++ b/krebs/3modules/exim-smarthost.nix
@@ -126,9 +126,8 @@ let
domainlist sender_domains = ${concatStringsSep ":" cfg.sender_domains}
hostlist relay_from_hosts = <;${concatStringsSep ";" cfg.relay_from_hosts}
- acl_smtp_data = acl_check_data
- acl_smtp_mail = acl_check_mail
acl_smtp_rcpt = acl_check_rcpt
+ acl_smtp_data = acl_check_data
never_users = root
@@ -180,36 +179,6 @@ let
accept
- acl_check_mail:
- accept
- sender_domains = +sender_domains
- hosts = +relay_from_hosts
- deny
- spf = fail : softfail
- log_message = spf=$spf_result
- message = SPF validation failed: \
- $sender_host_address is not allowed to send mail from \
- ''${if def:sender_address_domain\
- {$sender_address_domain}\
- {$sender_helo_name}}
- deny
- spf = permerror
- log_message = spf=$spf_result
- message = SPF validation failed: \
- syntax error in SPF record(s) for \
- ''${if def:sender_address_domain\
- {$sender_address_domain}\
- {$sender_helo_name}}
- defer
- spf = temperror
- log_message = spf=$spf_result; deferred
- message = temporary error during SPF validation; \
- please try again later
- warn
- spf = none : neutral
- log_message = spf=$spf_result
- accept
- add_header = $spf_received
begin routers
diff --git a/krebs/3modules/ssl.nix b/krebs/3modules/ssl.nix
index 3a9b5d329..8cbd8dcce 100644
--- a/krebs/3modules/ssl.nix
+++ b/krebs/3modules/ssl.nix
@@ -5,26 +5,7 @@ in {
rootCA = lib.mkOption {
type = lib.types.str;
readOnly = true;
- default = ''
- -----BEGIN CERTIFICATE-----
- MIIC0jCCAjugAwIBAgIJAKeARo6lDD0YMA0GCSqGSIb3DQEBBQUAMIGBMQswCQYD
- VQQGEwJaWjESMBAGA1UECAwJc3RhdGVsZXNzMRAwDgYDVQQKDAdLcmVic2NvMQsw
- CQYDVQQLDAJLTTEWMBQGA1UEAwwNS3JlYnMgUm9vdCBDQTEnMCUGCSqGSIb3DQEJ
- ARYYcm9vdC1jYUBzeW50YXgtZmVobGVyLmRlMB4XDTE0MDYxMTA4NTMwNloXDTM5
- MDIwMTA4NTMwNlowgYExCzAJBgNVBAYTAlpaMRIwEAYDVQQIDAlzdGF0ZWxlc3Mx
- EDAOBgNVBAoMB0tyZWJzY28xCzAJBgNVBAsMAktNMRYwFAYDVQQDDA1LcmVicyBS
- b290IENBMScwJQYJKoZIhvcNAQkBFhhyb290LWNhQHN5bnRheC1mZWhsZXIuZGUw
- gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMs/WNyeQziccllLqom7bfCjlh6/
- /qx9p6UOqpw96YOOT3sh/mNSBLyNxIUJbWsU7dN5hT7HkR7GwzpfKDtudd9qiZeU
- QNYQ+OL0HdOnApjdPqdspZfKxKTXyC1T1vJlaODsM1RBrjLK9RUcQZeNhgg3iM9B
- HptOCrMI2fjCdZuVAgMBAAGjUDBOMB0GA1UdDgQWBBSKeq01+rAwp7yAXwzlwZBo
- 3EGVLzAfBgNVHSMEGDAWgBSKeq01+rAwp7yAXwzlwZBo3EGVLzAMBgNVHRMEBTAD
- AQH/MA0GCSqGSIb3DQEBBQUAA4GBAIWIffZuQ43ddY2/ZnjAxPCRpM3AjoKIwEj9
- GZuLJJ1sB9+/PAPmRrpmUniRkPLD4gtmolDVuoLDNAT9os7/v90yg5dOuga33Ese
- 725musUbhEoQE1A1oVHrexBs2sQOplxHKsVXoYJp2/trQdqvaNaEKc3EeVnzFC63
- 80WiO952
- -----END CERTIFICATE-----
- '';
+ default = builtins.readFile ../6assets/krebsRootCA.crt;
};
intermediateCA = lib.mkOption {
type = lib.types.str;