summaryrefslogtreecommitdiffstats
path: root/krebs/3modules
diff options
context:
space:
mode:
Diffstat (limited to 'krebs/3modules')
-rw-r--r--krebs/3modules/default.nix13
-rw-r--r--krebs/3modules/exim-retiolum.nix36
-rw-r--r--krebs/3modules/exim-smarthost.nix42
-rw-r--r--krebs/3modules/shared/default.nix1
4 files changed, 61 insertions, 31 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 662fd6489..186469e97 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -143,12 +143,11 @@ let
{ text=(stripEmptyLines value); }) all-zones;
krebs.exim-smarthost.internet-aliases = let
- format = from: to:
+ format = from: to: {
+ inherit from;
# TODO assert is-retiolum-mail-address to;
- { inherit from;
- to = if typeOf to == "list"
- then concatMapStringsSep "," (getAttr "mail") to
- else to.mail; };
+ to = concatMapStringsSep "," (getAttr "mail") (toList to);
+ };
in mapAttrsToList format (with config.krebs.users; let
spam-ml = [
lass
@@ -167,6 +166,10 @@ let
"makefu@retiolum" = makefu;
"spam@retiolum" = spam-ml;
"tv@retiolum" = tv;
+ "lass@r" = lass;
+ "makefu@r" = makefu;
+ "spam@r" = spam-ml;
+ "tv@r" = tv;
});
services.openssh.hostKeys =
diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix
index 1722eef1f..6e6928f89 100644
--- a/krebs/3modules/exim-retiolum.nix
+++ b/krebs/3modules/exim-retiolum.nix
@@ -11,6 +11,24 @@ let
api = {
enable = mkEnableOption "krebs.exim-retiolum";
+ local_domains = mkOption {
+ type = with types; listOf hostname;
+ default = ["localhost"] ++ config.krebs.build.host.nets.retiolum.aliases;
+ };
+ primary_hostname = mkOption {
+ type = types.str;
+ default = let x = "${config.krebs.build.host.name}.r"; in
+ assert elem x config.krebs.build.host.nets.retiolum.aliases;
+ x;
+ };
+ relay_to_domains = mkOption {
+ # TODO hostname with wildcards
+ type = with types; listOf str;
+ default = [
+ "*.r"
+ "*.retiolum"
+ ];
+ };
};
imp = {
@@ -21,9 +39,9 @@ let
# TODO modular configuration
assert config.krebs.retiolum.enable;
''
- primary_hostname = ${retiolumHostname}
- domainlist local_domains = @ : localhost
- domainlist relay_to_domains = *.retiolum
+ primary_hostname = ${cfg.primary_hostname}
+ domainlist local_domains = ${concatStringsSep ":" cfg.local_domains}
+ domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains}
hostlist relay_from_hosts = <; 127.0.0.1 ; ::1
acl_smtp_rcpt = acl_check_rcpt
@@ -85,7 +103,7 @@ let
retiolum:
driver = manualroute
- domains = ! ${retiolumHostname} : *.retiolum
+ domains = ! +local_domains : +relay_to_domains
transport = remote_smtp
route_list = ^.* $0 byname
no_more
@@ -125,8 +143,8 @@ let
# mode = 0660
begin retry
- *.retiolum * F,42d,1m
- * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
+ ${concatMapStringsSep "\n" (k: "${k} * F,42d,1m") cfg.relay_to_domains}
+ * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
begin rewrite
@@ -134,8 +152,4 @@ let
'';
};
};
-
- # TODO get the hostname from somewhere else.
- retiolumHostname = "${config.networking.hostName}.retiolum";
-in
-out
+in out
diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix
index 267ee2900..c976e89de 100644
--- a/krebs/3modules/exim-smarthost.nix
+++ b/krebs/3modules/exim-smarthost.nix
@@ -25,14 +25,31 @@ let
}));
};
+ local_domains = mkOption {
+ type = with types; listOf hostname;
+ default = ["localhost"] ++ config.krebs.build.host.nets.retiolum.aliases;
+ };
+
relay_from_hosts = mkOption {
type = with types; listOf str;
default = [];
+ apply = xs: ["127.0.0.1" "::1"] ++ xs;
+ };
+
+ relay_to_domains = mkOption {
+ # TODO hostname with wildcards
+ type = with types; listOf str;
+ default = [
+ "*.r"
+ "*.retiolum"
+ ];
};
primary_hostname = mkOption {
type = types.str;
- default = "${config.networking.hostName}.retiolum";
+ default = let x = "${config.krebs.build.host.name}.r"; in
+ assert elem x config.krebs.build.host.nets.retiolum.aliases;
+ x;
};
sender_domains = mkOption {
@@ -63,19 +80,11 @@ let
# HOST_REDIR contains the real destinations for "local_domains".
#HOST_REDIR = /etc/exim4/host_redirect
-
# Domains not listed in local_domains need to be deliverable remotely.
# XXX We abuse local_domains to mean "domains, we're the gateway for".
- domainlist local_domains = @ : localhost
- domainlist relay_to_domains =
- hostlist relay_from_hosts = <;${concatStringsSep ";" (
- [
- "127.0.0.1"
- "::1"
- ]
- ++
- cfg.relay_from_hosts
- )}
+ domainlist local_domains = ${concatStringsSep ":" cfg.local_domains}
+ domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains}
+ hostlist relay_from_hosts = <;${concatStringsSep ";" cfg.relay_from_hosts}
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
@@ -144,7 +153,7 @@ let
retiolum:
debug_print = "R: retiolum for $local_part@$domain"
driver = manualroute
- domains = ! ${cfg.primary_hostname} : *.retiolum
+ domains = ! +local_domains : +relay_to_domains
transport = retiolum_smtp
route_list = ^.* $0 byname
no_more
@@ -197,8 +206,11 @@ let
return_path_add
begin retry
- *.retiolum * F,42d,1m
- * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
+ ${concatMapStringsSep "\n" (k: "${k} * F,42d,1m") cfg.relay_to_domains}
+ ${concatMapStringsSep "\n" (k: "${k} * F,42d,1m")
+ # TODO don't include relay_to_domains
+ (map (getAttr "from") cfg.internet-aliases)}
+ * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
begin rewrite
begin authenticators
diff --git a/krebs/3modules/shared/default.nix b/krebs/3modules/shared/default.nix
index 208b596f8..ccd15b569 100644
--- a/krebs/3modules/shared/default.nix
+++ b/krebs/3modules/shared/default.nix
@@ -15,6 +15,7 @@ let
addrs4 = ["10.243.111.111"];
addrs6 = ["42:0:0:0:0:0:0:7357"];
aliases = [
+ "test.r"
"test.retiolum"
];
tinc.pubkey = ''