talexander/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Releases Activity

nixos/pfix-srsd: migrate postfix integration from postfix module

Browse Source 
The postfix module is too big to host every individual integration option
and moving it here has no downside.
This commit is contained in:
Martin Weinelt 2025-07-15 20:08:24 +02:00
parent c915f104b0
commit fbc56958af
No known key found for this signature in database
GPG Key ID: 87C1E9888F856759
3 changed files with 43 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/doc/manual/release-notes/rl-2511.section.md
View File

@ -122,6 +122,8 @@
- `services.postsrsd` now automatically integrates with the local Postfix instance, when enabled. This behavior can disabled using the [services.postsrsd.configurePostfix](#opt-services.postsrsd.configurePostfix) option. - `services.postsrsd` now automatically integrates with the local Postfix instance, when enabled. This behavior can disabled using the [services.postsrsd.configurePostfix](#opt-services.postsrsd.configurePostfix) option.
- `services.pfix-srsd` now automatically integrates with the local Postfix instance, when enabled. This behavior can disabled using the [services.pfix-srsd.configurePostfix](#opt-services.pfix-srsd.configurePostfix) option.
- `services.monero` now includes the `environmentFile` option for adding secrets to the Monero daemon config. - `services.monero` now includes the `environmentFile` option for adding secrets to the Monero daemon config.
- `amdgpu` kernel driver overdrive mode can now be enabled by setting [hardware.amdgpu.overdrive.enable](#opt-hardware.amdgpu.overdrive.enable) and customized through [hardware.amdgpu.overdrive.ppfeaturemask](#opt-hardware.amdgpu.overdrive.ppfeaturemask). - `amdgpu` kernel driver overdrive mode can now be enabled by setting [hardware.amdgpu.overdrive.enable](#opt-hardware.amdgpu.overdrive.enable) and customized through [hardware.amdgpu.overdrive.ppfeaturemask](#opt-hardware.amdgpu.overdrive.ppfeaturemask).

57
nixos/modules/services/mail/pfix-srsd.nix
View File

@ -4,6 +4,10 @@
pkgs, pkgs,
... ...
}: }:
let
cfg = config.services.pfix-srsd;
in
{ {
###### interface ###### interface
@ -32,27 +36,46 @@
type = lib.types.path; type = lib.types.path;
default = "/var/lib/pfix-srsd/secrets"; default = "/var/lib/pfix-srsd/secrets";
}; };
configurePostfix = lib.mkOption {
type = lib.types.bool;
default = true;
description = ''
Whether to configure the required settings to use pfix-srsd in the local Postfix instance.
'';
};
}; };
}; };
###### implementation ###### implementation
config = lib.mkIf config.services.pfix-srsd.enable { config = lib.mkMerge [
environment = { (lib.mkIf (cfg.enable && cfg.configurePostfix && config.services.postfix.enable) {
systemPackages = [ pkgs.pfixtools ]; services.postfix.config = {
}; sender_canonical_maps = [ "tcp:127.0.0.1:10001" ];
sender_canonical_classes = [ "envelope_sender" ];
systemd.services.pfix-srsd = { recipient_canonical_maps = [ "tcp:127.0.0.1:10002" ];
description = "Postfix sender rewriting scheme daemon"; recipient_canonical_classes = [ "envelope_recipient" ];
before = [ "postfix.service" ];
#note that we use requires rather than wants because postfix
#is unable to process (almost) all mail without srsd
requiredBy = [ "postfix.service" ];
serviceConfig = {
Type = "forking";
PIDFile = "/run/pfix-srsd.pid";
ExecStart = "${pkgs.pfixtools}/bin/pfix-srsd -p /run/pfix-srsd.pid -I ${config.services.pfix-srsd.domain} ${config.services.pfix-srsd.secretsFile}";
}; };
}; })
};
(lib.mkIf cfg.enable {
environment = {
systemPackages = [ pkgs.pfixtools ];
};
systemd.services.pfix-srsd = {
description = "Postfix sender rewriting scheme daemon";
before = [ "postfix.service" ];
#note that we use requires rather than wants because postfix
#is unable to process (almost) all mail without srsd
requiredBy = [ "postfix.service" ];
serviceConfig = {
Type = "forking";
PIDFile = "/run/pfix-srsd.pid";
ExecStart = "${pkgs.pfixtools}/bin/pfix-srsd -p /run/pfix-srsd.pid -I ${config.services.pfix-srsd.domain} ${config.services.pfix-srsd.secretsFile}";
};
};
})
];
} }

15
nixos/modules/services/mail/postfix.nix
View File

@ -785,12 +785,6 @@ in
description = "Maps to be compiled and placed into /var/lib/postfix/conf."; description = "Maps to be compiled and placed into /var/lib/postfix/conf.";
}; };
useSrs = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Whether to enable sender rewriting scheme";
};
}; };
}; };
@ -808,8 +802,6 @@ in
systemPackages = [ pkgs.postfix ]; systemPackages = [ pkgs.postfix ];
}; };
services.pfix-srsd.enable = config.services.postfix.useSrs;
services.mail.sendmailSetuidWrapper = lib.mkIf config.services.postfix.setSendmail { services.mail.sendmailSetuidWrapper = lib.mkIf config.services.postfix.setSendmail {
program = "sendmail"; program = "sendmail";
source = "${pkgs.postfix}/bin/sendmail"; source = "${pkgs.postfix}/bin/sendmail";
@ -1002,12 +994,6 @@ in
] ++ lib.optional haveAliases "$alias_maps"; ] ++ lib.optional haveAliases "$alias_maps";
} }
// lib.optionalAttrs (cfg.dnsBlacklists != [ ]) { smtpd_client_restrictions = clientRestrictions; } // lib.optionalAttrs (cfg.dnsBlacklists != [ ]) { smtpd_client_restrictions = clientRestrictions; }
// lib.optionalAttrs cfg.useSrs {
sender_canonical_maps = [ "tcp:127.0.0.1:10001" ];
sender_canonical_classes = [ "envelope_sender" ];
recipient_canonical_maps = [ "tcp:127.0.0.1:10002" ];
recipient_canonical_classes = [ "envelope_recipient" ];
}
// lib.optionalAttrs cfg.enableHeaderChecks { // lib.optionalAttrs cfg.enableHeaderChecks {
header_checks = [ "regexp:/etc/postfix/header_checks" ]; header_checks = [ "regexp:/etc/postfix/header_checks" ];
} }
@ -1190,5 +1176,6 @@ in
[ "services" "postfix" "config" "smtp_tls_security_level" ] [ "services" "postfix" "config" "smtp_tls_security_level" ]
(config: lib.mkIf config.services.postfix.useDane "dane") (config: lib.mkIf config.services.postfix.useDane "dane")
) )
(lib.mkRenamedOptionModule [ "services" "postfix" "useSrs" ] [ "services" "pfix-srsd" "enable" ])
]; ];
} }