summaryrefslogtreecommitdiffstats
path: root/2configs
diff options
context:
space:
mode:
Diffstat (limited to '2configs')
-rw-r--r--2configs/tv/AO753.nix39
-rw-r--r--2configs/tv/CAC-CentOS-7-64bit.nix47
-rw-r--r--2configs/tv/CAC-Developer-1.nix6
-rw-r--r--2configs/tv/CAC-Developer-2.nix6
-rw-r--r--2configs/tv/base.nix175
-rw-r--r--2configs/tv/consul-client.nix9
-rw-r--r--2configs/tv/consul-server.nix22
-rw-r--r--2configs/tv/cryptoroot.nix4
-rw-r--r--2configs/tv/exim-retiolum.nix126
-rw-r--r--2configs/tv/exim-smarthost.nix474
-rw-r--r--2configs/tv/git-public.nix83
-rw-r--r--2configs/tv/smartd.nix17
-rw-r--r--2configs/tv/synaptics.nix14
-rw-r--r--2configs/tv/urxvt.nix24
-rw-r--r--2configs/tv/w110er.nix42
-rw-r--r--2configs/tv/xserver.nix41
16 files changed, 1129 insertions, 0 deletions
diff --git a/2configs/tv/AO753.nix b/2configs/tv/AO753.nix
new file mode 100644
index 000000000..70eae1786
--- /dev/null
+++ b/2configs/tv/AO753.nix
@@ -0,0 +1,39 @@
+{ config, pkgs, ... }:
+
+{
+ imports = [
+ ../../2configs/tv/smartd.nix
+ ];
+
+ boot.loader.grub = {
+ device = "/dev/sda";
+ splashImage = null;
+ };
+
+ boot.initrd.availableKernelModules = [
+ "ahci"
+ ];
+
+ boot.kernelModules = [
+ "kvm-intel"
+ "wl"
+ ];
+
+ boot.extraModulePackages = [
+ config.boot.kernelPackages.broadcom_sta
+ ];
+
+ networking.wireless.enable = true;
+
+ services.logind.extraConfig = ''
+ HandleHibernateKey=ignore
+ HandleLidSwitch=ignore
+ HandlePowerKey=ignore
+ HandleSuspendKey=ignore
+ '';
+
+ nixpkgs.config = {
+ allowUnfree = false;
+ allowUnfreePredicate = (x: pkgs.lib.hasPrefix "broadcom-sta-" x.name);
+ };
+}
diff --git a/2configs/tv/CAC-CentOS-7-64bit.nix b/2configs/tv/CAC-CentOS-7-64bit.nix
new file mode 100644
index 000000000..95c6e815c
--- /dev/null
+++ b/2configs/tv/CAC-CentOS-7-64bit.nix
@@ -0,0 +1,47 @@
+_:
+
+{
+ boot.loader.grub = {
+ device = "/dev/sda";
+ splashImage = null;
+ };
+
+ boot.initrd.availableKernelModules = [
+ "ata_piix"
+ "vmw_pvscsi"
+ ];
+
+ fileSystems."/" = {
+ device = "/dev/centos/root";
+ fsType = "xfs";
+ };
+
+ fileSystems."/boot" = {
+ device = "/dev/sda1";
+ fsType = "xfs";
+ };
+
+ swapDevices = [
+ { device = "/dev/centos/swap"; }
+ ];
+
+ users.extraGroups = {
+ # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
+ # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
+ # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago
+ # Docs: man:tmpfiles.d(5)
+ # man:systemd-tmpfiles(8)
+ # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE)
+ # Main PID: 19272 (code=exited, status=1/FAILURE)
+ #
+ # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'.
+ # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring.
+ # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring.
+ # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE
+ # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories.
+ # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state.
+ # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed.
