nixos/pfix-srsd: migrate postfix integration from postfix module

The postfix module is too big to host every individual integration option
and moving it here has no downside.
This commit is contained in:
Martin Weinelt 2025-07-15 20:08:24 +02:00
parent c915f104b0
commit fbc56958af
No known key found for this signature in database
GPG Key ID: 87C1E9888F856759
3 changed files with 43 additions and 31 deletions

View File

@ -122,6 +122,8 @@
- `services.postsrsd` now automatically integrates with the local Postfix instance, when enabled. This behavior can disabled using the [services.postsrsd.configurePostfix](#opt-services.postsrsd.configurePostfix) option.
- `services.pfix-srsd` now automatically integrates with the local Postfix instance, when enabled. This behavior can disabled using the [services.pfix-srsd.configurePostfix](#opt-services.pfix-srsd.configurePostfix) option.
- `services.monero` now includes the `environmentFile` option for adding secrets to the Monero daemon config.
- `amdgpu` kernel driver overdrive mode can now be enabled by setting [hardware.amdgpu.overdrive.enable](#opt-hardware.amdgpu.overdrive.enable) and customized through [hardware.amdgpu.overdrive.ppfeaturemask](#opt-hardware.amdgpu.overdrive.ppfeaturemask).

View File

@ -4,6 +4,10 @@
pkgs,
...
}:
let
cfg = config.services.pfix-srsd;
in
{
###### interface
@ -32,27 +36,46 @@
type = lib.types.path;
default = "/var/lib/pfix-srsd/secrets";
};
configurePostfix = lib.mkOption {
type = lib.types.bool;
default = true;
description = ''
Whether to configure the required settings to use pfix-srsd in the local Postfix instance.
'';
};
};
};
###### implementation
config = lib.mkIf config.services.pfix-srsd.enable {
environment = {
systemPackages = [ pkgs.pfixtools ];
};
systemd.services.pfix-srsd = {
description = "Postfix sender rewriting scheme daemon";
before = [ "postfix.service" ];
#note that we use requires rather than wants because postfix
#is unable to process (almost) all mail without srsd
requiredBy = [ "postfix.service" ];
serviceConfig = {
Type = "forking";
PIDFile = "/run/pfix-srsd.pid";
ExecStart = "${pkgs.pfixtools}/bin/pfix-srsd -p /run/pfix-srsd.pid -I ${config.services.pfix-srsd.domain} ${config.services.pfix-srsd.secretsFile}";
config = lib.mkMerge [
(lib.mkIf (cfg.enable && cfg.configurePostfix && config.services.postfix.enable) {
services.postfix.config = {
sender_canonical_maps = [ "tcp:127.0.0.1:10001" ];
sender_canonical_classes = [ "envelope_sender" ];
recipient_canonical_maps = [ "tcp:127.0.0.1:10002" ];
recipient_canonical_classes = [ "envelope_recipient" ];
};
};
};
})
(lib.mkIf cfg.enable {
environment = {
systemPackages = [ pkgs.pfixtools ];
};
systemd.services.pfix-srsd = {
description = "Postfix sender rewriting scheme daemon";
before = [ "postfix.service" ];
#note that we use requires rather than wants because postfix
#is unable to process (almost) all mail without srsd
requiredBy = [ "postfix.service" ];
serviceConfig = {
Type = "forking";
PIDFile = "/run/pfix-srsd.pid";
ExecStart = "${pkgs.pfixtools}/bin/pfix-srsd -p /run/pfix-srsd.pid -I ${config.services.pfix-srsd.domain} ${config.services.pfix-srsd.secretsFile}";
};
};
})
];
}

View File

@ -785,12 +785,6 @@ in
description = "Maps to be compiled and placed into /var/lib/postfix/conf.";
};
useSrs = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Whether to enable sender rewriting scheme";
};
};
};
@ -808,8 +802,6 @@ in
systemPackages = [ pkgs.postfix ];
};
services.pfix-srsd.enable = config.services.postfix.useSrs;
services.mail.sendmailSetuidWrapper = lib.mkIf config.services.postfix.setSendmail {
program = "sendmail";
source = "${pkgs.postfix}/bin/sendmail";
@ -1002,12 +994,6 @@ in
] ++ lib.optional haveAliases "$alias_maps";
}
// lib.optionalAttrs (cfg.dnsBlacklists != [ ]) { smtpd_client_restrictions = clientRestrictions; }
// lib.optionalAttrs cfg.useSrs {
sender_canonical_maps = [ "tcp:127.0.0.1:10001" ];
sender_canonical_classes = [ "envelope_sender" ];
recipient_canonical_maps = [ "tcp:127.0.0.1:10002" ];
recipient_canonical_classes = [ "envelope_recipient" ];
}
// lib.optionalAttrs cfg.enableHeaderChecks {
header_checks = [ "regexp:/etc/postfix/header_checks" ];
}
@ -1190,5 +1176,6 @@ in
[ "services" "postfix" "config" "smtp_tls_security_level" ]
(config: lib.mkIf config.services.postfix.useDane "dane")
)
(lib.mkRenamedOptionModule [ "services" "postfix" "useSrs" ] [ "services" "pfix-srsd" "enable" ])
];
}