commit f5c5dc5f5beea769427924e839ae7b18eb507404 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

nixos/gitea/mailer: fix using sendmail

authored by Izorkin and committed by Alyssa Ross 7 months ago f5c5dc5f e68b0b6a

+27 -9

2 changed files

expand all

unified split

nixos

doc

manual

release-notes

rl-2511.section.md

modules

services

misc

gitea.nix

nixos/doc/manual/release-notes/rl-2511.section.md

··· 92 92 93 93 - `services.dnscrypt-proxy2` gains a `package` option to specify dnscrypt-proxy package to use. 94 94 95 + - `services.gitea` supports sending notifications with sendmail again. To do this, activate the parameter `services.gitea.mailerUseSendmail` and configure SMTP server. 96 + 95 97 - `amdgpu` kernel driver overdrive mode can now be enabled by setting [hardware.amdgpu.overdrive.enable](#opt-hardware.amdgpu.overdrive.enable) and customized through [hardware.amdgpu.overdrive.ppfeaturemask](#opt-hardware.amdgpu.overdrive.ppfeaturemask). 96 98 This allows for fine-grained control over the GPU's performance and maybe required by overclocking softwares like Corectrl and Lact. These new options replace old options such as {option}`programs.corectrl.gpuOverclock.enable` and {option}`programs.tuxclocker.enableAMD`. 97 99

+25 -9

nixos/modules/services/misc/gitea.nix

··· 366 366 description = "Path to a file containing the SMTP password."; 367 367 }; 368 368 369 + mailerUseSendmail = mkOption { 370 + type = types.bool; 371 + default = false; 372 + description = '' 373 + Use the operating system's sendmail command instead of SMTP. 374 + Note: some sandbox settings will be disabled. 375 + ''; 376 + }; 377 + 369 378 metricsTokenFile = mkOption { 370 379 type = types.nullOr types.str; 371 380 default = null; ··· 652 661 }) 653 662 ]); 654 663 655 - mailer = mkIf (cfg.mailerPasswordFile != null) { 656 - PASSWD = "#mailerpass#"; 657 - }; 664 + mailer = mkMerge [ 665 + (mkIf (cfg.mailerPasswordFile != null) { 666 + PASSWD = "#mailerpass#"; 667 + }) 668 + (mkIf cfg.mailerUseSendmail { 669 + PROTOCOL = "sendmail"; 670 + SENDMAIL_PATH = "/run/wrappers/bin/sendmail"; 671 + }) 672 + ]; 658 673 659 674 metrics = mkIf (cfg.metricsTokenFile != null) { 660 675 TOKEN = "#metricstoken#"; ··· 867 882 cfg.repositoryRoot 868 883 cfg.stateDir 869 884 cfg.lfs.contentDir 870 - ]; 885 + ] ++ optional cfg.mailerUseSendmail "/var/lib/postfix/queue/maildrop"; 871 886 UMask = "0027"; 872 887 # Capabilities 873 888 CapabilityBoundingSet = ""; 874 889 # Security 875 - NoNewPrivileges = true; 890 + NoNewPrivileges = optional (!cfg.mailerUseSendmail) true; 876 891 # Sandboxing 877 892 ProtectSystem = "strict"; 878 893 ProtectHome = true; 879 894 PrivateTmp = true; 880 895 PrivateDevices = true; 881 - PrivateUsers = true; 896 + PrivateUsers = optional (!cfg.mailerUseSendmail) true; 882 897 ProtectHostname = true; 883 898 ProtectClock = true; 884 899 ProtectKernelTunables = true; ··· 889 904 "AF_UNIX" 890 905 "AF_INET" 891 906 "AF_INET6" 892 - ]; 907 + ] ++ optional cfg.mailerUseSendmail "AF_NETLINK"; 893 908 RestrictNamespaces = true; 894 909 LockPersonality = true; 895 910 MemoryDenyWriteExecute = true; ··· 900 915 # System Call Filtering 901 916 SystemCallArchitectures = "native"; 902 917 SystemCallFilter = [ 903 - "~@cpu-emulation @debug @keyring @mount @obsolete @privileged @setuid" 918 + "~@cpu-emulation @debug @keyring @mount @obsolete @setuid" 904 919 "setrlimit" 905 - ]; 920 + ] ++ optional (!cfg.mailerUseSendmail) "~@privileged"; 906 921 }; 907 922 908 923 environment = { ··· 978 993 timerConfig.OnCalendar = cfg.dump.interval; 979 994 }; 980 995 }; 996 + 981 997 meta.maintainers = with lib.maintainers; [ 982 998 ma27 983 999 techknowlogick