+ # warning: error(s) occured while switching to the new configuration
+ lock.gid = 10001;
+ };
+}
diff --git a/2configs/tv/CAC-Developer-1.nix b/2configs/tv/CAC-Developer-1.nix
new file mode 100644
index 000000000..37bc32afb
--- /dev/null
+++ b/2configs/tv/CAC-Developer-1.nix
@@ -0,0 +1,6 @@
+_:
+
+{
+ nix.maxJobs = 1;
+ sound.enable = false;
+}
diff --git a/2configs/tv/CAC-Developer-2.nix b/2configs/tv/CAC-Developer-2.nix
new file mode 100644
index 000000000..fedb808df
--- /dev/null
+++ b/2configs/tv/CAC-Developer-2.nix
@@ -0,0 +1,6 @@
+_:
+
+{
+ nix.maxJobs = 2;
+ sound.enable = false;
+}
diff --git a/2configs/tv/base.nix b/2configs/tv/base.nix
new file mode 100644
index 000000000..f91e5bc50
--- /dev/null
+++ b/2configs/tv/base.nix
@@ -0,0 +1,175 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+ # "7.4.335" -> "74"
+ majmin = x: concatStrings (take 2 (splitString "." x));
+in
+
+{
+ imports = [
+ {
+ users.extraUsers =
+ mapAttrs (_: h: { hashedPassword = h; })
+ (import /root/src/secrets/hashedPasswords.nix);
+ }
+ {
+ users.defaultUserShell = "/run/current-system/sw/bin/bash";
+ users.mutableUsers = false;
+ }
+ {
+ users.extraUsers = {
+ root = {
+ openssh.authorizedKeys.keys = map readFile [
+ ../../Zpubkeys/tv_wu.ssh.pub
+ ];
+ };
+ tv = {
+ uid = 1337;
+ group = "users";
+ home = "/home/tv";
+ createHome = true;
+ useDefaultShell = true;
+ extraGroups = [
+ "audio"
+ "video"
+ "wheel"
+ ];
+ openssh.authorizedKeys.keys = map readFile [
+ ../../Zpubkeys/tv_wu.ssh.pub
+ ];
+ };
+ };
+ }
+ {
+ security.sudo.extraConfig = ''
+ Defaults mailto="tv@wu.retiolum"
+ '';
+ time.timeZone = "Europe/Berlin";
+ }
+ {
+ # TODO check if both are required:
+ nix.chrootDirs = [ "/etc/protocols" pkgs.iana_etc.outPath ];
+
+ nix.trustedBinaryCaches = [
+ "https://cache.nixos.org"
+ "http://cache.nixos.org"
+ "http://hydra.nixos.org"
+ ];
+
+ nix.useChroot = true;
+ }
+
+ {
+ environment.systemPackages = with pkgs; [
+ vim
+ ];
+
+ environment.etc."vim/vimrc".text = ''
+ set nocp
+ '';
+
+ environment.etc."vim/vim${majmin pkgs.vim.version}".source =
+ "${pkgs.vim}/share/vim/vim${majmin pkgs.vim.version}";
+
+ # multiple-definition-problem when defining environment.variables.EDITOR
+ environment.extraInit = ''
+ EDITOR=vim
+ '';
+
+ environment.shellAliases = {
+ # alias cal='cal -m3'
+ gp = "${pkgs.pari}/bin/gp -q";
+ df = "df -h";
+ du = "du -h";
+ # alias grep='grep --color=auto'
+
+ # TODO alias cannot contain #\'
+ # "ps?" = "ps ax | head -n 1;ps ax | fgrep -v ' grep --color=auto ' | grep";
+
+ # alias la='ls -lA'
+ lAtr = "ls -lAtr";
+ # alias ll='ls -l'
+ ls = "ls -h --color=auto --group-directories-first";
+ # alias vim='vim -p'
+ # alias vi='vim'
+ # alias view='vim -R'
+ dmesg = "dmesg -L --reltime";
+ };
+
