From 9ec2fa795cc625e9510eb0fe7b7d34fc421066f3 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Wed, 23 Nov 2016 00:26:01 +0100 Subject: Allow gkleen access to ssl --- ymir.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index 424ca265..61744ff2 100644 --- a/ymir.nix +++ b/ymir.nix @@ -199,6 +199,7 @@ in rec { "nginx" "postfix" "murmur" + "gkleen" ]; }; -- cgit v1.2.3 From 7083e400227815ca1cd111a58ebe6a3237f4c3ee Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Wed, 23 Nov 2016 00:35:31 +0100 Subject: Allow obby through fw --- ymir.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index 61744ff2..b738c2ec 100644 --- a/ymir.nix +++ b/ymir.nix @@ -144,6 +144,7 @@ in rec { 9418 # git 64738 # murmur 53 # DNS + 6523 # Obby ]; allowedUDPPorts = [ 64738 # murmur 53 # DNS -- cgit v1.2.3 From e460fba86bb5169599b3911ffb495f92432aae10 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 24 Nov 2016 15:44:03 +0100 Subject: infinoted --- ymir.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index b738c2ec..e82d89ff 100644 --- a/ymir.nix +++ b/ymir.nix @@ -200,7 +200,7 @@ in rec { "nginx" "postfix" "murmur" - "gkleen" + "infinoted" ]; }; @@ -696,4 +696,11 @@ in rec { forward-addr: 10.141.1.1 ''; }; + + services.infinoted = { + enable = true; + keyFile = "/var/lib/acme/yggdrasil.li/key.pem"; + certificateFile = "/var/lib/acme/yggdrasil.li/fullchain.pem"; + passwordFile = "/var/lib/infinoted/password"; + }; } -- cgit v1.2.3 From 50254c4b86cfbb45cd8a697463026481ccb2e4a1 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 24 Nov 2016 18:01:21 +0100 Subject: infinoted: certificate-auth --- ymir.nix | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index e82d89ff..abd9eacd 100644 --- a/ymir.nix +++ b/ymir.nix @@ -702,5 +702,13 @@ in rec { keyFile = "/var/lib/acme/yggdrasil.li/key.pem"; certificateFile = "/var/lib/acme/yggdrasil.li/fullchain.pem"; passwordFile = "/var/lib/infinoted/password"; + plugins = [ "note-text" "note-chat" "logging" "autosave" "certificate-auth" ]; + extraConfig = '' + [certificate-auth] + ca-list=/var/lib/infinoted/ca.cert.pem + ca-key=/var/lib/infinoted/ca.key.pem + accept-unauthenticated-clients=false + super-user=/var/lib/infinoted/su.pem + ''; }; } -- cgit v1.2.3 From 58731c0f33fd85a2131f42b836821b8ffa0eb56b Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 24 Nov 2016 18:02:21 +0100 Subject: infinoted: autosave --- ymir.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index abd9eacd..cd21d765 100644 --- a/ymir.nix +++ b/ymir.nix @@ -709,6 +709,9 @@ in rec { ca-key=/var/lib/infinoted/ca.key.pem accept-unauthenticated-clients=false super-user=/var/lib/infinoted/su.pem + + [autosave] + interval=5 ''; }; } -- cgit v1.2.3 From 6d21bb76235b61a527c9c54e780f587dbcdafe72 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 24 Nov 2016 18:07:36 +0100 Subject: Custom version of libinfinity --- ymir.nix | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index cd21d765..0f12d1c3 100644 --- a/ymir.nix +++ b/ymir.nix @@ -114,6 +114,15 @@ in rec { printf "%s/%s/%s" "''${baseUrl}" "''${prefix}" "''${filename}" ''; + + libinfinity = pkgs.lib.overrideDerivation pkgs.libinfinity (oldAttrs: { + src = pkgs.fetchFromGitHub { + user = "gobby"; + repo = "libinfinity"; + rev = "6c461a34568d40dc1cfcaa6863817e70101873c8"; + sha256 = "1jz9m16aw01z2w1ba9jkq8vr9yyx9yxm63jl6k5vsbp5jdk4xh0l"; + }; + }); }; environment.systemPackages = with pkgs; [ -- cgit v1.2.3 From e534f94d7133d80a96cd854c0e7ea0d259226ec8 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 24 Nov 2016 18:08:53 +0100 Subject: Overridable --- ymir.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index 0f12d1c3..b649c911 100644 --- a/ymir.nix +++ b/ymir.nix @@ -115,14 +115,14 @@ in rec { printf "%s/%s/%s" "''${baseUrl}" "''${prefix}" "''${filename}" ''; - libinfinity = pkgs.lib.overrideDerivation pkgs.libinfinity (oldAttrs: { + libinfinity = pkgs.lib.makeOverridable (pkgs.lib.overrideDerivation pkgs.libinfinity (oldAttrs: { src = pkgs.fetchFromGitHub { user = "gobby"; repo = "libinfinity"; rev = "6c461a34568d40dc1cfcaa6863817e70101873c8"; sha256 = "1jz9m16aw01z2w1ba9jkq8vr9yyx9yxm63jl6k5vsbp5jdk4xh0l"; }; - }); + })); }; environment.systemPackages = with pkgs; [ -- cgit v1.2.3 From e25dbed6ca11ae277878f5c7a53c78e1c83dd4a3 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 24 Nov 2016 18:17:16 +0100 Subject: do argument override, too --- ymir.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index b649c911..ac9eec63 100644 --- a/ymir.nix +++ b/ymir.nix @@ -115,14 +115,14 @@ in rec { printf "%s/%s/%s" "''${baseUrl}" "''${prefix}" "''${filename}" ''; - libinfinity = pkgs.lib.makeOverridable (pkgs.lib.overrideDerivation pkgs.libinfinity (oldAttrs: { + libinfinity = pkgs.lib.overrideDerivation (pkgs.libinfinity.override { daemon = true; }) (oldAttrs: { src = pkgs.fetchFromGitHub { user = "gobby"; repo = "libinfinity"; rev = "6c461a34568d40dc1cfcaa6863817e70101873c8"; sha256 = "1jz9m16aw01z2w1ba9jkq8vr9yyx9yxm63jl6k5vsbp5jdk4xh0l"; }; - })); + }); }; environment.systemPackages = with pkgs; [ -- cgit v1.2.3 From 8cae84bac3dd91418588c61f7faf7cd09cab2ab3 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 24 Nov 2016 18:17:47 +0100 Subject: use proper package --- ymir.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index ac9eec63..28fccc31 100644 --- a/ymir.nix +++ b/ymir.nix @@ -708,6 +708,7 @@ in rec { services.infinoted = { enable = true; + package = pkgs.libinfinity; keyFile = "/var/lib/acme/yggdrasil.li/key.pem"; certificateFile = "/var/lib/acme/yggdrasil.li/fullchain.pem"; passwordFile = "/var/lib/infinoted/password"; -- cgit v1.2.3 From 52797afa123b420e48570c89ea45bb04d1908734 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 24 Nov 2016 18:18:50 +0100 Subject: Don't override package globally --- ymir.nix | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index 28fccc31..d40ac609 100644 --- a/ymir.nix +++ b/ymir.nix @@ -114,15 +114,6 @@ in rec { printf "%s/%s/%s" "''${baseUrl}" "''${prefix}" "''${filename}" ''; - - libinfinity = pkgs.lib.overrideDerivation (pkgs.libinfinity.override { daemon = true; }) (oldAttrs: { - src = pkgs.fetchFromGitHub { - user = "gobby"; - repo = "libinfinity"; - rev = "6c461a34568d40dc1cfcaa6863817e70101873c8"; - sha256 = "1jz9m16aw01z2w1ba9jkq8vr9yyx9yxm63jl6k5vsbp5jdk4xh0l"; - }; - }); }; environment.systemPackages = with pkgs; [ @@ -708,7 +699,14 @@ in rec { services.infinoted = { enable = true; - package = pkgs.libinfinity; + package = pkgs.lib.overrideDerivation (pkgs.libinfinity.override { daemon = true; }) (oldAttrs: { + src = pkgs.fetchFromGitHub { + user = "gobby"; + repo = "libinfinity"; + rev = "6c461a34568d40dc1cfcaa6863817e70101873c8"; + sha256 = "1jz9m16aw01z2w1ba9jkq8vr9yyx9yxm63jl6k5vsbp5jdk4xh0l"; + }; + }); keyFile = "/var/lib/acme/yggdrasil.li/key.pem"; certificateFile = "/var/lib/acme/yggdrasil.li/fullchain.pem"; passwordFile = "/var/lib/infinoted/password"; -- cgit v1.2.3 From a9a1d25d590eccfe432bfe1a924bf0a88044939e Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 24 Nov 2016 18:19:13 +0100 Subject: Use proper arguments --- ymir.