diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2024-08-08 14:36:50 +0200 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2024-08-08 14:36:50 +0200 |
commit | be06f04babc12fb60366c24a22561c1d46895c80 (patch) | |
tree | 8df057a3605a7272cb048043be7593b5c944a67c /modules | |
parent | a6754d729f2d16cfdcb3570891c038a14718de1f (diff) | |
parent | bc90ef66903e78713db1fd3a700785572b794cde (diff) | |
download | nixos-be06f04babc12fb60366c24a22561c1d46895c80.tar nixos-be06f04babc12fb60366c24a22561c1d46895c80.tar.gz nixos-be06f04babc12fb60366c24a22561c1d46895c80.tar.bz2 nixos-be06f04babc12fb60366c24a22561c1d46895c80.tar.xz nixos-be06f04babc12fb60366c24a22561c1d46895c80.zip |
Merge commit 'bc90ef66' into flakes
Diffstat (limited to 'modules')
-rw-r--r-- | modules/postfwd.nix | 27 |
1 files changed, 24 insertions, 3 deletions
diff --git a/modules/postfwd.nix b/modules/postfwd.nix index 3edff44d..93729978 100644 --- a/modules/postfwd.nix +++ b/modules/postfwd.nix | |||
@@ -9,6 +9,10 @@ in { | |||
9 | services.postfwd = with types; { | 9 | services.postfwd = with types; { |
10 | enable = mkEnableOption "postfwd3 - postfix firewall daemon"; | 10 | enable = mkEnableOption "postfwd3 - postfix firewall daemon"; |
11 | 11 | ||
12 | cache = mkEnableOption "postfwd3 cache" // { | ||
13 | default = true; | ||
14 | }; | ||
15 | |||
12 | rules = mkOption { | 16 | rules = mkOption { |
13 | type = lines; | 17 | type = lines; |
14 | default = ""; | 18 | default = ""; |
@@ -26,7 +30,7 @@ in { | |||
26 | serviceConfig = { | 30 | serviceConfig = { |
27 | Type = "forking"; | 31 | Type = "forking"; |
28 | 32 | ||
29 | ExecStart = "${pkgs.postfwd}/bin/postfwd3 ${escapeShellArgs [ | 33 | ExecStart = "${pkgs.postfwd}/bin/postfwd3 ${escapeShellArgs ([ |
30 | "-vv" | 34 | "-vv" |
31 | "--daemon" "--user" "postfwd" "--group" "postfwd" | 35 | "--daemon" "--user" "postfwd" "--group" "postfwd" |
32 | "--pidfile" "/run/postfwd3/postfwd3.pid" | 36 | "--pidfile" "/run/postfwd3/postfwd3.pid" |
@@ -35,11 +39,14 @@ in { | |||
35 | "--save_rates" "/var/lib/postfwd/rates" | 39 | "--save_rates" "/var/lib/postfwd/rates" |
36 | "--save_groups" "/var/lib/postfwd/groups" | 40 | "--save_groups" "/var/lib/postfwd/groups" |
37 | "--summary" "3600" | 41 | "--summary" "3600" |
42 | "--file" (pkgs.writeText "postfwd3-rules" cfg.rules) | ||
43 | ] ++ lib.optionals cfg.cache [ | ||
38 | "--cache" "600" | 44 | "--cache" "600" |
39 | "--cache_proto" "unix" | 45 | "--cache_proto" "unix" |
40 | "--cache_port" "/run/postfwd3/cache.sock" | 46 | "--cache_port" "/run/postfwd3/cache.sock" |
41 | "--file" (pkgs.writeText "postfwd3-rules" cfg.rules) | 47 | ] ++ lib.optionals (!cfg.cache) [ |
42 | ]}"; | 48 | "--cache" "0" |
49 | ])}"; | ||
43 | PIDFile = "/run/postfwd3/postfwd3.pid"; | 50 | PIDFile = "/run/postfwd3/postfwd3.pid"; |
44 | 51 | ||
45 | Restart = "always"; | 52 | Restart = "always"; |
@@ -79,5 +86,19 @@ in { | |||
79 | IPAddressDeny = "any"; | 86 | IPAddressDeny = "any"; |
80 | }; | 87 | }; |
81 | }; | 88 | }; |
89 | |||
90 | environment.systemPackages = [ | ||
91 | (pkgs.postfwd.overrideAttrs (oldAttrs: { | ||
92 | nativeBuildInputs = (oldAttrs.nativeBuildInputs or []) ++ [ pkgs.makeWrapper pkgs.coreutils ]; | ||
93 | |||
94 | postInstall = '' | ||
95 | ${oldAttrs.postInstall or ""} | ||
96 | |||
97 | wrapProgram $out/bin/postfwd3 \ | ||
98 | --add-flags "--proto unix --port /run/postfwd3/postfwd3.sock" | ||
99 | ln -s postfwd3 $out/bin/postfwd | ||
100 | ''; | ||
101 | })) | ||
102 | ]; | ||
82 | }; | 103 | }; |
83 | } | 104 | } |