+ environment.variables.VIM = "/etc/vim";
+
+ programs.bash = {
+ interactiveShellInit = ''
+ HISTCONTROL='erasedups:ignorespace'
+ HISTSIZE=65536
+ HISTFILESIZE=$HISTSIZE
+
+ shopt -s checkhash
+ shopt -s histappend histreedit histverify
+ shopt -s no_empty_cmd_completion
+ complete -d cd
+
+ # TODO source bridge
+ '';
+ promptInit = ''
+ case $UID in
+ 0)
+ PS1='\[\e[1;31m\]\w\[\e[0m\] '
+ ;;
+ 1337)
+ PS1='\[\e[1;32m\]\w\[\e[0m\] '
+ ;;
+ *)
+ PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] '
+ ;;
+ esac
+ if test -n "$SSH_CLIENT"; then
+ PS1='\[\e[35m\]\h'" $PS1"
+ fi
+ if test -n "$SSH_AGENT_PID"; then
+ PS1="ssh-agent[$SSH_AGENT_PID] $PS1"
+ fi
+ '';
+ };
+
+ programs.ssh.startAgent = false;
+ }
+
+ {
+ nixpkgs.config.packageOverrides = pkgs:
+ {
+ nano = pkgs.runCommand "empty" {} "mkdir -p $out";
+ };
+
+ services.cron.enable = false;
+ services.nscd.enable = false;
+ services.ntp.enable = false;
+ }
+
+ {
+ boot.kernel.sysctl = {
+ # Enable IPv6 Privacy Extensions
+ "net.ipv6.conf.all.use_tempaddr" = 2;
+ "net.ipv6.conf.default.use_tempaddr" = 2;
+ };
+ }
+
+ {
+ services.openssh = {
+ enable = true;
+ hostKeys = [
+ { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
+ ];
+ };
+ }
+
+ {
+ # TODO: exim
+ security.setuidPrograms = [
+ "sendmail" # for sudo
+ ];
+ }
+ ];
+}
diff --git a/2configs/tv/consul-client.nix b/2configs/tv/consul-client.nix
new file mode 100644
index 000000000..0a8bf4d75
--- /dev/null
+++ b/2configs/tv/consul-client.nix
@@ -0,0 +1,9 @@
+{ pkgs, ... }:
+
+{
+ imports = [ ./consul-server.nix ];
+
+ tv.consul = {
+ server = pkgs.lib.mkForce false;
+ };
+}
diff --git a/2configs/tv/consul-server.nix b/2configs/tv/consul-server.nix
new file mode 100644
index 000000000..1c8dcb884
--- /dev/null
+++ b/2configs/tv/consul-server.nix
@@ -0,0 +1,22 @@
+{ config, ... }:
+
+{
+ imports = [ ../../3modules/tv/consul.nix ];
+ tv.consul = rec {
+ enable = true;
+
+ inherit (config.tv.identity) self;
+ inherit (self) dc;
+
+ server = true;
+
+ hosts = with config.tv.identity.hosts; [
+ # TODO get this list automatically from each host where tv.consul.enable is true
+ cd
+ mkdir
+ nomic
+ rmdir
+ #wu
+ ];
+ };
+}
diff --git a/2configs/tv/cryptoroot.nix b/2configs/tv/cryptoroot.nix
new file mode 100644
index 000000000..04618ac4a
--- /dev/null
+++ b/2configs/tv/cryptoroot.nix
@@ -0,0 +1,4 @@
+{ ... }:
+
+{
+}
diff --git a/2configs/tv/exim-retiolum.nix b/2configs/tv/exim-retiolum.nix
new file mode 100644
index 000000000..efab5cf32
--- /dev/null
+++ b/2configs/tv/exim-retiolum.nix
@@ -0,0 +1,126 @@
+{ config, pkgs, ... }:
+
+{
+ services.exim =
+ # This configuration makes only sense for retiolum-enabled hosts.
+ # TODO modular configuration
+ assert config.tv.retiolum.enable;
+ let
+ # TODO get the hostname from config.tv.retiolum.
