From 662f22a1ddd32d33157d3807756b0742e7d21752 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 5 Aug 2015 15:24:50 +0200 Subject: make eval: don't use $json anymore --- Makefile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Makefile b/Makefile index ca828fd2..54656e9e 100644 --- a/Makefile +++ b/Makefile @@ -25,7 +25,7 @@ deploy:;@ eval: @ ifeq ($(filter),json) - extraArgs=--json + extraArgs='--json --strict' filter() { jq -r .; } else filter() { cat; } @@ -33,8 +33,6 @@ endif NIX_PATH=stockholm=$$PWD:$$NIX_PATH \ nix-instantiate \ $${extraArgs-} \ - $${json+--json} \ - $${json+--strict} \ --eval \ -A "$$get" \ '' \ -- cgit v1.2.3 From 01681b908f58e988f028054dd10de44579ca24ff Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 6 Aug 2015 00:11:26 +0200 Subject: tv 2 git: add public repo: cac --- tv/2configs/git.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix index ecb98cef..8d662494 100644 --- a/tv/2configs/git.nix +++ b/tv/2configs/git.nix @@ -20,6 +20,9 @@ let rules = concatMap make-rules (attrValues repos); public-repos = mapAttrs make-public-repo { + cac = { + desc = "CloudAtCost command line interface"; + }; cgserver = {}; crude-mail-setup = {}; dot-xmonad = {}; -- cgit v1.2.3 From a982edd25d442e443bc67159064eeb080ed3339c Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 6 Aug 2015 00:21:40 +0200 Subject: krebs pkgs cac: init at 07ef31c --- krebs/5pkgs/cac.nix | 36 ++++++++++++++++++++++++++++++++++++ krebs/5pkgs/default.nix | 1 + tv/1systems/wu.nix | 1 + 3 files changed, 38 insertions(+) create mode 100644 krebs/5pkgs/cac.nix diff --git a/krebs/5pkgs/cac.nix b/krebs/5pkgs/cac.nix new file mode 100644 index 00000000..3322e1a1 --- /dev/null +++ b/krebs/5pkgs/cac.nix @@ -0,0 +1,36 @@ +{ stdenv, fetchgit, coreutils, curl, gnused, jq, ... }: + +stdenv.mkDerivation { + name = "cac"; + + src = fetchgit { + url = http://cgit.cd.retiolum/cac; + rev = "07ef31c50613634e88a31233d1fcd2ec3e52bfe8"; + sha256 = "4e94709a3f580a53983ca418fa0b470817ac917aa1b2d095f2420afd36ea9158"; + }; + + phases = [ + "unpackPhase" + "installPhase" + ]; + + installPhase = + let + path = stdenv.lib.makeSearchPath "bin" [ + coreutils + curl + gnused + jq + ]; + in + '' + mkdir -p $out/bin + + sed \ + 's,^\( true) \)\(cac "$@";;\)$,\1 PATH=${path} \2,' \ + < ./cac \ + > $out/bin/cac + + chmod +x $out/bin/cac + ''; +} diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix index 231fda79..5de84f66 100644 --- a/krebs/5pkgs/default.nix +++ b/krebs/5pkgs/default.nix @@ -6,6 +6,7 @@ in pkgs // { + cac = callPackage ./cac.nix {}; dic = callPackage ./dic.nix {}; genid = callPackage ./genid.nix {}; github-hosts-sync = callPackage ./github-hosts-sync.nix {}; diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index 27691ec5..ae6ef132 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -91,6 +91,7 @@ in sxiv texLive tmux + tvpkgs.cac tvpkgs.dic zathura -- cgit v1.2.3 From 7d9f1a321dfc8a27f7dbf65ba9ddf00202d3b53e Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 6 Aug 2015 00:56:28 +0200 Subject: krebs pkgs cac: add missing dep: sshpass --- krebs/5pkgs/cac.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/krebs/5pkgs/cac.nix b/krebs/5pkgs/cac.nix index 3322e1a1..336f96b9 100644 --- a/krebs/5pkgs/cac.nix +++ b/krebs/5pkgs/cac.