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index d40ac609..424bddc0 100644 --- a/ymir.nix +++ b/ymir.nix @@ -701,7 +701,7 @@ in rec { enable = true; package = pkgs.lib.overrideDerivation (pkgs.libinfinity.override { daemon = true; }) (oldAttrs: { src = pkgs.fetchFromGitHub { - user = "gobby"; + owner = "gobby"; repo = "libinfinity"; rev = "6c461a34568d40dc1cfcaa6863817e70101873c8"; sha256 = "1jz9m16aw01z2w1ba9jkq8vr9yyx9yxm63jl6k5vsbp5jdk4xh0l"; -- cgit v1.2.3 From a1eda26312bcb3887c441dcfd150fe119d41748e Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 24 Nov 2016 18:22:12 +0100 Subject: fix hash --- ymir.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index 424bddc0..da0b6e4a 100644 --- a/ymir.nix +++ b/ymir.nix @@ -704,7 +704,7 @@ in rec { owner = "gobby"; repo = "libinfinity"; rev = "6c461a34568d40dc1cfcaa6863817e70101873c8"; - sha256 = "1jz9m16aw01z2w1ba9jkq8vr9yyx9yxm63jl6k5vsbp5jdk4xh0l"; + sha256 = "1039gkf84hqw0m3h3cllh1z6i0j2mjyd79yykz1baxv7ir3bwm3w"; }; }); keyFile = "/var/lib/acme/yggdrasil.li/key.pem"; -- cgit v1.2.3 From 19266fd2c05ec943c962482a932d083c1ca545ac Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 24 Nov 2016 18:25:30 +0100 Subject: Include autoconf --- ymir.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index da0b6e4a..39ddc531 100644 --- a/ymir.nix +++ b/ymir.nix @@ -706,6 +706,8 @@ in rec { rev = "6c461a34568d40dc1cfcaa6863817e70101873c8"; sha256 = "1039gkf84hqw0m3h3cllh1z6i0j2mjyd79yykz1baxv7ir3bwm3w"; }; + + buildInputs = [ pkgs.autoconf ]; }); keyFile = "/var/lib/acme/yggdrasil.li/key.pem"; certificateFile = "/var/lib/acme/yggdrasil.li/fullchain.pem"; -- cgit v1.2.3 From be4dbfb9ed8931c87350934f0a595fc82ba1e9bc Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 24 Nov 2016 18:27:23 +0100 Subject: autoreconfHook --- ymir.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index 39ddc531..7c7c5549 100644 --- a/ymir.nix +++ b/ymir.nix @@ -707,7 +707,7 @@ in rec { sha256 = "1039gkf84hqw0m3h3cllh1z6i0j2mjyd79yykz1baxv7ir3bwm3w"; }; - buildInputs = [ pkgs.autoconf ]; + nativeBuildInputs = [ pkgs.autoreconfHook ]; }); keyFile = "/var/lib/acme/yggdrasil.li/key.pem"; certificateFile = "/var/lib/acme/yggdrasil.li/fullchain.pem"; -- cgit v1.2.3 From 5a3934328228782396c9a32d5198cfa2e4a41ad0 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 24 Nov 2016 18:28:26 +0100 Subject: gettext --- ymir.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index 7c7c5549..b5ac1b03 100644 --- a/ymir.nix +++ b/ymir.nix @@ -707,7 +707,7 @@ in rec { sha256 = "1039gkf84hqw0m3h3cllh1z6i0j2mjyd79yykz1baxv7ir3bwm3w"; }; - nativeBuildInputs = [ pkgs.autoreconfHook ]; + nativeBuildInputs = [ pkgs.autoreconfHook pkgs.gettext ]; }); keyFile = "/var/lib/acme/yggdrasil.li/key.pem"; certificateFile = "/var/lib/acme/yggdrasil.li/fullchain.pem"; -- cgit v1.2.3 From 19fc263f9eba6ad3e847f2666e49a2f6755421b9 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 24 Nov 2016 18:33:35 +0100 Subject: move gettext to buildInputs --- ymir.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index b5ac1b03..c3b79a9c 100644 --- a/ymir.nix +++ b/ymir.nix @@ -707,7 +707,8 @@ in rec { sha256 = "1039gkf84hqw0m3h3cllh1z6i0j2mjyd79yykz1baxv7ir3bwm3w"; }; - nativeBuildInputs = [ pkgs.autoreconfHook pkgs.gettext ]; + buildInputs = [ pkgs.glib pkgs.gettext ]; + nativeBuildInputs = [ pkgs.autoreconfHook ]; }); keyFile = "/var/lib/acme/yggdrasil.li/key.pem"; certificateFile = "/var/lib/acme/yggdrasil.li/fullchain.pem"; -- cgit v1.2.3 From 4600cbc9abd90fc81a735a608ee3c7209430ef2d Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 24 Nov 2016 18:35:27 +0100 Subject: Build with gtk --- ymir.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index c3b79a9c..4bdc99df 100644 --- a/ymir.nix +++ b/ymir.nix @@ -707,7 +707,7 @@ in rec { sha256 = "1039gkf84hqw0m3h3cllh1z6i0j2mjyd79yykz1baxv7ir3bwm3w"; }; - buildInputs = [ pkgs.glib pkgs.gettext ]; + buildInputs = [ pkgs.gtk2 pkgs.gtkdoc pkgs.glib pkgs.gettext ]; nativeBuildInputs = [ pkgs.autoreconfHook ]; }); keyFile = "/var/lib/acme/yggdrasil.li/key.pem"; -- cgit v1.2.3 From 687507e1a6fb154dbd33b5f34a1722aecc0a3aa9 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 24 Nov 2016 18:36:30 +0100 Subject: locales --- ymir.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index 4bdc99df..2c823918 100644 --- a/ymir.nix +++ b/ymir.nix @@ -707,7 +707,7 @@ in rec { sha256 = "1039gkf84hqw0m3h3cllh1z6i0j2mjyd79yykz1baxv7ir3bwm3w"; }; - buildInputs = [ pkgs.gtk2 pkgs.gtkdoc pkgs.glib pkgs.gettext ]; + buildInputs = [ pkgs.gtk2 pkgs.glibcLocales pkgs.glib pkgs.gettext ]; nativeBuildInputs = [ pkgs.autoreconfHook ]; }); keyFile = "/var/lib/acme/yggdrasil.li/key.pem"; -- cgit v1.2.3 From 1eaa7fa47e7d871c39dc406326fd888aa855ac57 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 24 Nov 2016 18:40:59 +0100 Subject: stop trying to do su.pem --- ymir.nix | 12 ------------ 1 file changed, 12 deletions(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index 2c823918..629eff39 100644 --- a/ymir.nix +++ b/ymir.nix @@ -699,17 +699,6 @@ in rec { services.infinoted = { enable = true; - package = pkgs.lib.overrideDerivation (pkgs.libinfinity.override { daemon = true; }) (oldAttrs: { - src = pkgs.fetchFromGitHub { - owner = "gobby"; - repo = "libinfinity"; - rev = "6c461a34568d40dc1cfcaa6863817e70101873c8"; - sha256 = "1039gkf84hqw0m3h3cllh1z6i0j2mjyd79yykz1baxv7ir3bwm3w"; - }; - - buildInputs = [ pkgs.gtk2 pkgs.glibcLocales pkgs.glib pkgs.gettext ]; - nativeBuildInputs = [ pkgs.autoreconfHook ]; - }); keyFile = "/var/lib/acme/yggdrasil.li/key.pem"; certificateFile = "/var/lib/acme/yggdrasil.li/fullchain.pem"; passwordFile = "/var/lib/infinoted/password"; @@ -719,7 +708,6 @@ in rec { ca-list=/var/lib/infinoted/ca.cert.pem ca-key=/var/lib/infinoted/ca.key.pem accept-unauthenticated-clients=false - super-user=/var/lib/infinoted/su.pem [autosave] interval=5 -- cgit v1.2.3 From 058d4c81e08fcaa8b0cbba9cf1e47157711d977e Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 24 Nov 2016 18:48:56 +0100 Subject: allow unauthenticated clients --- ymir.