+ retiolumHostname = "${config.networking.hostName}.retiolum";
+ in
+ { enable = true;
+ config = ''
+ primary_hostname = ${retiolumHostname}
+ domainlist local_domains = @ : localhost
+ domainlist relay_to_domains = *.retiolum
+ hostlist relay_from_hosts = <; 127.0.0.1 ; ::1
+
+ acl_smtp_rcpt = acl_check_rcpt
+ acl_smtp_data = acl_check_data
+
+ host_lookup = *
+ rfc1413_hosts = *
+ rfc1413_query_timeout = 5s
+
+ log_file_path = syslog
+ syslog_timestamp = false
+ syslog_duplication = false
+
+ begin acl
+
+ acl_check_rcpt:
+ accept hosts = :
+ control = dkim_disable_verify
+
+ deny message = Restricted characters in address
+ domains = +local_domains
+ local_parts = ^[.] : ^.*[@%!/|]
+
+ deny message = Restricted characters in address
+ domains = !+local_domains
+ local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
+
+ accept local_parts = postmaster
+ domains = +local_domains
+
+ #accept
+ # hosts = *.retiolum
+ # domains = *.retiolum
+ # control = dkim_disable_verify
+
+ #require verify = sender
+
+ accept hosts = +relay_from_hosts
+ control = submission
+ control = dkim_disable_verify
+
+ accept authenticated = *
+ control = submission
+ control = dkim_disable_verify
+
+ require message = relay not permitted
+ domains = +local_domains : +relay_to_domains
+
+ require verify = recipient
+
+ accept
+
+
+ acl_check_data:
+ accept
+
+
+ begin routers
+
+ retiolum:
+ driver = manualroute
+ domains = ! ${retiolumHostname} : *.retiolum
+ transport = remote_smtp
+ route_list = ^.* $0 byname
+ no_more
+
+ nonlocal:
+ debug_print = "R: nonlocal for $local_part@$domain"
+ driver = redirect
+ domains = ! +local_domains
+ allow_fail
+ data = :fail: Mailing to remote domains not supported
+ no_more
+
+ local_user:
+ # debug_print = "R: local_user for $local_part@$domain"
+ driver = accept
+ check_local_user
+ # local_part_suffix = +* : -*
+ # local_part_suffix_optional
+ transport = home_maildir
+ cannot_route_message = Unknown user
+
+
+ begin transports
+
+ remote_smtp:
+ driver = smtp
+
+ home_maildir:
+ driver = appendfile
+ maildir_format
+ directory = $home/Maildir
+ directory_mode = 0700
+ delivery_date_add
+ envelope_to_add
+ return_path_add
+ # group = mail
+ # mode = 0660
+
+ begin retry
+ *.retiolum * F,42d,1m
+ * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
+
+ begin rewrite
+
+ begin authenticators
+ '';
+ };
+}
diff --git a/2configs/tv/exim-smarthost.nix b/2configs/tv/exim-smarthost.nix
new file mode 100644
index 000000000..a4c47b399
--- /dev/null
+++ b/2configs/tv/exim-smarthost.nix
@@ -0,0 +1,474 @@
+{ config, pkgs, ... }:
+
+let
+ inherit (builtins) toFile;
+ inherit (pkgs.lib.attrsets) mapAttrs;
+ inherit (pkgs.lib.strings) concatMapStringsSep;
+in
+
+{
+ services.exim =
+ let
+ retiolumHostname = "${config.networking.hostName}.retiolum";
+
+ internet-aliases = [
+ { from = "tomislav@viljetic.de"; to = "tv@wu.retiolum"; }
+
+ # (mindestens) lisp-stammtisch und elli haben die:
+ { from = "tv@viljetic.de"; to = "tv@wu.retiolum"; }
+
+ { from = "tv@destroy.dyn.shackspace.de"; to = "tv@wu.retiolum"; }
+
+ { from = "mirko@viljetic.de"; to = "mv@cd.retiolum"; }
+
+ # TODO killme (wo wird die benutzt?)
+ { from = "tv@cd.retiolum"; to = "tv@wu.retiolum"; }
+
+ { from = "postmaster@krebsco.de"; to = "tv@wu.retiolum"; }
+ ];
+
+ system-aliases = [
+ { from = "mailer-daemon"; to = "postmaster"; }
+ { from = "postmaster"; to = "root"; }
+ { from = "nobody"; to = "root"; }
+ { from = "hostmaster"; to = "root"; }
+ { from = "usenet"; to = "root"; }
+ { from = "news"; to = "root"; }
+ { from = "webmaster"; to = "root"; }
+ { from = "www"; to = "root"; }
+ { from = "ftp"; to = "root"; }
+ { from = "abuse"; to = "root"; }
+ { from = "noc"; to = "root"; }
+ { from = "security"; to = "root"; }
+ { from = "root"; to = "tv"; }
+ { from = "mirko"; to = "mv"; }
+ ];
+
+ to-lsearch = concatMapStringsSep "\n" ({ from, to }: "${from}: ${to}");
+ lsearch =
+ mapAttrs (name: set: toFile name (to-lsearch set)) {
+ inherit internet-aliases;
+ inherit system-aliases;
+ };
+ in
+ {
+ enable = true;
+ config =
+ ''
+ primary_hostname = ${retiolumHostname}
+
+ # HOST_REDIR contains the real destinations for "local_domains".
