summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--hel.nix62
1 files changed, 38 insertions, 24 deletions
diff --git a/hel.nix b/hel.nix
index 5878f441..9d58f679 100644
--- a/hel.nix
+++ b/hel.nix
@@ -257,40 +257,54 @@
257 destination = []; 257 destination = [];
258 relayHost = "uucp:ymir"; 258 relayHost = "uucp:ymir";
259 recipientDelimiter = "+"; 259 recipientDelimiter = "+";
260 extraMasterConf = '' 260 masterConfig = {
261 uucp unix - n n - - pipe flags=Fqhu user=uucp argv=${config.security.wrapperDir}/uux -z -a $sender - $nexthop!rmail ($recipient) 261 uucp = {
262 sshsendmail unix - n n - - pipe flags=Fq user=postfix_ssh argv=${pkgs.openssh}/bin/ssh -F /var/db/postfix_ssh/ssh.config $nexthop sendmail -f $sender -G $recipient 262 type = "unix";
263 ''; 263 private = true;
264 privileged = true;
265 chroot = false;
266 command = "pipe";
267 args = [ "flags=Fqhu" "user=uucp" ''argv=${config.security.wrapperDir}/uux -z -a $sender - $nexthop!rmail ($recipient)'' ];
268 };
269 sshsendmail = {
270 type = "unix";
271 private = true;
272 privileged = true;
273 chroot = false;
274 command = "pipe";
275 args = [ "flags=Fq" "user=postfix_ssh" ''argv=argv=${pkgs.openssh}/bin/ssh -F /var/db/postfix_ssh/ssh.config $nexthop sendmail -f $sender -G $recipient'' ];
276 };
277 };
264 transport = '' 278 transport = ''
265 odin.asgard.yggdrasil uucp:odin 279 odin.asgard.yggdrasil uucp:odin
266 ''; 280 '';
267 extraConfig = '' 281 config = {
268 always_bcc = gkleen+sent@odin.asgard.yggdrasil 282 always_bcc = "gkleen+sent@odin.asgard.yggdrasil";
269 283
270 default_transport = uucp:ymir 284 default_transport = "uucp:ymir";
271 285
272 inet_interfaces = loopback-only 286 inet_interfaces = "loopback-only";
273 287
274 authorized_submit_users = !uucp, static:anyone 288 authorized_submit_users = ["!uucp" "static:anyone"];
275 message_size_limit = 0 289 message_size_limit = 0;
276 290
277 sender_dependent_default_transport_maps = regexp:${pkgs.writeText "sender_relay" '' 291 sender_dependent_default_transport_maps = ''regexp:${pkgs.writeText "sender_relay" ''
278 /@math(ematik)?\.(lmu|uni-muenchen)\.de$/ sshsendmail:math60.mathinst.loc 292 /@math(ematik)?\.(lmu|uni-muenchen)\.de$/ sshsendmail:math60.mathinst.loc
279 /@(cip|stud)\.ifi\.(lmu|uni-muenchen)\.de$/ smtp:smtp.ifi.lmu.de 293 /@(cip|stud)\.ifi\.(lmu|uni-muenchen)\.de$/ smtp:smtp.ifi.lmu.de
280 /@campus\.lmu\.de$/ smtp:postout.lrz.de 294 /@campus\.lmu\.de$/ smtp:postout.lrz.de
281 ''} 295 ''}'';
282 296
283 smtp_sasl_auth_enable = yes 297 smtp_sasl_auth_enable = true;
284 smtp_sender_dependent_authentication = yes 298 smtp_sender_dependent_authentication = true;
285 smtp_sasl_tls_security_options = noanonymous 299 smtp_sasl_tls_security_options = "noanonymous";
286 smtp_tls_security_level = dane 300 smtp_tls_security_level = "dane";
287 smtp_sasl_password_maps = texthash:/var/db/postfix/sasl_passwd 301 smtp_sasl_password_maps = "texthash:/var/db/postfix/sasl_passwd";
288 smtp_cname_overrides_servername = no 302 smtp_cname_overrides_servername = false;
289 smtp_always_send_ehlo = yes 303 smtp_always_send_ehlo = true;
290 304
291 smtp_tls_loglevel = 1 305 smtp_tls_loglevel = 1;
292 smtp_dns_support_level = dnssec 306 smtp_dns_support_level = "dnssec";
293 ''; 307 };
294 }; 308 };
295 309
296 printing = { 310 printing = {