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index 629eff39..c12ab21c 100644 --- a/ymir.nix +++ b/ymir.nix @@ -707,7 +707,7 @@ in rec { [certificate-auth] ca-list=/var/lib/infinoted/ca.cert.pem ca-key=/var/lib/infinoted/ca.key.pem - accept-unauthenticated-clients=false + accept-unauthenticated-clients=true [autosave] interval=5 -- cgit v1.2.3 From af95d5951d2448820ade0cc81da4577b72dcb096 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 24 Nov 2016 18:52:57 +0100 Subject: Revert "allow unauthenticated clients" This reverts commit 058d4c81e08fcaa8b0cbba9cf1e47157711d977e. --- ymir.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index c12ab21c..629eff39 100644 --- a/ymir.nix +++ b/ymir.nix @@ -707,7 +707,7 @@ in rec { [certificate-auth] ca-list=/var/lib/infinoted/ca.cert.pem ca-key=/var/lib/infinoted/ca.key.pem - accept-unauthenticated-clients=true + accept-unauthenticated-clients=false [autosave] interval=5 -- cgit v1.2.3 From ca61fd9bab584d1268df1094d2b8a54e4767e242 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 24 Nov 2016 18:53:08 +0100 Subject: infinoted: remove password --- ymir.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index 629eff39..82d47b50 100644 --- a/ymir.nix +++ b/ymir.nix @@ -701,7 +701,6 @@ in rec { enable = true; keyFile = "/var/lib/acme/yggdrasil.li/key.pem"; certificateFile = "/var/lib/acme/yggdrasil.li/fullchain.pem"; - passwordFile = "/var/lib/infinoted/password"; plugins = [ "note-text" "note-chat" "logging" "autosave" "certificate-auth" ]; extraConfig = '' [certificate-auth] -- cgit v1.2.3 From afc13d563478482a0f850c18f391cdff55f06d2b Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 24 Nov 2016 18:57:19 +0100 Subject: Revert "infinoted: remove password" This reverts commit ca61fd9bab584d1268df1094d2b8a54e4767e242. --- ymir.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index 82d47b50..629eff39 100644 --- a/ymir.nix +++ b/ymir.nix @@ -701,6 +701,7 @@ in rec { enable = true; keyFile = "/var/lib/acme/yggdrasil.li/key.pem"; certificateFile = "/var/lib/acme/yggdrasil.li/fullchain.pem"; + passwordFile = "/var/lib/infinoted/password"; plugins = [ "note-text" "note-chat" "logging" "autosave" "certificate-auth" ]; extraConfig = '' [certificate-auth] -- cgit v1.2.3 From 03e54f8e17964fe547eac873d77132fb0020f80a Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 24 Nov 2016 18:57:27 +0100 Subject: Revert "Revert "allow unauthenticated clients"" This reverts commit af95d5951d2448820ade0cc81da4577b72dcb096. --- ymir.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index 629eff39..c12ab21c 100644 --- a/ymir.nix +++ b/ymir.nix @@ -707,7 +707,7 @@ in rec { [certificate-auth] ca-list=/var/lib/infinoted/ca.cert.pem ca-key=/var/lib/infinoted/ca.key.pem - accept-unauthenticated-clients=false + accept-unauthenticated-clients=true [autosave] interval=5 -- cgit v1.2.3 From f5e2316fa5a7682250dc5291719c358010eeefa9 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 24 Nov 2016 19:01:55 +0100 Subject: Revert "Revert "infinoted: remove password"" This reverts commit afc13d563478482a0f850c18f391cdff55f06d2b. --- ymir.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index c12ab21c..aaf7103c 100644 --- a/ymir.nix +++ b/ymir.nix @@ -701,7 +701,6 @@ in rec { enable = true; keyFile = "/var/lib/acme/yggdrasil.li/key.pem"; certificateFile = "/var/lib/acme/yggdrasil.li/fullchain.pem"; - passwordFile = "/var/lib/infinoted/password"; plugins = [ "note-text" "note-chat" "logging" "autosave" "certificate-auth" ]; extraConfig = '' [certificate-auth] -- cgit v1.2.3 From f55aab3fdf7e00ad3674ce5452dfbcde05977ada Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 24 Nov 2016 19:02:14 +0100 Subject: Revert "Revert "Revert "allow unauthenticated clients""" This reverts commit 03e54f8e17964fe547eac873d77132fb0020f80a. --- ymir.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index aaf7103c..82d47b50 100644 --- a/ymir.nix +++ b/ymir.nix @@ -706,7 +706,7 @@ in rec { [certificate-auth] ca-list=/var/lib/infinoted/ca.cert.pem ca-key=/var/lib/infinoted/ca.key.pem - accept-unauthenticated-clients=true + accept-unauthenticated-clients=false [autosave] interval=5 -- cgit v1.2.3 From 33b2535ec5a522d7a2c86a36b7f7cc7ac5fe5a51 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 24 Nov 2016 23:28:59 +0100 Subject: Revert "Revert "Revert "Revert "allow unauthenticated clients"""" This reverts commit f55aab3fdf7e00ad3674ce5452dfbcde05977ada. --- ymir.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index 82d47b50..aaf7103c 100644 --- a/ymir.nix +++ b/ymir.nix @@ -706,7 +706,7 @@ in rec { [certificate-auth] ca-list=/var/lib/infinoted/ca.cert.pem ca-key=/var/lib/infinoted/ca.key.pem - accept-unauthenticated-clients=false + accept-unauthenticated-clients=true [autosave] interval=5 -- cgit v1.2.3 From 6662c39fa0390827c9d66da9e7bd3a6aaa206137 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Fri, 25 Nov 2016 15:31:08 +0100 Subject: Ymir: haveged --- ymir.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index aaf7103c..67455541 100644 --- a/ymir.nix +++ b/ymir.nix @@ -712,4 +712,8 @@ in rec { interval=5 ''; }; + + services.haveged = { + enable = true; + }; } -- cgit v1.2.3 From 17ebe527d099b026bb7eac699248f05fb24cae4c Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 1 Dec 2016 22:33:04 +0100 Subject: Allow sudo to mlmmj --- ymir.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index 67455541..c83771d4 100644 --- a/ymir.nix +++ b/ymir.nix @@ -606,7 +606,13 @@ in rec { group = "mlmmj"; }; - users.extraGroups."mlmmj" = {}; + users.extraGroups."mlmmj" = { + members = [ "gkleen" ]; + }; + + security.sudo.extraConfig = '' + %mlmmj ALL=(mlmmj) NOPASSWD: ALL + ''; security.acme = { certs = { -- cgit v1.2.3 From 2317f081606394f2230bc8c29c5306ee320256da Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 1 Dec 2016 22:33:36 +0100 Subject: Introduce more explicit group for mlmmj --- ymir.