+ #HOST_REDIR = /etc/exim4/host_redirect
+
+
+ # Domains not listed in local_domains need to be deliverable remotely.
+ # XXX We abuse local_domains to mean "domains, we're the gateway for".
+ domainlist local_domains = @ : localhost
+ #: viljetic.de : SHACK_REDIR_HOSTNAME
+ domainlist relay_to_domains =
+ hostlist relay_from_hosts = <; 127.0.0.1 ; ::1 ; 10.243.13.37
+
+ acl_smtp_rcpt = acl_check_rcpt
+ acl_smtp_data = acl_check_data
+
+ # av_scanner = clamd:/tmp/clamd
+ # spamd_address = 127.0.0.1 783
+
+ # tls_advertise_hosts = *
+ # tls_certificate = /etc/ssl/exim.crt
+ # tls_privatekey = /etc/ssl/exim.pem
+ # (debian) tls_verify_certificates (to check client certs)
+
+ # daemon_smtp_ports = 25 : 465 : 587
+ # tls_on_connect_ports = 465
+
+ # qualify_domain defaults to primary_hostname
+ # qualify_recipient defaults to qualify_domain
+
+ # allow_domain_literals
+
+ never_users = root
+
+ host_lookup = *
+
+ # ident callbacks for all incoming SMTP calls
+ rfc1413_hosts = *
+ rfc1413_query_timeout = 5s
+
+ # sender_unqualified_hosts =
+ # recipient_unqualified_hosts =
+
+ # percent_hack_domains =
+
+ # arch & debian
+ #ignore_bounce_errors_after = 2d
+ #timeout_frozen_after = 7d
+ # debian
+ #smtp_banner = $smtp_active_hostname ESMTP Exim $version_number $tod_full
+ #freeze_tell = postmaster
+ #trusted_users = uucp
+ # arch
+ #split_spool_directory = true
+
+ log_selector = -queue_run +address_rewrite +all_parents +queue_time
+ log_file_path = syslog
+ syslog_timestamp = false
+ syslog_duplication = false
+
+ begin acl
+
+ acl_check_rcpt:
+ # Accept if the source is local SMTP (i.e. not over TCP/IP).
+ # We do this by testing for an empty sending host field.
+ accept hosts = :
+ # arch & debian:
+ control = dkim_disable_verify
+
+ deny message = Restricted characters in address
+ domains = +local_domains
+ local_parts = ^[.] : ^.*[@%!/|]
+
+ deny message = Restricted characters in address
+ domains = !+local_domains
+ local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
+
+ accept local_parts = postmaster
+ domains = +local_domains
+
+ ## feature RETIOLUM_MAIL
+ #accept
+ # hosts = *.retiolum
+ # domains = *.retiolum
+ # control = dkim_disable_verify
+
+ #require verify = sender
+
+ accept hosts = +relay_from_hosts
+ control = submission
+ # debian: control = submission/sender_retain
+ # arch & debian:
+ control = dkim_disable_verify
+
+ accept authenticated = *
+ control = submission
+ control = dkim_disable_verify
+
+ accept message = relay not permitted 2
+ recipients = lsearch;${lsearch.internet-aliases}
+
+ require message = relay not permitted
+ domains = +local_domains : +relay_to_domains
+
+ require
+ message = unknown user
+ verify = recipient/callout
+
+ # deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
+ # dnslists = black.list.example
+ #
+ # warn dnslists = black.list.example
+ # add_header = X-Warning: $sender_host_address is in a black list at $dnslist_domain
+ # log_message = found in $dnslist_domain
+
+ # Client SMTP Authorization (csa) checks on the sending host.