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchgit, coreutils, curl, gnused, jq, ... }: +{ stdenv, fetchgit, coreutils, curl, gnused, jq, sshpass, ... }: stdenv.mkDerivation { name = "cac"; @@ -21,6 +21,7 @@ stdenv.mkDerivation { curl gnused jq + sshpass ]; in '' -- cgit v1.2.3 From c98cbf2169f6399bab88f936db0a21bd46cefd65 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 6 Aug 2015 00:59:34 +0200 Subject: krebs pkgs cac: 07ef31c -> 0fc9cbe --- krebs/5pkgs/cac.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/cac.nix b/krebs/5pkgs/cac.nix index 336f96b9..cce88920 100644 --- a/krebs/5pkgs/cac.nix +++ b/krebs/5pkgs/cac.nix @@ -5,8 +5,8 @@ stdenv.mkDerivation { src = fetchgit { url = http://cgit.cd.retiolum/cac; - rev = "07ef31c50613634e88a31233d1fcd2ec3e52bfe8"; - sha256 = "4e94709a3f580a53983ca418fa0b470817ac917aa1b2d095f2420afd36ea9158"; + rev = "0fc9cbeba4060380f698f51bb74081e2fcefadf3"; + sha256 = "9759c78aa9aa04ab82486d0f24264bff1081513bc07cac0f8b3c0bdf52260fb3"; }; phases = [ -- cgit v1.2.3 From 3e7220b417c398479e13617bd85d5c2c316c6bcd Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 6 Aug 2015 01:01:43 +0200 Subject: krebs pkgs cac: add missing dep: ncurses --- krebs/5pkgs/cac.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/krebs/5pkgs/cac.nix b/krebs/5pkgs/cac.nix index cce88920..223d1ccf 100644 --- a/krebs/5pkgs/cac.nix +++ b/krebs/5pkgs/cac.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchgit, coreutils, curl, gnused, jq, sshpass, ... }: +{ stdenv, fetchgit, coreutils, curl, gnused, jq, ncurses, sshpass, ... }: stdenv.mkDerivation { name = "cac"; @@ -21,6 +21,7 @@ stdenv.mkDerivation { curl gnused jq + ncurses sshpass ]; in -- cgit v1.2.3 From 1692022c670e96a78b0d452d1ecbd6cb81961391 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 6 Aug 2015 01:02:49 +0200 Subject: krebs pkgs cac: leak $PATH for $PAGER --- krebs/5pkgs/cac.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/5pkgs/cac.nix b/krebs/5pkgs/cac.nix index 223d1ccf..49a5bd27 100644 --- a/krebs/5pkgs/cac.nix +++ b/krebs/5pkgs/cac.nix @@ -29,7 +29,7 @@ stdenv.mkDerivation { mkdir -p $out/bin sed \ - 's,^\( true) \)\(cac "$@";;\)$,\1 PATH=${path} \2,' \ + 's,^\( true) \)\(cac "$@";;\)$,\1 PATH=${path}${PATH+:$PATH} \2,' \ < ./cac \ > $out/bin/cac -- cgit v1.2.3 From 90e0d14b3ec91cebb0119974c54a9bc9cdc6d70c Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 6 Aug 2015 19:39:18 +0200 Subject: krebs pkgs cac: 0fc9cbe -> f458915 --- krebs/5pkgs/cac.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/cac.nix b/krebs/5pkgs/cac.nix index 49a5bd27..eff52304 100644 --- a/krebs/5pkgs/cac.nix +++ b/krebs/5pkgs/cac.nix @@ -5,8 +5,8 @@ stdenv.mkDerivation { src = fetchgit { url = http://cgit.cd.retiolum/cac; - rev = "0fc9cbeba4060380f698f51bb74081e2fcefadf3"; - sha256 = "9759c78aa9aa04ab82486d0f24264bff1081513bc07cac0f8b3c0bdf52260fb3"; + rev = "f4589158572ab35969b9bccf801ea07e115705e1"; + sha256 = "9d761cd1d7ff68507392cbfd6c3f6000ddff9cc540293da2b3c4ee902321fb27"; }; phases = [ -- cgit v1.2.3 From 7c578b1cad5d33c4a2773459ef62a8a72c585972 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 13 Aug 2015 11:46:09 +0200 Subject: {tv 2 => krebs 3}/exim-retiolum --- krebs/3modules/default.nix | 1 + krebs/3modules/exim-retiolum.nix | 142 +++++++++++++++++++++++++++++++++++++++ tv/1systems/nomic.nix | 4 +- tv/1systems/wu.nix | 4 +- tv/2configs/exim-retiolum.nix | 126 ---------------------------------- 5 files changed, 149 insertions(+), 128 