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index c83771d4..e46971f2 100644 --- a/ymir.nix +++ b/ymir.nix @@ -606,12 +606,14 @@ in rec { group = "mlmmj"; }; - users.extraGroups."mlmmj" = { + users.extraGroups."mlmmj" = {}; + + users.extraGroups."mladmin" = { members = [ "gkleen" ]; }; security.sudo.extraConfig = '' - %mlmmj ALL=(mlmmj) NOPASSWD: ALL + %mladmin ALL=(mlmmj) NOPASSWD: ALL ''; security.acme = { -- cgit v1.2.3 From 9381fa59a26ec1a4206808b444d3882fe8afe25e Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 1 Dec 2016 22:36:45 +0100 Subject: allow newgrp --- ymir.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index e46971f2..ad711c13 100644 --- a/ymir.nix +++ b/ymir.nix @@ -616,6 +616,8 @@ in rec { %mladmin ALL=(mlmmj) NOPASSWD: ALL ''; + security.setuidPrograms = [ "newgrp" ]; + security.acme = { certs = { "yggdrasil.li" = { -- cgit v1.2.3 From 0946461193d7264c897af3332e15cb73eb4f1c8f Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Fri, 2 Dec 2016 23:29:50 +0100 Subject: Framework for git-sync --- ymir.nix | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index ad711c13..e8837dcd 100644 --- a/ymir.nix +++ b/ymir.nix @@ -711,7 +711,7 @@ in rec { enable = true; keyFile = "/var/lib/acme/yggdrasil.li/key.pem"; certificateFile = "/var/lib/acme/yggdrasil.li/fullchain.pem"; - plugins = [ "note-text" "note-chat" "logging" "autosave" "certificate-auth" ]; + plugins = [ "note-text" "note-chat" "logging" "autosave" "certificate-auth" "directory-sync" ]; extraConfig = '' [certificate-auth] ca-list=/var/lib/infinoted/ca.cert.pem @@ -720,9 +720,19 @@ in rec { [autosave] interval=5 + + [directory-sync] + directory=/var/lib/infinoted/dirsync + interval=5 + hook=/var/lib/infinoted/git-sync.sh ''; }; + users.extraUsers."infinoted" = { + home = "/var/lib/infinoted"; + createHome = true; + }; + services.haveged = { enable = true; }; -- cgit v1.2.3 From 5e1a5c38e7ac0e38302435cec47145f804554748 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sat, 3 Dec 2016 01:00:36 +0100 Subject: Allow gitolite to control infinoted --- ymir.nix | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index e8837dcd..83fa823f 100644 --- a/ymir.nix +++ b/ymir.nix @@ -611,11 +611,30 @@ in rec { users.extraGroups."mladmin" = { members = [ "gkleen" ]; }; + + users.extraGroups."infinoted" = { + members = [ "infinoted gitolite" ]; + }; security.sudo.extraConfig = '' %mladmin ALL=(mlmmj) NOPASSWD: ALL + %infinoted ALL=(infinoted) NOPASSWD: ALL ''; + security.polkit = { + enable = true; + extraConfig = '' + polkit.addRule(function(action, subject) { + if ( action.id == "org.freedesktop.systemd1.manage-units" + && action.lookup("unit") == "infinoted.service" + && subject.isInGroup("infinoted") + ) { + return polkit.Result.YES; + } + }); + ''; + }; + security.setuidPrograms = [ "newgrp" ]; security.acme = { -- cgit v1.2.3 From c37c0bd0f92d34d36de1c288e765c5f2d3b08551 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sat, 3 Dec 2016 01:12:47 +0100 Subject: fix syntax screw up --- ymir.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index 83fa823f..f5a1c071 100644 --- a/ymir.nix +++ b/ymir.nix @@ -613,7 +613,7 @@ in rec { }; users.extraGroups."infinoted" = { - members = [ "infinoted gitolite" ]; + members = [ "infinoted" "gitolite" ]; }; security.sudo.extraConfig = '' -- cgit v1.2.3 From 0cf390264454ff12b1abe63f720658890a6f7c17 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sun, 1 Jan 2017 14:58:35 +0100 Subject: -lmu.li --- ymir.nix | 2 -- 1 file changed, 2 deletions(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index f5a1c071..6fffb856 100644 --- a/ymir.nix +++ b/ymir.nix @@ -15,7 +15,6 @@ let }; myDomains = ["dirty-haskell.org" "www.dirty-haskell.org" "lists.dirty-haskell.org" "l.dirty-haskell.org" "files.141.li" "f.141.li" "ymir.141.li" "141.li" "www.141.li" "lists.141.li" "l.141.li" - "files.lmu.li" "f.lmu.li" "ymir.lmu.li" "lmu.li" "www.lmu.li" "lists.lmu.li" "l.lmu.li" "ymir.xmpp.li" "xmpp.li" "www.xmpp.li" "lists.xmpp.li" "l.xmpp.li" "files.yggdrasil.li" "f.yggdrasil.li" "ymir.yggdrasil.li" "git.yggdrasil.li" "www.yggdrasil.li" "yggdrasil.li" "lists.yggdrasil.li" "l.yggdrasil.li" "files.praseodym.org" "f.praseodym.org" "ymir.praseodym.org" "praseodym.org" "www.praseodym.org" "lists.praseodym.org" "l.praseodym.org" @@ -358,7 +357,6 @@ in rec { /\.?141\.li$/ ACCEPT /\.?xmpp\.li$/ ACCEPT /\.?dirty-haskell\.org$/ ACCEPT - /\.?lmu\.li$/ ACCEPT /\.?yggdrasil$/ ACCEPT /\.?localdomain$/ ACCEPT /^localhost$/ ACCEPT -- cgit v1.2.3 From 54f859ea6260270cb5ed1dec159087da58a02d96 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Mon, 2 Jan 2017 14:10:14 +0100 Subject: Replace reverse dns check with greylisting --- ymir.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index 6fffb856..ef56d98e 100644 --- a/ymir.nix +++ b/ymir.nix @@ -426,7 +426,6 @@ in rec { permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, - reject_unknown_reverse_client_hostname, reject_unauth_destination, check_client_access regexp:${pkgs.writeText "spfpolicy" '' /(^|\.)tu-muenchen\.de$/ DUNNO @@ -444,7 +443,8 @@ in rec { ''} smtpd_restriction_classes = spfcheck spfcheck = - check_policy_service unix:private/policy-spf + check_policy_service unix:private/policy-spf, + check_policy_service unix:/var/run/postgrey.sock smtpd_relay_restrictions = permit_mynetworks, @@ -532,6 +532,10 @@ in rec { ''; }; + services.postgrey = { + enable = true; + }; + services.dovecot2 = { enable = true; enableImap = true; -- cgit v1.2.3 From 8f54cc7fffc25fe580a22b2f42d9e24b2feb3717 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Mon, 2 Jan 2017 15:53:53 +0100 Subject: Tighten greylisting timers --- ymir.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index ef56d98e..5e611699 100644 --- a/ymir.nix +++ b/ymir.nix @@ -534,6 +534,9 @@ in rec { services.postgrey = { enable = true; + delay = 60; + autoWhitelist = 1; + maxAge = 7; }; services.dovecot2 = { -- cgit v1.2.3 From 3d7744b7f018b69f78d725ceb583a164d512fcc7 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Mon, 2 Jan 2017 16:14:40 +0100 Subject: Move postgrey socket to more standard location --- ymir.