+ # Such checks do DNS lookups for special SRV records.
+ # require verify = csa
+
+ accept
+
+
+ acl_check_data:
+ # see av_scanner
+ #deny malware = *
+ # message = This message contains a virus ($malware_name).
+
+ # Add headers to a message if it is judged to be spam. Before enabling this,
+ # you must install SpamAssassin. You may also need to set the spamd_address
+ # option above.
+ #
+ # warn spam = nobody
+ # add_header = X-Spam_score: $spam_score\n\
+ # X-Spam_score_int: $spam_score_int\n\
+ # X-Spam_bar: $spam_bar\n\
+ # X-Spam_report: $spam_report
+
+ # feature HELO_REWRITE
+ # XXX note that the public ip (162.219.5.183) resolves to viljetic.de
+ warn
+ sender_domains = viljetic.de : shackspace.de
+ set acl_m_special_dom = $sender_address_domain
+
+ accept
+
+
+ begin routers
+
+ # feature RETIOLUM_MAIL
+ retiolum:
+ debug_print = "R: retiolum for $local_part@$domain"
+ driver = manualroute
+ domains = ! ${retiolumHostname} : *.retiolum
+ transport = retiolum_smtp
+ route_list = ^.* $0 byname
+ no_more
+
+ internet_aliases:
+ debug_print = "R: internet_aliases for $local_part@$domain"
+ driver = redirect
+ data = ''${lookup{$local_part@$domain}lsearch{${lsearch.internet-aliases}}}
+
+ dnslookup:
+ debug_print = "R: dnslookup for $local_part@$domain"
+ driver = dnslookup
+ domains = ! +local_domains
+ transport = remote_smtp
+ ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
+ # if ipv6-enabled then instead use:
+ # ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1
+
+ # (debian) same_domain_copy_routing = yes
+ # (debian) ignore private rfc1918 and APIPA addresses
+ # (debian) ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
+ # 172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16 :\
+ # 255.255.255.255
+
+ # Fail and bounce if the router does not find the domain in the DNS.
+ # I.e. no more routers are tried.
+ # There are a few cases where a dnslookup router will decline to accept an
+ # address; if such a router is expected to handle "all remaining non-local
+ # domains", then it is important to set no_more.
+ no_more
+
+ # XXX this is only used because these "well known aliases" goto tv@cd.retiolum
+ # TODO bounce everything, there is no @cd.retiolum
+ system_aliases:
+ debug_print = "R: system_aliases for $local_part@$domain"
+ driver = redirect
+ data = ''${lookup{$local_part}lsearch{${lsearch.system-aliases}}}
+
+ # TODO this is only b/c mv here... send mv's mails somewhere else...
+ local_user:
+ debug_print = "R: local_user for $local_part@$domain"
+ driver = accept
+ check_local_user
+ # local_part_suffix = +* : -*
+ # local_part_suffix_optional
+ transport = home_maildir
+ cannot_route_message = Unknown user
+
+ begin transports
+
+ retiolum_smtp:
+ driver = smtp
+ retry_include_ip_address = false
+ # serialize_hosts = TODO-all-slow-hosts
+
+ remote_smtp:
+ driver = smtp
+ # debian has also stuff for tls, headers_rewrite and more here
+
+ # feature HELO_REWRITE
+ # XXX note that the public ip (162.219.5.183) resolves to viljetic.de
+ helo_data = ''${if eq{$acl_m_special_dom}{} \
+ {$primary_hostname} \
+ {$acl_m_special_dom} }
+
+ home_maildir:
+ driver = appendfile
+ maildir_format
+ maildir_use_size_file
+ directory = $home/Mail
+ directory_mode = 0700
+ delivery_date_add
+ envelope_to_add
+ return_path_add
+
+ begin retry
+ *.retiolum * F,42d,1m
+ * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
+
+ begin rewrite
+ begin authenticators
+ '';
+
+
+ # group = mail
+ # mode = 0660
+
+
+ #address_pipe:
+ # driver = pipe
+ # return_output
+ #
+ #address_file:
+ # driver = appendfile
+ # delivery_date_add
+ # envelope_to_add
+ # return_path_add
+ #
+ #address_reply:
+ # driver = autoreply
+
+
+ #maildrop_pipe:
+ # debug_print = "T: maildrop_pipe for $local_part@$domain"
+ # driver = pipe
+ # path = "/bin:/usr/bin:/usr/local/bin"
+ # command = "/usr/bin/maildrop"
+ # return_path_add
+ # delivery_date_add
+ # envelope_to_add
+
+
+
+
+
+ ##begin retry
+ # Address or Domain Error Retries
+
+ # Our host_redirect destinations might be offline a lot.
