From ecd69d89f865f81cb7cf4658abb5773669f5eb32 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Mon, 11 Feb 2019 15:27:17 +0100 Subject: nicer config for hel --- hel.nix | 62 ++++++++++++++++++++++++++++++++++++++------------------------ 1 file changed, 38 insertions(+), 24 deletions(-) diff --git a/hel.nix b/hel.nix index 5878f441..9d58f679 100644 --- a/hel.nix +++ b/hel.nix @@ -257,40 +257,54 @@ destination = []; relayHost = "uucp:ymir"; recipientDelimiter = "+"; - extraMasterConf = '' - uucp unix - n n - - pipe flags=Fqhu user=uucp argv=${config.security.wrapperDir}/uux -z -a $sender - $nexthop!rmail ($recipient) - sshsendmail unix - n n - - pipe flags=Fq user=postfix_ssh argv=${pkgs.openssh}/bin/ssh -F /var/db/postfix_ssh/ssh.config $nexthop sendmail -f $sender -G $recipient - ''; + masterConfig = { + uucp = { + type = "unix"; + private = true; + privileged = true; + chroot = false; + command = "pipe"; + args = [ "flags=Fqhu" "user=uucp" ''argv=${config.security.wrapperDir}/uux -z -a $sender - $nexthop!rmail ($recipient)'' ]; + }; + sshsendmail = { + type = "unix"; + private = true; + privileged = true; + chroot = false; + command = "pipe"; + args = [ "flags=Fq" "user=postfix_ssh" ''argv=argv=${pkgs.openssh}/bin/ssh -F /var/db/postfix_ssh/ssh.config $nexthop sendmail -f $sender -G $recipient'' ]; + }; + }; transport = '' odin.asgard.yggdrasil uucp:odin ''; - extraConfig = '' - always_bcc = gkleen+sent@odin.asgard.yggdrasil + config = { + always_bcc = "gkleen+sent@odin.asgard.yggdrasil"; - default_transport = uucp:ymir + default_transport = "uucp:ymir"; - inet_interfaces = loopback-only + inet_interfaces = "loopback-only"; - authorized_submit_users = !uucp, static:anyone - message_size_limit = 0 + authorized_submit_users = ["!uucp" "static:anyone"]; + message_size_limit = 0; - sender_dependent_default_transport_maps = regexp:${pkgs.writeText "sender_relay" '' + sender_dependent_default_transport_maps = ''regexp:${pkgs.writeText "sender_relay" '' /@math(ematik)?\.(lmu|uni-muenchen)\.de$/ sshsendmail:math60.mathinst.loc /@(cip|stud)\.ifi\.(lmu|uni-muenchen)\.de$/ smtp:smtp.ifi.lmu.de /@campus\.lmu\.de$/ smtp:postout.lrz.de - ''} - - smtp_sasl_auth_enable = yes - smtp_sender_dependent_authentication = yes - smtp_sasl_tls_security_options = noanonymous - smtp_tls_security_level = dane - smtp_sasl_password_maps = texthash:/var/db/postfix/sasl_passwd - smtp_cname_overrides_servername = no - smtp_always_send_ehlo = yes - - smtp_tls_loglevel = 1 - smtp_dns_support_level = dnssec - ''; + ''}''; + + smtp_sasl_auth_enable = true; + smtp_sender_dependent_authentication = true; + smtp_sasl_tls_security_options = "noanonymous"; + smtp_tls_security_level = "dane"; + smtp_sasl_password_maps = "texthash:/var/db/postfix/sasl_passwd"; + smtp_cname_overrides_servername = false; + smtp_always_send_ehlo = true; + + smtp_tls_loglevel = 1; + smtp_dns_support_level = "dnssec"; + }; }; printing = { -- cgit v1.2.3