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index 5e611699..44b7c3e8 100644 --- a/ymir.nix +++ b/ymir.nix @@ -444,7 +444,7 @@ in rec { smtpd_restriction_classes = spfcheck spfcheck = check_policy_service unix:private/policy-spf, - check_policy_service unix:/var/run/postgrey.sock + check_policy_service unix:private/policy-greylist smtpd_relay_restrictions = permit_mynetworks, @@ -534,6 +534,10 @@ in rec { services.postgrey = { enable = true; + socket = { + path = "/var/lib/postfix/queue/private/policy-greylist"; + mode = "0777"; + }; delay = 60; autoWhitelist = 1; maxAge = 7; -- cgit v1.2.3 From 3d9cbfd244aa77f7bb009fdab2563dd06eab61b8 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Mon, 2 Jan 2017 18:33:29 +0100 Subject: Tighten postgrey retry window --- ymir.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index 44b7c3e8..b9e76c00 100644 --- a/ymir.nix +++ b/ymir.nix @@ -541,6 +541,7 @@ in rec { delay = 60; autoWhitelist = 1; maxAge = 7; + retryWindow = "1h"; }; services.dovecot2 = { -- cgit v1.2.3 From 4a30893233245d29a5478e2dd53f95da684147ab Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Mon, 2 Jan 2017 22:25:52 +0100 Subject: We don't receive mails claiming to be from us from the internet --- ymir.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index b9e76c00..c2ad2574 100644 --- a/ymir.nix +++ b/ymir.nix @@ -424,6 +424,7 @@ in rec { reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, + reject_unauthenticated_sender_login_mismatch, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, reject_unauth_destination, -- cgit v1.2.3 From c302d1eef4bdd3ddb745303e71b5e0804ad147a4 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Tue, 3 Jan 2017 15:15:06 +0100 Subject: Revert "We don't receive mails claiming to be from us from the internet" This reverts commit 4a30893233245d29a5478e2dd53f95da684147ab. --- ymir.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index c2ad2574..b9e76c00 100644 --- a/ymir.nix +++ b/ymir.nix @@ -424,7 +424,6 @@ in rec { reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, - reject_unauthenticated_sender_login_mismatch, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, reject_unauth_destination, -- cgit v1.2.3 From 304e007de947298c38ca9e1140c8bed358316ebf Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Fri, 6 Jan 2017 15:37:36 +0100 Subject: Extend retry window to 1 day --- ymir.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index b9e76c00..8ce9eb8d 100644 --- a/ymir.nix +++ b/ymir.nix @@ -541,7 +541,7 @@ in rec { delay = 60; autoWhitelist = 1; maxAge = 7; - retryWindow = "1h"; + retryWindow = 1; }; services.dovecot2 = { -- cgit v1.2.3 From 1e99c43db12a5e3f5c9827d650af2f92a2f21138 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 26 Jan 2017 23:57:18 +0100 Subject: Always greylist --- ymir.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index 8ce9eb8d..1cbd2301 100644 --- a/ymir.nix +++ b/ymir.nix @@ -440,11 +440,11 @@ in rec { /(^|\.)mhn\.de$/ DUNNO /(^|\.)mwn\.de$/ DUNNO /.*/ spfcheck - ''} + ''}, + check_policy_service unix:private/policy-greylist smtpd_restriction_classes = spfcheck spfcheck = - check_policy_service unix:private/policy-spf, - check_policy_service unix:private/policy-greylist + check_policy_service unix:private/policy-spf smtpd_relay_restrictions = permit_mynetworks, -- cgit v1.2.3 From d0826674392367533712e94fd7ea26bb7b2c708a Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 26 Jan 2017 23:59:51 +0100 Subject: TLS for kleen.li --- ymir.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index 1cbd2301..beef1a7a 100644 --- a/ymir.nix +++ b/ymir.nix @@ -18,6 +18,7 @@ let "ymir.xmpp.li" "xmpp.li" "www.xmpp.li" "lists.xmpp.li" "l.xmpp.li" "files.yggdrasil.li" "f.yggdrasil.li" "ymir.yggdrasil.li" "git.yggdrasil.li" "www.yggdrasil.li" "yggdrasil.li" "lists.yggdrasil.li" "l.yggdrasil.li" "files.praseodym.org" "f.praseodym.org" "ymir.praseodym.org" "praseodym.org" "www.praseodym.org" "lists.praseodym.org" "l.praseodym.org" + "ymir.kleen.li" "kleen.li" "www.kleen.li" ]; in rec { imports = -- cgit v1.2.3 From 6f04e7acd4572b92911c60588bdba453037e830b Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Fri, 27 Jan 2017 00:02:08 +0100 Subject: Email for kleen.li --- ymir.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index beef1a7a..b4969f5a 100644 --- a/ymir.nix +++ b/ymir.nix @@ -357,6 +357,7 @@ in rec { /\.?praseodym\.org$/ ACCEPT /\.?141\.li$/ ACCEPT /\.?xmpp\.li$/ ACCEPT + /\.?kleen\.li$/ ACCEPT /\.?dirty-haskell\.org$/ ACCEPT /\.?yggdrasil$/ ACCEPT /\.?localdomain$/ ACCEPT @@ -495,6 +496,7 @@ in rec { ".praseodym.org" "praseodym.org" ".141.li" "141.li" ".xmpp.li" "xmpp.li" + ".kleen.li" "kleen.li" ".lmu.li" "lmu.li" ".dirty-haskell.org" "dirty-haskell.org" ]; -- cgit v1.2.3 From 5cc169a20d2a7524c6d4cdb6960c44f5e423a6ab Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Fri, 27 Jan 2017 00:32:11 +0100 Subject: Fix prosody location --- ymir.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index b4969f5a..81357bc6 100644 --- a/ymir.nix +++ b/ymir.nix @@ -660,7 +660,7 @@ in rec { extraDomains = builtins.listToAttrs (builtins.map (name: { inherit name; value = "/srv/www/acme/${name}"; }) myDomains); postRun = '' systemctl reload nginx.service - prosodyctl reload + ${pkgs.prosody}/bin/prosodyctl reload ''; }; }; -- cgit v1.2.3 From 5ca14bd4b643ffba6be3fcb93af436462e9b982e Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Fri, 27 Jan 2017 00:56:26 +0100 Subject: nights.email --- ymir.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index 81357bc6..0293578e 100644 --- a/ymir.nix +++ b/ymir.nix @@ -19,6 +19,7 @@ let "files.yggdrasil.li" "f.yggdrasil.li" "ymir.yggdrasil.li" "git.yggdrasil.li" "www.yggdrasil.li" "yggdrasil.li" "lists.yggdrasil.li" "l.yggdrasil.li" "files.praseodym.org" "f.praseodym.org" "ymir.praseodym.org" "praseodym.org" "www.praseodym.org" "lists.praseodym.org" "l.praseodym.org" "ymir.kleen.li" "kleen.li" "www.kleen.li" + "ymir.nights.email" "nights.email" "www.nights.email" ]; in rec { imports = @@ -238,7 +239,7 @@ in rec { ''; virtualHosts = builtins.listToAttrs (map (name: { inherit name; value = prosodyVirtHost name; }) - ["xmpp.li" "yggdrasil.li" "praseodym.org" "141.li"]); + ["xmpp.li" "yggdrasil.li" "praseodym.org" "141.li" "nights.email"]); }; security.pam.services."xmpp".text = '' auth requisite pam_succeed_if.so user ingroup xmpp @@ -359,6 +360,7 @@ in rec { /\.?xmpp\.li$/ ACCEPT /\.?kleen\.li$/ ACCEPT /\.?dirty-haskell\.org$/ ACCEPT + /\.?nights\.email$/ ACCEPT /\.?yggdrasil$/ ACCEPT /\.?localdomain$/ ACCEPT /^localhost$/ ACCEPT @@ -497,6 +499,7 @@ in rec { ".141.li" "141.li" ".xmpp.li" "xmpp.li" ".kleen.li" "kleen.li" + ".nights.email" "nights.email" ".lmu.li" "lmu.li" ".dirty-haskell.org" "dirty-haskell.org" ]; -- cgit v1.2.3 From f9a02d2a343ddfe04416721e41b45bb8cec305fd Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Fri, 27 Jan 2017 17:00:23 +0100 Subject: Virtual aliases --- ymir.