+ # TODO define fallback destinations(?)
+ #lsearch;${lsearch.internet-aliases} * F,42d,1m
+
+
+ ## begin rewrite
+
+ # just in case (shackspace.de should already do this)
+ #tv@shackspace.de tv@SHACK_REDIR_HOSTNAME T
+
+
+ ## begin authenticators
+ #PLAIN:
+ # driver = plaintext
+ # server_set_id = $auth2
+ # server_prompts = :
+ # server_condition = Authentication is not yet configured
+ # server_advertise_condition = ''${if def:tls_in_cipher }
+
+ #LOGIN:
+ # driver = plaintext
+ # server_set_id = $auth1
+ # server_prompts = <| Username: | Password:
+ # server_condition = Authentication is not yet configured
+ # server_advertise_condition = ''${if def:tls_in_cipher }
+
+
+
+ };
+
+}
+
+# config = ''
+# primary_hostname = ${retiolumHostname}
+# domainlist local_domains = @ : localhost
+# domainlist relay_to_domains = *.retiolum
+# hostlist relay_from_hosts = <; 127.0.0.1 ; ::1
+#
+# acl_smtp_rcpt = acl_check_rcpt
+# acl_smtp_data = acl_check_data
+#
+# host_lookup = *
+# rfc1413_hosts = *
+# rfc1413_query_timeout = 5s
+#
+# log_file_path = syslog
+# syslog_timestamp = false
+# syslog_duplication = false
+#
+# begin acl
+#
+# acl_check_rcpt:
+# accept hosts = :
+# control = dkim_disable_verify
+#
+# deny message = Restricted characters in address
+# domains = +local_domains
+# local_parts = ^[.] : ^.*[@%!/|]
+#
+# deny message = Restricted characters in address
+# domains = !+local_domains
+# local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
+#
+# accept local_parts = postmaster
+# domains = +local_domains
+#
+# #accept
+# # hosts = *.retiolum
+# # domains = *.retiolum
+# # control = dkim_disable_verify
+#
+# #require verify = sender
+#
+# accept hosts = +relay_from_hosts
+# control = submission
+# control = dkim_disable_verify
+#
+# accept authenticated = *
+# control = submission
+# control = dkim_disable_verify
+#
+# require message = relay not permitted
+# domains = +local_domains : +relay_to_domains
+#
+# require verify = recipient
+#
+# accept
+#
+#
+# acl_check_data:
+# accept
+#
+#
+# begin routers
+#
+# retiolum:
+# driver = manualroute
+# domains = ! ${retiolumHostname} : *.retiolum
+# transport = remote_smtp
+# route_list = ^.* $0 byname
+# no_more
+#
+# nonlocal:
+# debug_print = "R: nonlocal for $local_part@$domain"
+# driver = redirect
+# domains = ! +local_domains
+# allow_fail
+# data = :fail: Mailing to remote domains not supported
+# no_more
+#
+# local_user:
+# # debug_print = "R: local_user for $local_part@$domain"
+# driver = accept
+# check_local_user
+# # local_part_suffix = +* : -*
+# # local_part_suffix_optional
+# transport = home_maildir
+# cannot_route_message = Unknown user
+#
+#
+# begin transports
+#
+# remote_smtp:
+# driver = smtp
+#
+# home_maildir:
+# driver = appendfile
+# maildir_format
+# directory = $home/Maildir
+# directory_mode = 0700
+# delivery_date_add
+# envelope_to_add
+# return_path_add
+# # group = mail
+# # mode = 0660
+#
+# begin retry
+# *.retiolum * F,42d,1m
+# * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
+#
+# begin rewrite
+#
+# begin authenticators
+# '';
+# };