commit f5c5dc5f5beea769427924e839ae7b18eb507404 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

nixos/gitea/mailer: fix using sendmail

authored by Izorkin and committed by Alyssa Ross 7 months ago f5c5dc5f e68b0b6a

+27 -9

2 changed files

expand all

unified split

nixos

doc

manual

release-notes

rl-2511.section.md

modules

services

misc

gitea.nix

nixos/doc/manual/release-notes/rl-2511.section.md

··· 92 93 - `services.dnscrypt-proxy2` gains a `package` option to specify dnscrypt-proxy package to use. 94 95 - `amdgpu` kernel driver overdrive mode can now be enabled by setting [hardware.amdgpu.overdrive.enable](#opt-hardware.amdgpu.overdrive.enable) and customized through [hardware.amdgpu.overdrive.ppfeaturemask](#opt-hardware.amdgpu.overdrive.ppfeaturemask). 96 This allows for fine-grained control over the GPU's performance and maybe required by overclocking softwares like Corectrl and Lact. These new options replace old options such as {option}`programs.corectrl.gpuOverclock.enable` and {option}`programs.tuxclocker.enableAMD`. 97

··· 92 93 - `services.dnscrypt-proxy2` gains a `package` option to specify dnscrypt-proxy package to use. 94 95 + - `services.gitea` supports sending notifications with sendmail again. To do this, activate the parameter `services.gitea.mailerUseSendmail` and configure SMTP server. 96 + 97 - `amdgpu` kernel driver overdrive mode can now be enabled by setting [hardware.amdgpu.overdrive.enable](#opt-hardware.amdgpu.overdrive.enable) and customized through [hardware.amdgpu.overdrive.ppfeaturemask](#opt-hardware.amdgpu.overdrive.ppfeaturemask). 98 This allows for fine-grained control over the GPU's performance and maybe required by overclocking softwares like Corectrl and Lact. These new options replace old options such as {option}`programs.corectrl.gpuOverclock.enable` and {option}`programs.tuxclocker.enableAMD`. 99

+25 -9

nixos/modules/services/misc/gitea.nix

··· 366 description = "Path to a file containing the SMTP password."; 367 }; 368 369 metricsTokenFile = mkOption { 370 type = types.nullOr types.str; 371 default = null; ··· 652 }) 653 ]); 654 655 - mailer = mkIf (cfg.mailerPasswordFile != null) { 656 - PASSWD = "#mailerpass#"; 657 - }; 658 659 metrics = mkIf (cfg.metricsTokenFile != null) { 660 TOKEN = "#metricstoken#"; ··· 867 cfg.repositoryRoot 868 cfg.stateDir 869 cfg.lfs.contentDir 870 - ]; 871 UMask = "0027"; 872 # Capabilities 873 CapabilityBoundingSet = ""; 874 # Security 875 - NoNewPrivileges = true; 876 # Sandboxing 877 ProtectSystem = "strict"; 878 ProtectHome = true; 879 PrivateTmp = true; 880 PrivateDevices = true; 881 - PrivateUsers = true; 882 ProtectHostname = true; 883 ProtectClock = true; 884 ProtectKernelTunables = true; ··· 889 "AF_UNIX" 890 "AF_INET" 891 "AF_INET6" 892 - ]; 893 RestrictNamespaces = true; 894 LockPersonality = true; 895 MemoryDenyWriteExecute = true; ··· 900 # System Call Filtering 901 SystemCallArchitectures = "native"; 902 SystemCallFilter = [ 903 - "~@cpu-emulation @debug @keyring @mount @obsolete @privileged @setuid" 904 "setrlimit" 905 - ]; 906 }; 907 908 environment = { ··· 978 timerConfig.OnCalendar = cfg.dump.interval; 979 }; 980 }; 981 meta.maintainers = with lib.maintainers; [ 982 ma27 983 techknowlogick

··· 366 description = "Path to a file containing the SMTP password."; 367 }; 368 369 + mailerUseSendmail = mkOption { 370 + type = types.bool; 371 + default = false; 372 + description = '' 373 + Use the operating system's sendmail command instead of SMTP. 374 + Note: some sandbox settings will be disabled. 375 + ''; 376 + }; 377 + 378 metricsTokenFile = mkOption { 379 type = types.nullOr types.str; 380 default = null; ··· 661 }) 662 ]); 663 664 + mailer = mkMerge [ 665 + (mkIf (cfg.mailerPasswordFile != null) { 666 + PASSWD = "#mailerpass#"; 667 + }) 668 + (mkIf cfg.mailerUseSendmail { 669 + PROTOCOL = "sendmail"; 670 + SENDMAIL_PATH = "/run/wrappers/bin/sendmail"; 671 + }) 672 + ]; 673 674 metrics = mkIf (cfg.metricsTokenFile != null) { 675 TOKEN = "#metricstoken#"; ··· 882 cfg.repositoryRoot 883 cfg.stateDir 884 cfg.lfs.contentDir 885 + ] ++ optional cfg.mailerUseSendmail "/var/lib/postfix/queue/maildrop"; 886 UMask = "0027"; 887 # Capabilities 888 CapabilityBoundingSet = ""; 889 # Security 890 + NoNewPrivileges = optional (!cfg.mailerUseSendmail) true; 891 # Sandboxing 892 ProtectSystem = "strict"; 893 ProtectHome = true; 894 PrivateTmp = true; 895 PrivateDevices = true; 896 + PrivateUsers = optional (!cfg.mailerUseSendmail) true; 897 ProtectHostname = true; 898 ProtectClock = true; 899 ProtectKernelTunables = true; ··· 904 "AF_UNIX" 905 "AF_INET" 906 "AF_INET6" 907 + ] ++ optional cfg.mailerUseSendmail "AF_NETLINK"; 908 RestrictNamespaces = true; 909 LockPersonality = true; 910 MemoryDenyWriteExecute = true; ··· 915 # System Call Filtering 916 SystemCallArchitectures = "native"; 917 SystemCallFilter = [ 918 + "~@cpu-emulation @debug @keyring @mount @obsolete @setuid" 919 "setrlimit" 920 + ] ++ optional (!cfg.mailerUseSendmail) "~@privileged"; 921 }; 922 923 environment = { ··· 993 timerConfig.OnCalendar = cfg.dump.interval; 994 }; 995 }; 996 + 997 meta.maintainers = with lib.maintainers; [ 998 ma27 999 techknowlogick