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index 0293578e..518053a7 100644 --- a/ymir.nix +++ b/ymir.nix @@ -467,9 +467,24 @@ in rec { alias_maps = texthash:${pkgs.writeText "aliases" '' postmaster gkleen + webmaster gkleen + abuse gkleen + noc gkleen + security gkleen + hostmaster gkleen + usenet gkleen + news gkleen + www gkleen + uucp gkleen + ftp gkleen root gkleen ''} texthash:/srv/mail/spm + virtual_alias_maps = texthash:${pkgs.writeText "virtual_aliases" '' + nights.email x + @nights.email some@nights.email + ''} + queue_run_delay = 10s minimal_backoff_time = 1m maximal_backoff_time = 10m -- cgit v1.2.3 From ce9cf6171f9c464df915e98717531562c6766eaf Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Fri, 27 Jan 2017 17:02:15 +0100 Subject: Move virtual to correct location --- ymir.nix | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index 518053a7..033fc0b9 100644 --- a/ymir.nix +++ b/ymir.nix @@ -351,6 +351,8 @@ in rec { postmasterAlias = ""; rootAlias = ""; extraAliases = ""; virtual = '' blog@dirty-haskell.org dirty-haskell@lists.yggdrasil.li + nights.email x + @nights.email some@nights.email ''; #destination = ["yggdrasil.li" "ymir.yggdrasil.li" "praseodym.org" "ymir.praseodym.org" "141.li" "ymir.141.li" "xmpp.li" "ymir.xmpp.li" "dirty-haskell.org" "explainuxul.de" "www.explainuxul.de" "lmu.li" "www.lmu.li" "localhost.yggdrasil.li" "localhost"]; destination = [''regexp:${pkgs.writeText "destination" '' @@ -480,11 +482,6 @@ in rec { root gkleen ''} texthash:/srv/mail/spm - virtual_alias_maps = texthash:${pkgs.writeText "virtual_aliases" '' - nights.email x - @nights.email some@nights.email - ''} - queue_run_delay = 10s minimal_backoff_time = 1m maximal_backoff_time = 10m -- cgit v1.2.3 From 2c7682355532cb84a41f7db6ab5bcc1da028f8bc Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sat, 28 Jan 2017 13:35:21 +0100 Subject: Remove nights.email (in general) from virtual --- ymir.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index 033fc0b9..ded8d077 100644 --- a/ymir.nix +++ b/ymir.nix @@ -351,7 +351,6 @@ in rec { postmasterAlias = ""; rootAlias = ""; extraAliases = ""; virtual = '' blog@dirty-haskell.org dirty-haskell@lists.yggdrasil.li - nights.email x @nights.email some@nights.email ''; #destination = ["yggdrasil.li" "ymir.yggdrasil.li" "praseodym.org" "ymir.praseodym.org" "141.li" "ymir.141.li" "xmpp.li" "ymir.xmpp.li" "dirty-haskell.org" "explainuxul.de" "www.explainuxul.de" "lmu.li" "www.lmu.li" "localhost.yggdrasil.li" "localhost"]; -- cgit v1.2.3 From 58c85daa6a37e2f9a8625181140e3b033de2088b Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Wed, 8 Feb 2017 14:23:19 +0100 Subject: Disable greylisting --- ymir.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index ded8d077..4190efb9 100644 --- a/ymir.nix +++ b/ymir.nix @@ -445,8 +445,7 @@ in rec { /(^|\.)mhn\.de$/ DUNNO /(^|\.)mwn\.de$/ DUNNO /.*/ spfcheck - ''}, - check_policy_service unix:private/policy-greylist + ''} smtpd_restriction_classes = spfcheck spfcheck = check_policy_service unix:private/policy-spf -- cgit v1.2.3 From 7382aad9c3ed764bd56700ca2e9879a6fc6692d7 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sun, 12 Feb 2017 22:49:55 +0100 Subject: Additional prosody modules --- ymir.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index 4190efb9..1afd9dbf 100644 --- a/ymir.nix +++ b/ymir.nix @@ -222,6 +222,10 @@ in rec { "auth_custom" "carbons" "reload_modules" + "smacks" + "csi" + "csi_pump" + "cloud_notify" ]; extraConfig = '' reload_modules = { "group", "tls" } -- cgit v1.2.3 From d06d3dbb18c7020a59e9b75b824f1a39c93e4903 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sun, 12 Feb 2017 23:13:44 +0100 Subject: Do last commit properly --- ymir.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index 1afd9dbf..a57edeb6 100644 --- a/ymir.nix +++ b/ymir.nix @@ -48,7 +48,8 @@ in rec { nixpkgs.config.packageOverrides = pkgs: rec { prosody = pkgs.callPackage ./customized/prosody.nix ({ - inherit (pkgs.lua51Packages) luasocket luasec luaexpat luafilesystem luabitop luaevent luazlib; + inherit (pkgs.lua51Packages) luasocket luaexpat luafilesystem luabitop luaevent luazlib; + luasec = pkgs.lua5_sec; lua5 = pkgs.lua5_1; communityModules = ["mod_carbons" "mod_reload_modules"]; extraModules = [prosodyAuth]; -- cgit v1.2.3 From c72a8c62b5cc02ef3a362fb486046b04122e3d03 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sun, 12 Feb 2017 23:21:02 +0100 Subject: Integrate lua5_sec deeper --- ymir.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index a57edeb6..ecc14a44 100644 --- a/ymir.nix +++ b/ymir.nix @@ -48,13 +48,13 @@ in rec { nixpkgs.config.packageOverrides = pkgs: rec { prosody = pkgs.callPackage ./customized/prosody.nix ({ - inherit (pkgs.lua51Packages) luasocket luaexpat luafilesystem luabitop luaevent luazlib; - luasec = pkgs.lua5_sec; + inherit (pkgs.lua51Packages) luasocket luasec luaexpat luafilesystem luabitop luaevent luazlib; lua5 = pkgs.lua5_1; communityModules = ["mod_carbons" "mod_reload_modules"]; extraModules = [prosodyAuth]; extraLibs = [luaPam luaPosix luaSha2]; }); + lua51Packages = lua51Packages \\ { luasec = pkgs.lua5_sec; }; uwsgi = pkgs.callPackage ./customized/uwsgi.nix { extraPlugins = { cgi = { -- cgit v1.2.3 From 1bb2403068c88d1df2f728ea43f74c91b178c1ee Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sun, 12 Feb 2017 23:22:00 +0100 Subject: ditto --- ymir.