commit 005d8ed665fedfc041c11623bdc1122442b34c24 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

nixos/tlsrpt: fix default postfix sendmail path (#428869)

authored by Martin Weinelt and committed by GitHub 6 months ago 005d8ed6 b70fda5e

+39 -26

1 changed file

expand all

unified split

nixos

modules

services

mail

tlsrpt.nix

+39 -26

nixos/modules/services/mail/tlsrpt.nix

··· 50 ]; 51 }; 52 53 in 54 55 { ··· 117 See {manpage}`tlsrpt-collectd(1)` for possible flags. 118 ''; 119 }; 120 - 121 - configurePostfix = mkOption { 122 - type = types.bool; 123 - default = true; 124 - description = '' 125 - Whether to modify the local Postfix service to grant access to the collectd socket. 126 - ''; 127 - }; 128 }; 129 130 fetcher = { ··· 229 230 sendmail_script = mkOption { 231 type = with types; nullOr str; 232 - default = if config.services.postfix.enable then "sendmail" else null; 233 defaultText = lib.literalExpression '' 234 - if any [ config.services.postfix.enable ] then "sendmail" else null 235 ''; 236 description = '' 237 Path to a sendmail-compatible executable for delivery reports. ··· 255 ''; 256 }; 257 }; 258 }; 259 260 config = mkIf cfg.enable { 261 environment.etc = { 262 - "tlsrpt/collectd.cfg".source = format.generate "tlsrpt-collectd.cfg" { 263 - tlsrpt_collectd = dropNullValues cfg.collectd.settings; 264 - }; 265 - "tlsrpt/fetcher.cfg".source = format.generate "tlsrpt-fetcher.cfg" { 266 - tlsrpt_fetcher = dropNullValues cfg.fetcher.settings; 267 - }; 268 - "tlsrpt/reportd.cfg".source = format.generate "tlsrpt-reportd.cfg" { 269 - tlsrpt_reportd = dropNullValues cfg.reportd.settings; 270 - }; 271 }; 272 273 users.users.tlsrpt = { ··· 276 }; 277 users.groups.tlsrpt = { }; 278 279 - users.users.postfix.extraGroups = 280 - lib.mkIf (config.services.postfix.enable && cfg.collectd.configurePostfix) 281 - [ 282 - "tlsrpt" 283 - ]; 284 285 systemd.services.tlsrpt-collectd = { 286 description = "TLSRPT datagram collector"; ··· 288 289 wantedBy = [ "multi-user.target" ]; 290 291 - restartTriggers = [ "/etc/tlsrpt/collectd.cfg" ]; 292 293 serviceConfig = commonServiceSettings // { 294 ExecStart = toString ( ··· 312 313 wantedBy = [ "multi-user.target" ]; 314 315 - restartTriggers = [ "/etc/tlsrpt/reportd.cfg" ]; 316 317 serviceConfig = commonServiceSettings // { 318 ExecStart = toString ( ··· 324 RestrictAddressFamilies = [ 325 "AF_INET" 326 "AF_INET6" 327 ]; 328 UMask = "0077"; 329 }; 330 };

··· 50 ]; 51 }; 52 53 + collectdConfigFile = format.generate "tlsrpt-collectd.cfg" { 54 + tlsrpt_collectd = dropNullValues cfg.collectd.settings; 55 + }; 56 + fetcherConfigFile = format.generate "tlsrpt-fetcher.cfg" { 57 + tlsrpt_fetcher = dropNullValues cfg.fetcher.settings; 58 + }; 59 + reportdConfigFile = format.generate "tlsrpt-reportd.cfg" { 60 + tlsrpt_reportd = dropNullValues cfg.reportd.settings; 61 + }; 62 + 63 + withPostfix = config.services.postfix.enable && cfg.configurePostfix; 64 in 65 66 { ··· 128 See {manpage}`tlsrpt-collectd(1)` for possible flags. 129 ''; 130 }; 131 }; 132 133 fetcher = { ··· 232 233 sendmail_script = mkOption { 234 type = with types; nullOr str; 235 + default = 236 + if config.services.postfix.enable && config.services.postfix.setSendmail then 237 + "/run/wrappers/bin/sendmail -i -t" 238 + else 239 + null; 240 defaultText = lib.literalExpression '' 241 + if config.services.postfix.enable && config.services.postfix.setSendmail then 242 + "/run/wrappers/bin/sendmail -i -t" 243 + else 244 + null 245 ''; 246 description = '' 247 Path to a sendmail-compatible executable for delivery reports. ··· 265 ''; 266 }; 267 }; 268 + 269 + configurePostfix = mkOption { 270 + type = types.bool; 271 + default = true; 272 + description = '' 273 + Whether to configure permissions to allow integration with Postfix. 274 + ''; 275 + }; 276 }; 277 278 config = mkIf cfg.enable { 279 environment.etc = { 280 + "tlsrpt/collectd.cfg".source = collectdConfigFile; 281 + "tlsrpt/fetcher.cfg".source = fetcherConfigFile; 282 + "tlsrpt/reportd.cfg".source = reportdConfigFile; 283 }; 284 285 users.users.tlsrpt = { ··· 288 }; 289 users.groups.tlsrpt = { }; 290 291 + users.users.postfix.extraGroups = lib.mkIf withPostfix [ 292 + "tlsrpt" 293 + ]; 294 295 systemd.services.tlsrpt-collectd = { 296 description = "TLSRPT datagram collector"; ··· 298 299 wantedBy = [ "multi-user.target" ]; 300 301 + restartTriggers = [ collectdConfigFile ]; 302 303 serviceConfig = commonServiceSettings // { 304 ExecStart = toString ( ··· 322 323 wantedBy = [ "multi-user.target" ]; 324 325 + restartTriggers = [ reportdConfigFile ]; 326 327 serviceConfig = commonServiceSettings // { 328 ExecStart = toString ( ··· 334 RestrictAddressFamilies = [ 335 "AF_INET" 336 "AF_INET6" 337 + "AF_NETLINK" 338 ]; 339 + ReadWritePaths = lib.optionals withPostfix [ "/var/lib/postfix/queue/maildrop" ]; 340 + SupplementaryGroups = lib.optionals withPostfix [ "postdrop" ]; 341 UMask = "0077"; 342 }; 343 };