diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2024-05-26 12:08:43 +0200 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2024-05-26 12:08:43 +0200 |
commit | de2521348c54e73c5260a15bd2d7eb214df24c60 (patch) | |
tree | 1f1ade7e8761fb6eeb64da21997610a1e66df13d /modules | |
parent | 329de92b6e00f1af9925f56a4fc6da14087802e5 (diff) | |
download | nixos-de2521348c54e73c5260a15bd2d7eb214df24c60.tar nixos-de2521348c54e73c5260a15bd2d7eb214df24c60.tar.gz nixos-de2521348c54e73c5260a15bd2d7eb214df24c60.tar.bz2 nixos-de2521348c54e73c5260a15bd2d7eb214df24c60.tar.xz nixos-de2521348c54e73c5260a15bd2d7eb214df24c60.zip |
...
Diffstat (limited to 'modules')
-rw-r--r-- | modules/postfwd.nix | 27 |
1 files changed, 24 insertions, 3 deletions
diff --git a/modules/postfwd.nix b/modules/postfwd.nix index e10c04a7..2ecfe9ab 100644 --- a/modules/postfwd.nix +++ b/modules/postfwd.nix | |||
@@ -9,6 +9,10 @@ in { | |||
9 | services.postfwd = with types; { | 9 | services.postfwd = with types; { |
10 | enable = mkEnableOption "postfwd3 - postfix firewall daemon"; | 10 | enable = mkEnableOption "postfwd3 - postfix firewall daemon"; |
11 | 11 | ||
12 | cache = mkEnableOption "postfwd3 cache" // { | ||
13 | default = true; | ||
14 | }; | ||
15 | |||
12 | rules = mkOption { | 16 | rules = mkOption { |
13 | type = lines; | 17 | type = lines; |
14 | default = ""; | 18 | default = ""; |
@@ -25,7 +29,7 @@ in { | |||
25 | serviceConfig = { | 29 | serviceConfig = { |
26 | Type = "forking"; | 30 | Type = "forking"; |
27 | 31 | ||
28 | ExecStart = "${pkgs.postfwd}/bin/postfwd3 ${escapeShellArgs [ | 32 | ExecStart = "${pkgs.postfwd}/bin/postfwd3 ${escapeShellArgs ([ |
29 | "-vv" | 33 | "-vv" |
30 | "--daemon" "--user" "postfwd" "--group" "postfwd" | 34 | "--daemon" "--user" "postfwd" "--group" "postfwd" |
31 | "--pidfile" "/run/postfwd3/postfwd3.pid" | 35 | "--pidfile" "/run/postfwd3/postfwd3.pid" |
@@ -34,11 +38,14 @@ in { | |||
34 | "--save_rates" "/var/lib/postfwd/rates" | 38 | "--save_rates" "/var/lib/postfwd/rates" |
35 | "--save_groups" "/var/lib/postfwd/groups" | 39 | "--save_groups" "/var/lib/postfwd/groups" |
36 | "--summary" "3600" | 40 | "--summary" "3600" |
41 | "--file" (pkgs.writeText "postfwd3-rules" cfg.rules) | ||
42 | ] ++ lib.optionals cfg.cache [ | ||
37 | "--cache" "600" | 43 | "--cache" "600" |
38 | "--cache_proto" "unix" | 44 | "--cache_proto" "unix" |
39 | "--cache_port" "/run/postfwd3/cache.sock" | 45 | "--cache_port" "/run/postfwd3/cache.sock" |
40 | "--file" (pkgs.writeText "postfwd3-rules" cfg.rules) | 46 | ] ++ lib.optionals (!cfg.cache) [ |
41 | ]}"; | 47 | "--cache" "0" |
48 | ])}"; | ||
42 | PIDFile = "/run/postfwd3/postfwd3.pid"; | 49 | PIDFile = "/run/postfwd3/postfwd3.pid"; |
43 | 50 | ||
44 | Restart = "always"; | 51 | Restart = "always"; |
@@ -78,5 +85,19 @@ in { | |||
78 | IPAddressDeny = "any"; | 85 | IPAddressDeny = "any"; |
79 | }; | 86 | }; |
80 | }; | 87 | }; |
88 | |||
89 | environment.systemPackages = [ | ||
90 | (pkgs.postfwd.overrideAttrs (oldAttrs: { | ||
91 | nativeBuildInputs = (oldAttrs.nativeBuildInputs or []) ++ [ pkgs.makeWrapper pkgs.coreutils ]; | ||
92 | |||
93 | postInstall = '' | ||
94 | ${oldAttrs.postInstall or ""} | ||
95 | |||
96 | wrapProgram $out/bin/postfwd3 \ | ||
97 | --add-flags "--proto unix --port /run/postfwd3/postfwd3.sock" | ||
98 | ln -s postfwd3 $out/bin/postfwd | ||
99 | ''; | ||
100 | })) | ||
101 | ]; | ||
81 | }; | 102 | }; |
82 | } | 103 | } |