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index ecc14a44..309ebdb3 100644 --- a/ymir.nix +++ b/ymir.nix @@ -48,13 +48,13 @@ in rec { nixpkgs.config.packageOverrides = pkgs: rec { prosody = pkgs.callPackage ./customized/prosody.nix ({ - inherit (pkgs.lua51Packages) luasocket luasec luaexpat luafilesystem luabitop luaevent luazlib; + inherit (lua51Packages) luasocket luasec luaexpat luafilesystem luabitop luaevent luazlib; lua5 = pkgs.lua5_1; communityModules = ["mod_carbons" "mod_reload_modules"]; extraModules = [prosodyAuth]; extraLibs = [luaPam luaPosix luaSha2]; }); - lua51Packages = lua51Packages \\ { luasec = pkgs.lua5_sec; }; + lua51Packages = pkgs.lua51Packages // { luasec = pkgs.lua5_sec; }; uwsgi = pkgs.callPackage ./customized/uwsgi.nix { extraPlugins = { cgi = { -- cgit v1.2.3 From 97c83f6733817691c02dbb8bed8b884c401283fd Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sun, 12 Feb 2017 23:22:53 +0100 Subject: Revert "ditto" This reverts commit 1bb2403068c88d1df2f728ea43f74c91b178c1ee. --- ymir.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index 309ebdb3..ecc14a44 100644 --- a/ymir.nix +++ b/ymir.nix @@ -48,13 +48,13 @@ in rec { nixpkgs.config.packageOverrides = pkgs: rec { prosody = pkgs.callPackage ./customized/prosody.nix ({ - inherit (lua51Packages) luasocket luasec luaexpat luafilesystem luabitop luaevent luazlib; + inherit (pkgs.lua51Packages) luasocket luasec luaexpat luafilesystem luabitop luaevent luazlib; lua5 = pkgs.lua5_1; communityModules = ["mod_carbons" "mod_reload_modules"]; extraModules = [prosodyAuth]; extraLibs = [luaPam luaPosix luaSha2]; }); - lua51Packages = pkgs.lua51Packages // { luasec = pkgs.lua5_sec; }; + lua51Packages = lua51Packages \\ { luasec = pkgs.lua5_sec; }; uwsgi = pkgs.callPackage ./customized/uwsgi.nix { extraPlugins = { cgi = { -- cgit v1.2.3 From e53c05f347749e95ed443443d3fc0ee35fee504b Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sun, 12 Feb 2017 23:22:57 +0100 Subject: Revert "Integrate lua5_sec deeper" This reverts commit c72a8c62b5cc02ef3a362fb486046b04122e3d03. --- ymir.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index ecc14a44..a57edeb6 100644 --- a/ymir.nix +++ b/ymir.nix @@ -48,13 +48,13 @@ in rec { nixpkgs.config.packageOverrides = pkgs: rec { prosody = pkgs.callPackage ./customized/prosody.nix ({ - inherit (pkgs.lua51Packages) luasocket luasec luaexpat luafilesystem luabitop luaevent luazlib; + inherit (pkgs.lua51Packages) luasocket luaexpat luafilesystem luabitop luaevent luazlib; + luasec = pkgs.lua5_sec; lua5 = pkgs.lua5_1; communityModules = ["mod_carbons" "mod_reload_modules"]; extraModules = [prosodyAuth]; extraLibs = [luaPam luaPosix luaSha2]; }); - lua51Packages = lua51Packages \\ { luasec = pkgs.lua5_sec; }; uwsgi = pkgs.callPackage ./customized/uwsgi.nix { extraPlugins = { cgi = { -- cgit v1.2.3 From be684493efb788be9dea9b622d78a4295188e2e7 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sun, 12 Feb 2017 23:24:08 +0100 Subject: Compile luasec with lua5.1 --- ymir.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index a57edeb6..2b7b0ffb 100644 --- a/ymir.nix +++ b/ymir.nix @@ -55,6 +55,7 @@ in rec { extraModules = [prosodyAuth]; extraLibs = [luaPam luaPosix luaSha2]; }); + lua5_sec = pkgs.lua5_sec.override { lua5 = pkgs.lua5_1; }; uwsgi = pkgs.callPackage ./customized/uwsgi.nix { extraPlugins = { cgi = { -- cgit v1.2.3 From 9b3e00078064ea6d71668daac5bf164922e988ee Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sun, 12 Feb 2017 23:25:34 +0100 Subject: Use proper luasec version, too --- ymir.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index 2b7b0ffb..0fc04a10 100644 --- a/ymir.nix +++ b/ymir.nix @@ -49,7 +49,7 @@ in rec { rec { prosody = pkgs.callPackage ./customized/prosody.nix ({ inherit (pkgs.lua51Packages) luasocket luaexpat luafilesystem luabitop luaevent luazlib; - luasec = pkgs.lua5_sec; + luasec = lua5_sec; lua5 = pkgs.lua5_1; communityModules = ["mod_carbons" "mod_reload_modules"]; extraModules = [prosodyAuth]; -- cgit v1.2.3 From 3c4e505ff4b7cdbe7f52b663ad37cbdf8bbb84f2 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sun, 12 Feb 2017 23:27:17 +0100 Subject: Copy additional community modules into place --- ymir.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index 0fc04a10..f2e1da7e 100644 --- a/ymir.nix +++ b/ymir.nix @@ -51,7 +51,7 @@ in rec { inherit (pkgs.lua51Packages) luasocket luaexpat luafilesystem luabitop luaevent luazlib; luasec = lua5_sec; lua5 = pkgs.lua5_1; - communityModules = ["mod_carbons" "mod_reload_modules"]; + communityModules = ["mod_carbons" "mod_reload_modules" "mod_csi" "mod_cloud_notify" "mod_csi_pump" "mod_smacks"]; extraModules = [prosodyAuth]; extraLibs = [luaPam luaPosix luaSha2]; }); -- cgit v1.2.3 From dbb20f11069af3c302de02f122dd3f54535068a4 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sun, 12 Feb 2017 23:34:33 +0100 Subject: Fix dependency issue --- ymir.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index f2e1da7e..f44260cd 100644 --- a/ymir.nix +++ b/ymir.nix @@ -51,7 +51,7 @@ in rec { inherit (pkgs.lua51Packages) luasocket luaexpat luafilesystem luabitop luaevent luazlib; luasec = lua5_sec; lua5 = pkgs.lua5_1; - communityModules = ["mod_carbons" "mod_reload_modules" "mod_csi" "mod_cloud_notify" "mod_csi_pump" "mod_smacks"]; + communityModules = ["mod_carbons" "mod_reload_modules" "mod_csi" "mod_cloud_notify" "mod_csi_pump" "mod_smacks" "mod_track_muc_joins"]; extraModules = [prosodyAuth]; extraLibs = [luaPam luaPosix luaSha2]; }); -- cgit v1.2.3 From 0bf7868f3a34156fbc2222092246d4420379ad98 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Mon, 20 Feb 2017 01:54:55 +0100 Subject: Wrappers on ymir --- ymir.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index f44260cd..b276adbf 100644 --- a/ymir.nix +++ b/ymir.nix @@ -667,7 +667,7 @@ in rec { ''; }; - security.setuidPrograms = [ "newgrp" ]; + security.wrappers = { "newgrp".source = "${pkgs.shadow}/bin/newgrp"; }; security.acme = { certs = { -- cgit v1.2.3 From 74910038136583c57eb7bda7ae00485f226f76e1 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Mon, 20 Feb 2017 21:47:07 +0100 Subject: Accept mail for all local addresses --- ymir.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index b276adbf..a6967749 100644 --- a/ymir.nix +++ b/ymir.nix @@ -407,6 +407,8 @@ in rec { /@subs?\.(lists?|l)\./ mlmmj-subs: ''} regexp:/srv/mail/transport pipemap:{texthash:/srv/mail/discard,static:{discard:}} + local_recipient_maps = + luser_relay = gkleen+''${local} # 10 GiB -- cgit v1.2.3 From 2d7616fb3070fc5aeb2b3f5cc7082dcf21714a6f Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Mon, 20 Feb 2017 22:39:19 +0100 Subject: Fix setuid-wrappers path --- ymir.