summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/exim-smarthost.nix24
-rw-r--r--krebs/4lib/default.nix1
-rw-r--r--krebs/5pkgs/exim/default.nix5
-rw-r--r--lass/2configs/buildbot-standalone.nix7
4 files changed, 33 insertions, 4 deletions
diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix
index aba6ee0b5..cfe2e5f04 100644
--- a/krebs/3modules/exim-smarthost.nix
+++ b/krebs/3modules/exim-smarthost.nix
@@ -2,6 +2,7 @@
with config.krebs.lib;
let
+ indent = replaceChars ["\n"] ["\n "];
cfg = config.krebs.exim-smarthost;
out = {
@@ -12,6 +13,11 @@ let
api = {
enable = mkEnableOption "krebs.exim-smarthost";
+ authenticators = mkOption {
+ type = types.attrsOf types.str;
+ default = {};
+ };
+
dkim = mkOption {
type = types.listOf (types.submodule ({ config, ... }: {
options = {
@@ -80,6 +86,16 @@ let
default = [];
};
+ ssl_cert = mkOption {
+ type = types.nullOr types.str;
+ default = null;
+ };
+
+ ssl_key = mkOption {
+ type = types.nullOr types.str;
+ default = null;
+ };
+
system-aliases = mkOption {
type = types.listOf (types.submodule ({
options = {
@@ -136,7 +152,9 @@ let
syslog_timestamp = false
syslog_duplication = false
- tls_advertise_hosts =
+ ${optionalString (cfg.ssl_cert != null) "tls_certificate = ${cfg.ssl_cert}"}
+ ${optionalString (cfg.ssl_key != null) "tls_privatekey = ${cfg.ssl_key}"}
+ tls_advertise_hosts =${optionalString (cfg.ssl_cert != null) " *"}
begin acl
@@ -257,6 +275,10 @@ let
begin rewrite
begin authenticators
+ ${concatStringsSep "\n" (mapAttrsToList (name: text: ''
+ ${name}:
+ ${indent text}
+ '') cfg.authenticators)}
'';
};
};
diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix
index 296748333..f62c033bd 100644
--- a/krebs/4lib/default.nix
+++ b/krebs/4lib/default.nix
@@ -33,6 +33,7 @@ let out = rec {
dir.has-default-nix = path: pathExists (path + "/default.nix");
genid = import ./genid.nix { lib = lib // out; };
+ genid_signed = x: ((genid x) + 16777216) / 2;
git = import ./git.nix { lib = lib // out; };
shell = import ./shell.nix { inherit lib; };
tree = import ./tree.nix { inherit lib; };
diff --git a/krebs/5pkgs/exim/default.nix b/krebs/5pkgs/exim/default.nix
index 0918e308d..835970555 100644
--- a/krebs/5pkgs/exim/default.nix
+++ b/krebs/5pkgs/exim/default.nix
@@ -1,4 +1,4 @@
-{ coreutils, fetchurl, db, openssl, pcre, perl, pkgconfig, stdenv }:
+{ coreutils, fetchurl, db, openssl, pam, pcre, perl, pkgconfig, stdenv }:
stdenv.mkDerivation rec {
name = "exim-4.87";
@@ -8,7 +8,7 @@ stdenv.mkDerivation rec {
sha256 = "1jbxn13shq90kpn0s73qpjnx5xm8jrpwhcwwgqw5s6sdzw6iwsbl";
};
- buildInputs = [ coreutils db openssl pcre perl pkgconfig ];
+ buildInputs = [ coreutils db openssl pam pcre perl pkgconfig ];
preBuild = ''
sed '
@@ -24,6 +24,7 @@ stdenv.mkDerivation rec {
s:^# \(SUPPORT_TLS\)=.*:\1=yes:
s:^# \(USE_OPENSSL_PC=openssl\)$:\1:
s:^# \(LOG_FILE_PATH=syslog\)$:\1:
+ s:^# \(SUPPORT_PAM\)=.*:\1=yes\nEXTRALIBS=-lpam:
s:^# \(HAVE_IPV6=yes\)$:\1:
s:^# \(CHOWN_COMMAND\)=.*:\1=${coreutils}/bin/chown:
s:^# \(CHGRP_COMMAND\)=.*:\1=${coreutils}/bin/chgrp:
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
index 5afb23687..7c7693ab7 100644
--- a/lass/2configs/buildbot-standalone.nix
+++ b/lass/2configs/buildbot-standalone.nix
@@ -3,8 +3,13 @@
with config.krebs.lib;
let
+ sshHostConfig = pkgs.writeText "ssh-config" ''
+ ControlMaster auto
+ ControlPath /tmp/%u_sshmux_%r@%h:%p
+ ControlPersist 4h
+ '';
sshWrapper = pkgs.writeDash "ssh-wrapper" ''
- ${pkgs.openssh}/bin/ssh -i ${shell.escape config.lass.build-ssh-privkey.path} "$@"
+ ${pkgs.openssh}/bin/ssh -F ${sshHostConfig} -i ${shell.escape config.lass.build-ssh-privkey.path} "$@"
'';
in {