deletions(-) create mode 100644 krebs/3modules/exim-retiolum.nix delete mode 100644 tv/2configs/exim-retiolum.nix diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index e677ba5e..fd795a03 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -6,6 +6,7 @@ let out = { imports = [ + ./exim-retiolum.nix ./github-hosts-sync.nix ./git.nix ./nginx.nix diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix new file mode 100644 index 00000000..09372f07 --- /dev/null +++ b/krebs/3modules/exim-retiolum.nix @@ -0,0 +1,142 @@ +{ config, pkgs, lib, ... }: + +with builtins; +with lib; +let + cfg = config.krebs.exim-retiolum; + + out = { + options.krebs.exim-retiolum = api; + config = + # This configuration makes only sense for retiolum-enabled hosts. + # TODO modular configuration + assert config.krebs.retiolum.enable; + mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "krebs.exim-retiolum"; + }; + + imp = { + services.exim = { + enable = true; + config = '' + primary_hostname = ${retiolumHostname} + domainlist local_domains = @ : localhost + domainlist relay_to_domains = *.retiolum + hostlist relay_from_hosts = <; 127.0.0.1 ; ::1 + + acl_smtp_rcpt = acl_check_rcpt + acl_smtp_data = acl_check_data + + host_lookup = * + rfc1413_hosts = * + rfc1413_query_timeout = 5s + + log_file_path = syslog + syslog_timestamp = false + syslog_duplication = false + + begin acl + + acl_check_rcpt: + accept hosts = : + control = dkim_disable_verify + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + accept local_parts = postmaster + domains = +local_domains + + #accept + # hosts = *.retiolum + # domains = *.retiolum + # control = dkim_disable_verify + + #require verify = sender + + accept hosts = +relay_from_hosts + control = submission + control = dkim_disable_verify + + accept authenticated = * + control = submission + control = dkim_disable_verify + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + require verify = recipient + + accept + + + acl_check_data: + accept + + + begin routers + + retiolum: + driver = manualroute + domains = ! ${retiolumHostname} : *.retiolum + transport = remote_smtp + route_list = ^.* $0 byname + no_more + + nonlocal: + debug_print = "R: nonlocal for $local_part@$domain" + driver = redirect + domains = ! +local_domains + allow_fail + data = :fail: Mailing to remote domains not supported + no_more + + local_user: + # debug_print = "R: local_user for $local_part@$domain" + driver = accept + check_local_user + # local_part_suffix = +* : -* + # local_part_suffix_optional + transport = home_maildir + cannot_route_message = Unknown user + + + begin transports + + remote_smtp: + driver = smtp + + home_maildir: + driver = appendfile + maildir_format + directory = $home/Maildir + directory_mode = 0700 + delivery_date_add + envelope_to_add + return_path_add + # group = mail + # mode = 0660 + + begin retry + *.retiolum * F,42d,1m + * * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + begin rewrite + + begin authenticators + ''; + }; + }; + + # TODO get the hostname from somewhere else. + retiolumHostname = "${config.networking.hostName}.retiolum"; +in +out diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix index b9a10cb4..896c1ad2 100644 --- a/tv/1systems/nomic.nix +++ b/tv/1systems/nomic.nix @@ -25,7 +25,6 @@ with lib; ../2configs/AO753.nix ../2configs/base.nix ../2configs/consul-server.nix - ../2configs/exim-retiolum.nix ../2configs/git.nix { tv.iptables = { @@ -38,6 +37,9 @@ with lib; ]; }; } + { + krebs.exim-retiolum = true; + } { krebs.nginx = { enable = true; diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index ae6ef132..a5cbde3e 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -29,7 +29,6 @@ in ../2configs/w110er.nix ../2configs/base.nix ../2configs/consul-client.nix - ../2configs/exim-retiolum.nix ../2configs/git.nix ../2configs/mail-client.nix ../2configs/xserver.nix @@ -165,6 +164,9 @@ in ]; }; } + { + krebs.exim-retiolum = true; + } { krebs.nginx = { enable = true; diff --git a/tv/2configs/exim-retiolum.nix b/tv/2configs/exim-retiolum.nix deleted file mode 100644 index 851a0c62..00000000 --- a/tv/2configs/exim-retiolum.nix +++ /dev/null @@ -1,126 +0,0 @@ -{ config, pkgs, ... }: - -{ - services.exim = - # This configuration makes only sense for retiolum-enabled hosts. - # TODO modular configuration - assert config.krebs.retiolum.enable; - let - # TODO get the hostname from config.krebs.retiolum. - retiolumHostname = "${config.networking.hostName}.retiolum"; - in - { enable = true; - config = '' - primary_hostname = ${retiolumHostname} - domainlist local_domains = @ : localhost - domainlist relay_to_domains = *.retiolum - hostlist relay_from_hosts = <; 127.0.0.1 ; ::1 - - acl_smtp_rcpt = acl_check_rcpt - acl_smtp_data = acl_check_data - - host_lookup = * - rfc1413_hosts = * - rfc1413_query_timeout = 5s - - log_file_path = syslog - syslog_timestamp = false - syslog_duplication = false - - begin acl - - acl_check_rcpt: - accept hosts = : - control = dkim_disable_verify - - deny message = Restricted characters in address - domains = +local_domains - local_parts = ^[.] : ^.*[@%!/|] - - deny message = Restricted characters in address - domains = !+local_domains - local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ - - accept local_parts = postmaster - domains = +local_domains - - #accept - # hosts = *.retiolum - # domains = *.retiolum - # control = dkim_disable_verify - - #require verify = sender - - accept hosts = +relay_from_hosts - control = submission - control = dkim_disable_verify - - accept authenticated = * - control = submission - control = dkim_disable_verify - - require message = relay not permitted - domains = +local_domains : +relay_to_domains - - require verify = recipient - - accept - - - acl_check_data: - accept - - - begin routers - - retiolum: - driver = manualroute - domains = ! ${retiolumHostname} : *.retiolum - transport = remote_smtp - route_list = ^.* $0 byname - no_more - - nonlocal: - debug_print = "R: nonlocal for $local_part@$domain" - driver = redirect - domains = ! +local_domains - allow_fail - data = :fail: Mailing to remote domains not supported - no_more - - local_user: - # debug_print = "R: local_user for $local_part@$domain" - driver = accept - check_local_user - # local_part_suffix = +* : -* - # local_part_suffix_optional - transport = home_maildir - cannot_route_message = Unknown user - - - begin transports - - remote_smtp: - driver = smtp - - home_maildir: - driver = appendfile - maildir_format - directory = $home/Maildir - directory_mode = 0700 - delivery_date_add - envelope_to_add - return_path_add - # group = mail - # mode = 0660 - - begin retry - *.retiolum * F,42d,1m - * * F,2h,15m; G,16h,1h,1.5; F,4d,6h - - begin rewrite - - begin authenticators - ''; - }; -} -- cgit v1.2.3