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index a6967749..5dfa265e 100644 --- a/ymir.nix +++ b/ymir.nix @@ -500,7 +500,7 @@ in rec { recipient_canonical_classes= envelope_recipient,header_recipient ''; extraMasterConf = '' - uucp unix - n n - - pipe flags=Fqhu user=uucp argv=/var/setuid-wrappers/uux -z -a $sender - $nexthop!rmail ($recipient) + uucp unix - n n - - pipe flags=Fqhu user=uucp argv=${config.security.wrapperDir}/uux -z -a $sender - $nexthop!rmail ($recipient) mlmmj unix - n n - - pipe flags=ORhu user=mlmmj argv=${pkgs.mlmmj}/bin/mlmmj-receive -F -L /var/spool/lists/''${user} mlmmj-subs unix - n n - - pipe flags=ORhu user=mlmmj argv=${pkgs.mlmmj-exposed}/bin/mlmmj-exposed /var/spool/lists/''${user} ''${extension} policy-spf unix - n n - - spawn user=nobody argv=${pkgs.pythonPackages.pypolicyd-spf}/bin/policyd-spf ${./ymir/spf.conf} @@ -551,7 +551,7 @@ in rec { selector = "ymir"; configFile = builtins.toFile "opendkim.conf" '' Syslog true - MTACommand /var/setuid-wrappers/sendmail + MTACommand ${config.security.wrapperDir}/sendmail LogResults true ''; }; @@ -692,8 +692,8 @@ in rec { nodeName = "ymir"; remoteNodes = ["isaac" "hel"]; # legacy name for odin sshUser = { - openssh.authorizedKeys.keys = [ ''no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/var/setuid-wrappers/uucico" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgtDHA7oDIaRwggGGznNaKZF68rFTziqefSCn1t9ZKe uucp@odin'' - ''no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/var/setuid-wrappers/uucico" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOWBybBQKbPucqBgULQ1phv7IKFWl1Xc4drkCx3D5mIz uucp@hel'' + openssh.authorizedKeys.keys = [ ''no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="${config.security.wrapperDir}/uucico" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgtDHA7oDIaRwggGGznNaKZF68rFTziqefSCn1t9ZKe uucp@odin'' + ''no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="${config.security.wrapperDir}/uucico" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOWBybBQKbPucqBgULQ1phv7IKFWl1Xc4drkCx3D5mIz uucp@hel'' ]; }; sshConfig = '' -- cgit v1.2.3 From 3be2bc7caa2a524a2e2f713af304b4b9647db34a Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Wed, 22 Feb 2017 15:21:15 +0100 Subject: Potential to log email --- ymir.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index 5dfa265e..3f4fd496 100644 --- a/ymir.nix +++ b/ymir.nix @@ -504,6 +504,17 @@ in rec { mlmmj unix - n n - - pipe flags=ORhu user=mlmmj argv=${pkgs.mlmmj}/bin/mlmmj-receive -F -L /var/spool/lists/''${user} mlmmj-subs unix - n n - - pipe flags=ORhu user=mlmmj argv=${pkgs.mlmmj-exposed}/bin/mlmmj-exposed /var/spool/lists/''${user} ''${extension} policy-spf unix - n n - - spawn user=nobody argv=${pkgs.pythonPackages.pypolicyd-spf}/bin/policyd-spf ${./ymir/spf.conf} + logEmail unix - n n - 10 pipe flags=Rq user=postfix null_sender= argv=${pkgs.writeScript "logEmail" '' + #!${pkgs.stdenv.shell} + + mailFile=/tmp/logEmail/$(date +"%F-%H%M%S").$$ + + mkdir -p -m 700 /tmp/logEmail + + cat >$mailFile + + sendmail -G -i "$@" <$mailFile + ''} -f ''${sender} -- ''${recipient} ''; networks = ["127.0.0.0/8" "[::ffff:127.0.0.0]/104" "[::1]/128" "10.141.0.0/16"]; }; -- cgit v1.2.3 From c801ca01de76c26ca29b5ffdfbff8c06b71754eb Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Wed, 22 Feb 2017 15:30:12 +0100 Subject: Turn on email logging --- ymir.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index 3f4fd496..ade822e7 100644 --- a/ymir.nix +++ b/ymir.nix @@ -498,6 +498,8 @@ in rec { sender_canonical_classes = envelope_sender recipient_canonical_maps = tcp:localhost:10002 recipient_canonical_classes= envelope_recipient,header_recipient + + content_filter = logEmail:ymir ''; extraMasterConf = '' uucp unix - n n - - pipe flags=Fqhu user=uucp argv=${config.security.wrapperDir}/uux -z -a $sender - $nexthop!rmail ($recipient) -- cgit v1.2.3 From e5121a3ea6c134ac422138cb074ad63756728850 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Wed, 22 Feb 2017 15:31:16 +0100 Subject: Fix logEmail owner --- ymir.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index ade822e7..d2f02b23 100644 --- a/ymir.nix +++ b/ymir.nix @@ -506,7 +506,7 @@ in rec { mlmmj unix - n n - - pipe flags=ORhu user=mlmmj argv=${pkgs.mlmmj}/bin/mlmmj-receive -F -L /var/spool/lists/''${user} mlmmj-subs unix - n n - - pipe flags=ORhu user=mlmmj argv=${pkgs.mlmmj-exposed}/bin/mlmmj-exposed /var/spool/lists/''${user} ''${extension} policy-spf unix - n n - - spawn user=nobody argv=${pkgs.pythonPackages.pypolicyd-spf}/bin/policyd-spf ${./ymir/spf.conf} - logEmail unix - n n - 10 pipe flags=Rq user=postfix null_sender= argv=${pkgs.writeScript "logEmail" '' + logEmail unix - n n - 10 pipe flags=Rq user=nobody null_sender= argv=${pkgs.writeScript "logEmail" '' #!${pkgs.stdenv.shell} mailFile=/tmp/logEmail/$(date +"%F-%H%M%S").$$ -- cgit v1.2.3 From c2147948b480a887b812b79f014b27f492298055 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Wed, 22 Feb 2017 15:33:09 +0100 Subject: Fix path in logging script --- ymir.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index d2f02b23..e77c81f1 100644 --- a/ymir.nix +++ b/ymir.nix @@ -509,6 +509,8 @@ in rec { logEmail unix - n n - 10 pipe flags=Rq user=nobody null_sender= argv=${pkgs.writeScript "logEmail" '' #!${pkgs.stdenv.shell} + export PATH=${config.security.wrapperDir}:/run/current-system/sw/bin + mailFile=/tmp/logEmail/$(date +"%F-%H%M%S").$$ mkdir -p -m 700 /tmp/logEmail -- cgit v1.2.3 From 1ad1772008dd2e9e530d7c5175882fefff777a31 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Wed, 22 Feb 2017 15:34:36 +0100 Subject: Disable logging again --- ymir.nix | 2 -- 1 file changed, 2 deletions(-) (limited to 'ymir.nix') diff --git a/ymir.nix b/ymir.nix index e77c81f1..74eb1a39 100644 --- a/ymir.nix +++ b/ymir.nix @@ -498,8 +498,6 @@ in rec { sender_canonical_classes = envelope_sender recipient_canonical_maps = tcp:localhost:10002 recipient_canonical_classes= envelope_recipient,header_recipient - - content_filter = logEmail:ymir ''; extraMasterConf = '' uucp unix - n n - - pipe flags=Fqhu user=uucp argv=${config.security.wrapperDir}/uux -z -a $sender - $nexthop!rmail ($recipient) -- cgit v1.2.3