diff options
-rw-r--r-- | krebs/3modules/exim-smarthost.nix | 24 | ||||
-rw-r--r-- | krebs/4lib/default.nix | 1 | ||||
-rw-r--r-- | krebs/5pkgs/exim/default.nix | 5 | ||||
-rw-r--r-- | lass/2configs/buildbot-standalone.nix | 7 |
4 files changed, 33 insertions, 4 deletions
diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index aba6ee0b5..cfe2e5f04 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -2,6 +2,7 @@ with config.krebs.lib; let + indent = replaceChars ["\n"] ["\n "]; cfg = config.krebs.exim-smarthost; out = { @@ -12,6 +13,11 @@ let api = { enable = mkEnableOption "krebs.exim-smarthost"; + authenticators = mkOption { + type = types.attrsOf types.str; + default = {}; + }; + dkim = mkOption { type = types.listOf (types.submodule ({ config, ... }: { options = { @@ -80,6 +86,16 @@ let default = []; }; + ssl_cert = mkOption { + type = types.nullOr types.str; + default = null; + }; + + ssl_key = mkOption { + type = types.nullOr types.str; + default = null; + }; + system-aliases = mkOption { type = types.listOf (types.submodule ({ options = { @@ -136,7 +152,9 @@ let syslog_timestamp = false syslog_duplication = false - tls_advertise_hosts = + ${optionalString (cfg.ssl_cert != null) "tls_certificate = ${cfg.ssl_cert}"} + ${optionalString (cfg.ssl_key != null) "tls_privatekey = ${cfg.ssl_key}"} + tls_advertise_hosts =${optionalString (cfg.ssl_cert != null) " *"} begin acl @@ -257,6 +275,10 @@ let begin rewrite begin authenticators + ${concatStringsSep "\n" (mapAttrsToList (name: text: '' + ${name}: + ${indent text} + '') cfg.authenticators)} ''; }; }; diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix index 296748333..f62c033bd 100644 --- a/krebs/4lib/default.nix +++ b/krebs/4lib/default.nix @@ -33,6 +33,7 @@ let out = rec { dir.has-default-nix = path: pathExists (path + "/default.nix"); genid = import ./genid.nix { lib = lib // out; }; + genid_signed = x: ((genid x) + 16777216) / 2; git = import ./git.nix { lib = lib // out; }; shell = import ./shell.nix { inherit lib; }; tree = import ./tree.nix { inherit lib; }; diff --git a/krebs/5pkgs/exim/default.nix b/krebs/5pkgs/exim/default.nix index 0918e308d..835970555 100644 --- a/krebs/5pkgs/exim/default.nix +++ b/krebs/5pkgs/exim/default.nix @@ -1,4 +1,4 @@ -{ coreutils, fetchurl, db, openssl, pcre, perl, pkgconfig, stdenv }: +{ coreutils, fetchurl, db, openssl, pam, pcre, perl, pkgconfig, stdenv }: stdenv.mkDerivation rec { name = "exim-4.87"; @@ -8,7 +8,7 @@ stdenv.mkDerivation rec { sha256 = "1jbxn13shq90kpn0s73qpjnx5xm8jrpwhcwwgqw5s6sdzw6iwsbl"; }; - buildInputs = [ coreutils db openssl pcre perl pkgconfig ]; + buildInputs = [ coreutils db openssl pam pcre perl pkgconfig ]; preBuild = '' sed ' @@ -24,6 +24,7 @@ stdenv.mkDerivation rec { s:^# \(SUPPORT_TLS\)=.*:\1=yes: s:^# \(USE_OPENSSL_PC=openssl\)$:\1: s:^# \(LOG_FILE_PATH=syslog\)$:\1: + s:^# \(SUPPORT_PAM\)=.*:\1=yes\nEXTRALIBS=-lpam: s:^# \(HAVE_IPV6=yes\)$:\1: s:^# \(CHOWN_COMMAND\)=.*:\1=${coreutils}/bin/chown: s:^# \(CHGRP_COMMAND\)=.*:\1=${coreutils}/bin/chgrp: diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 5afb23687..7c7693ab7 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -3,8 +3,13 @@ with config.krebs.lib; let + sshHostConfig = pkgs.writeText "ssh-config" '' + ControlMaster auto + ControlPath /tmp/%u_sshmux_%r@%h:%p + ControlPersist 4h + ''; sshWrapper = pkgs.writeDash "ssh-wrapper" '' - ${pkgs.openssh}/bin/ssh -i ${shell.escape config.lass.build-ssh-privkey.path} "$@" + ${pkgs.openssh}/bin/ssh -F ${sshHostConfig} -i ${shell.escape config.lass.build-ssh-privkey.path} "$@" ''; in { |