summaryrefslogtreecommitdiff
path: root/modules/postfwd.nix
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2024-08-08 14:36:50 +0200
committerGregor Kleen <gkleen@yggdrasil.li>2024-08-08 14:36:50 +0200
commitbe06f04babc12fb60366c24a22561c1d46895c80 (patch)
tree8df057a3605a7272cb048043be7593b5c944a67c /modules/postfwd.nix
parenta6754d729f2d16cfdcb3570891c038a14718de1f (diff)
parentbc90ef66903e78713db1fd3a700785572b794cde (diff)
downloadnixos-be06f04babc12fb60366c24a22561c1d46895c80.tar
nixos-be06f04babc12fb60366c24a22561c1d46895c80.tar.gz
nixos-be06f04babc12fb60366c24a22561c1d46895c80.tar.bz2
nixos-be06f04babc12fb60366c24a22561c1d46895c80.tar.xz
nixos-be06f04babc12fb60366c24a22561c1d46895c80.zip
Merge commit 'bc90ef66' into flakes
Diffstat (limited to 'modules/postfwd.nix')
-rw-r--r--modules/postfwd.nix27
1 files changed, 24 insertions, 3 deletions
diff --git a/modules/postfwd.nix b/modules/postfwd.nix
index 3edff44d..93729978 100644
--- a/modules/postfwd.nix
+++ b/modules/postfwd.nix
@@ -9,6 +9,10 @@ in {
9 services.postfwd = with types; { 9 services.postfwd = with types; {
10 enable = mkEnableOption "postfwd3 - postfix firewall daemon"; 10 enable = mkEnableOption "postfwd3 - postfix firewall daemon";
11 11
12 cache = mkEnableOption "postfwd3 cache" // {
13 default = true;
14 };
15
12 rules = mkOption { 16 rules = mkOption {
13 type = lines; 17 type = lines;
14 default = ""; 18 default = "";
@@ -26,7 +30,7 @@ in {
26 serviceConfig = { 30 serviceConfig = {
27 Type = "forking"; 31 Type = "forking";
28 32
29 ExecStart = "${pkgs.postfwd}/bin/postfwd3 ${escapeShellArgs [ 33 ExecStart = "${pkgs.postfwd}/bin/postfwd3 ${escapeShellArgs ([
30 "-vv" 34 "-vv"
31 "--daemon" "--user" "postfwd" "--group" "postfwd" 35 "--daemon" "--user" "postfwd" "--group" "postfwd"
32 "--pidfile" "/run/postfwd3/postfwd3.pid" 36 "--pidfile" "/run/postfwd3/postfwd3.pid"
@@ -35,11 +39,14 @@ in {
35 "--save_rates" "/var/lib/postfwd/rates" 39 "--save_rates" "/var/lib/postfwd/rates"
36 "--save_groups" "/var/lib/postfwd/groups" 40 "--save_groups" "/var/lib/postfwd/groups"
37 "--summary" "3600" 41 "--summary" "3600"
42 "--file" (pkgs.writeText "postfwd3-rules" cfg.rules)
43 ] ++ lib.optionals cfg.cache [
38 "--cache" "600" 44 "--cache" "600"
39 "--cache_proto" "unix" 45 "--cache_proto" "unix"
40 "--cache_port" "/run/postfwd3/cache.sock" 46 "--cache_port" "/run/postfwd3/cache.sock"
41 "--file" (pkgs.writeText "postfwd3-rules" cfg.rules) 47 ] ++ lib.optionals (!cfg.cache) [
42 ]}"; 48 "--cache" "0"
49 ])}";
43 PIDFile = "/run/postfwd3/postfwd3.pid"; 50 PIDFile = "/run/postfwd3/postfwd3.pid";
44 51
45 Restart = "always"; 52 Restart = "always";
@@ -79,5 +86,19 @@ in {
79 IPAddressDeny = "any"; 86 IPAddressDeny = "any";
80 }; 87 };
81 }; 88 };
89
90 environment.systemPackages = [
91 (pkgs.postfwd.overrideAttrs (oldAttrs: {
92 nativeBuildInputs = (oldAttrs.nativeBuildInputs or []) ++ [ pkgs.makeWrapper pkgs.coreutils ];
93
94 postInstall = ''
95 ${oldAttrs.postInstall or ""}
96
97 wrapProgram $out/bin/postfwd3 \
98 --add-flags "--proto unix --port /run/postfwd3/postfwd3.sock"
99 ln -s postfwd3 $out/bin/postfwd
100 '';
101 }))
102 ];
82 }; 103 };
83} 104}