diff options
-rw-r--r-- | krebs/3modules/default.nix | 13 | ||||
-rw-r--r-- | krebs/3modules/exim-retiolum.nix | 36 | ||||
-rw-r--r-- | krebs/3modules/exim-smarthost.nix | 42 | ||||
-rw-r--r-- | krebs/3modules/shared/default.nix | 1 | ||||
-rw-r--r-- | tv/2configs/exim-smarthost.nix | 1 |
5 files changed, 61 insertions, 32 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 662fd6489..186469e97 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -143,12 +143,11 @@ let { text=(stripEmptyLines value); }) all-zones; krebs.exim-smarthost.internet-aliases = let - format = from: to: + format = from: to: { + inherit from; # TODO assert is-retiolum-mail-address to; - { inherit from; - to = if typeOf to == "list" - then concatMapStringsSep "," (getAttr "mail") to - else to.mail; }; + to = concatMapStringsSep "," (getAttr "mail") (toList to); + }; in mapAttrsToList format (with config.krebs.users; let spam-ml = [ lass @@ -167,6 +166,10 @@ let "makefu@retiolum" = makefu; "spam@retiolum" = spam-ml; "tv@retiolum" = tv; + "lass@r" = lass; + "makefu@r" = makefu; + "spam@r" = spam-ml; + "tv@r" = tv; }); services.openssh.hostKeys = diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix index 1722eef1f..6e6928f89 100644 --- a/krebs/3modules/exim-retiolum.nix +++ b/krebs/3modules/exim-retiolum.nix @@ -11,6 +11,24 @@ let api = { enable = mkEnableOption "krebs.exim-retiolum"; + local_domains = mkOption { + type = with types; listOf hostname; + default = ["localhost"] ++ config.krebs.build.host.nets.retiolum.aliases; + }; + primary_hostname = mkOption { + type = types.str; + default = let x = "${config.krebs.build.host.name}.r"; in + assert elem x config.krebs.build.host.nets.retiolum.aliases; + x; + }; + relay_to_domains = mkOption { + # TODO hostname with wildcards + type = with types; listOf str; + default = [ + "*.r" + "*.retiolum" + ]; + }; }; imp = { @@ -21,9 +39,9 @@ let # TODO modular configuration assert config.krebs.retiolum.enable; '' - primary_hostname = ${retiolumHostname} - domainlist local_domains = @ : localhost - domainlist relay_to_domains = *.retiolum + primary_hostname = ${cfg.primary_hostname} + domainlist local_domains = ${concatStringsSep ":" cfg.local_domains} + domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains} hostlist relay_from_hosts = <; 127.0.0.1 ; ::1 acl_smtp_rcpt = acl_check_rcpt @@ -85,7 +103,7 @@ let retiolum: driver = manualroute - domains = ! ${retiolumHostname} : *.retiolum + domains = ! +local_domains : +relay_to_domains transport = remote_smtp route_list = ^.* $0 byname no_more @@ -125,8 +143,8 @@ let # mode = 0660 begin retry - *.retiolum * F,42d,1m - * * F,2h,15m; G,16h,1h,1.5; F,4d,6h + ${concatMapStringsSep "\n" (k: "${k} * F,42d,1m") cfg.relay_to_domains} + * * F,2h,15m; G,16h,1h,1.5; F,4d,6h begin rewrite @@ -134,8 +152,4 @@ let ''; }; }; - - # TODO get the hostname from somewhere else. - retiolumHostname = "${config.networking.hostName}.retiolum"; -in -out +in out diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index 267ee2900..c976e89de 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -25,14 +25,31 @@ let })); }; + local_domains = mkOption { + type = with types; listOf hostname; + default = ["localhost"] ++ config.krebs.build.host.nets.retiolum.aliases; + }; + relay_from_hosts = mkOption { type = with types; listOf str; default = []; + apply = xs: ["127.0.0.1" "::1"] ++ xs; + }; + + relay_to_domains = mkOption { + # TODO hostname with wildcards + type = with types; listOf str; + default = [ + "*.r" + "*.retiolum" + ]; }; primary_hostname = mkOption { type = types.str; - default = "${config.networking.hostName}.retiolum"; + default = let x = "${config.krebs.build.host.name}.r"; in + assert elem x config.krebs.build.host.nets.retiolum.aliases; + x; }; sender_domains = mkOption { @@ -63,19 +80,11 @@ let # HOST_REDIR contains the real destinations for "local_domains". #HOST_REDIR = /etc/exim4/host_redirect - # Domains not listed in local_domains need to be deliverable remotely. # XXX We abuse local_domains to mean "domains, we're the gateway for". - domainlist local_domains = @ : localhost - domainlist relay_to_domains = - hostlist relay_from_hosts = <;${concatStringsSep ";" ( - [ - "127.0.0.1" - "::1" - ] - ++ - cfg.relay_from_hosts - )} + domainlist local_domains = ${concatStringsSep ":" cfg.local_domains} + domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains} + hostlist relay_from_hosts = <;${concatStringsSep ";" cfg.relay_from_hosts} acl_smtp_rcpt = acl_check_rcpt acl_smtp_data = acl_check_data @@ -144,7 +153,7 @@ let retiolum: debug_print = "R: retiolum for $local_part@$domain" driver = manualroute - domains = ! ${cfg.primary_hostname} : *.retiolum + domains = ! +local_domains : +relay_to_domains transport = retiolum_smtp route_list = ^.* $0 byname no_more @@ -197,8 +206,11 @@ let return_path_add begin retry - *.retiolum * F,42d,1m - * * F,2h,15m; G,16h,1h,1.5; F,4d,6h + ${concatMapStringsSep "\n" (k: "${k} * F,42d,1m") cfg.relay_to_domains} + ${concatMapStringsSep "\n" (k: "${k} * F,42d,1m") + # TODO don't include relay_to_domains + (map (getAttr "from") cfg.internet-aliases)} + * * F,2h,15m; G,16h,1h,1.5; F,4d,6h begin rewrite begin authenticators diff --git a/krebs/3modules/shared/default.nix b/krebs/3modules/shared/default.nix index 208b596f8..ccd15b569 100644 --- a/krebs/3modules/shared/default.nix +++ b/krebs/3modules/shared/default.nix @@ -15,6 +15,7 @@ let addrs4 = ["10.243.111.111"]; addrs6 = ["42:0:0:0:0:0:0:7357"]; aliases = [ + "test.r" "test.retiolum" ]; tinc.pubkey = '' diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix index 4b49e20b1..3bb022d77 100644 --- a/tv/2configs/exim-smarthost.nix +++ b/tv/2configs/exim-smarthost.nix @@ -5,7 +5,6 @@ with config.krebs.lib; { krebs.exim-smarthost = { enable = true; - primary_hostname = "${config.networking.hostName}.retiolum"; sender_domains = [ "shackspace.de" "viljetic.de" |