From 7a0a877b15fc629745ec3c6dbea337368f4134ac Mon Sep 17 00:00:00 2001 From: Herwig Hochleitner Date: Tue, 17 Nov 2015 18:29:33 +0100 Subject: [PATCH 1/3] perlPackages: add Parse::Syslog and IO::Multiplex --- pkgs/top-level/perl-packages.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix index f8b1ff8030f..1ba6f73e14f 100644 --- a/pkgs/top-level/perl-packages.nix +++ b/pkgs/top-level/perl-packages.nix @@ -6608,6 +6608,14 @@ let self = _self // overrides; _self = with self; { }; }; + IOMultiplex = buildPerlPackage { + name = "IO-Multiplex-1.16"; + src = fetchurl { + url = mirror://cpan/authors/id/B/BB/BBB/IO-Multiplex-1.16.tar.gz; + sha256 = "74d22c44b5ad2e7190e2786e8a17d74bbf4cef89b4d1157ba33598b5a2720dad"; + }; + }; + IOPager = buildPerlPackage { name = "IO-Pager-0.06"; src = fetchurl { @@ -10000,6 +10008,14 @@ let self = _self // overrides; _self = with self; { }; }; + ParseSyslog = buildPerlPackage { + name = "Parse-Syslog-1.10"; + src = fetchurl { + url = mirror://cpan/authors/id/D/DS/DSCHWEI/Parse-Syslog-1.10.tar.gz; + sha256 = "659a2145441ef36d9835decaf83da308fcd03f49138cb3d90928e8bfc9f139d9"; + }; + }; + PathClass = buildPerlPackage { name = "Path-Class-0.33"; src = fetchurl { From 5609fe521daf42af3a8d7d8d15dd68db87efefb0 Mon Sep 17 00:00:00 2001 From: Herwig Hochleitner Date: Tue, 17 Nov 2015 18:30:10 +0100 Subject: [PATCH 2/3] postgrey: init at 1.36 (includes service) --- nixos/modules/misc/ids.nix | 2 + nixos/modules/module-list.nix | 1 + nixos/modules/services/mail/postgrey.nix | 75 ++++++++++++++++++++++++ pkgs/servers/mail/postgrey/default.nix | 34 +++++++++++ pkgs/top-level/all-packages.nix | 2 + 5 files changed, 114 insertions(+) create mode 100644 nixos/modules/services/mail/postgrey.nix create mode 100644 pkgs/servers/mail/postgrey/default.nix diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index e005c046504..2881d843760 100755 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -275,6 +275,7 @@ prometheus = 255; telegraf = 256; gitlab-runner = 257; + postgrey = 258; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -520,6 +521,7 @@ prometheus = 255; #telegraf = 256; # unused gitlab-runner = 257; + postgrey = 258; # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index ad3edd6fbd5..2978eaefb46 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -216,6 +216,7 @@ ./services/mail/opensmtpd.nix ./services/mail/postfix.nix ./services/mail/postsrsd.nix + ./services/mail/postgrey.nix ./services/mail/spamassassin.nix ./services/mail/rspamd.nix ./services/mail/rmilter.nix diff --git a/nixos/modules/services/mail/postgrey.nix b/nixos/modules/services/mail/postgrey.nix new file mode 100644 index 00000000000..5332939a859 --- /dev/null +++ b/nixos/modules/services/mail/postgrey.nix @@ -0,0 +1,75 @@ +{ config, lib, pkgs, ... }: + +with lib; let + + cfg = config.services.postgrey; + +in { + + options = { + services.postgrey = { + enable = mkOption { + default = false; + description = "Whether to run the Postgrey daemon"; + }; + inetAddr = mkOption { + default = null; + example = "127.0.0.1"; + description = "The inet address to bind to. If none given, bind to /var/run/postgrey.sock"; + }; + inetPort = mkOption { + default = 10030; + description = "The tcp port to bind to"; + }; + greylistText = mkOption { + default = "Greylisted for %%s seconds"; + description = "Response status text for greylisted messages"; + }; + }; + }; + + config = mkIf cfg.enable { + + environment.systemPackages = [ pkgs.postgrey ]; + + users = { + extraUsers = { + postgrey = { + description = "Postgrey Daemon"; + uid = config.ids.uids.postgrey; + group = "postgrey"; + }; + }; + extraGroups = { + postgrey = { + gid = config.ids.gids.postgrey; + }; + }; + }; + + systemd.services.postgrey = let + bind-flag = if isNull cfg.inetAddr then + "--unix=/var/run/postgrey.sock" + else + "--inet=${cfg.inetAddr}:${cfg.inetPort}"; + in { + description = "Postfix Greylisting Service"; + wantedBy = [ "multi-user.target" ]; + before = [ "postfix.service" ]; + preStart = '' + mkdir -p /var/postgrey + chown postgrey:postgrey /var/postgrey + chmod 0770 /var/postgrey + ''; + serviceConfig = { + Type = "simple"; + ExecStart = ''${pkgs.postgrey}/bin/postgrey ${bind-flag} --pidfile=/var/run/postgrey.pid --group=postgrey --user=postgrey --dbdir=/var/postgrey --greylist-text="${cfg.greylistText}"''; + Restart = "always"; + RestartSec = 5; + TimeoutSec = 10; + }; + }; + + }; + +} diff --git a/pkgs/servers/mail/postgrey/default.nix b/pkgs/servers/mail/postgrey/default.nix new file mode 100644 index 00000000000..7fdf0edb096 --- /dev/null +++ b/pkgs/servers/mail/postgrey/default.nix @@ -0,0 +1,34 @@ +{ stdenv, fetchurl, perl, perlPackages, lib, runCommand, postfix }: + +let + mk-perl-flags = inputs: lib.concatStringsSep " " (map (dep: "-I ${dep}/lib/perl5/site_perl") inputs); + postgrey-flags = mk-perl-flags (with perlPackages; [ + NetServer BerkeleyDB DigestSHA1 NetAddrIP IOMultiplex + ]); + policy-test-flags = mk-perl-flags (with perlPackages; [ + ParseSyslog + ]); + version = "1.36"; + name = "postgrey-${version}"; +in runCommand name { + src = fetchurl { + url = "http://postgrey.schweikert.ch/pub/${name}.tar.gz"; + sha256 = "09jzb246ki988389r9gryigriv9sravk40q75fih5n0q4p2ghax2"; + }; + meta = with stdenv.lib; { + description = "A postfix policy server to provide greylisting"; + homepage = "https://postgrey.schweikert.ch/"; + platforms = postfix.meta.platforms; + licenses = licenses.gpl2; + }; +} '' + mkdir -p $out/bin + cd $out + tar -xzf $src --strip-components=1 + mv postgrey policy-test bin + sed -i -e "s,#!/usr/bin/perl -T,#!${perl}/bin/perl -T ${postgrey-flags}," \ + -e "s#/etc/postfix#$out#" \ + bin/postgrey + sed -i -e "s,#!/usr/bin/perl,#!${perl}/bin/perl ${policy-test-flags}," \ + bin/policy-test +'' diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 53ad8e5f586..394c0c7a27a 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -9963,6 +9963,8 @@ in pfixtools = callPackage ../servers/mail/postfix/pfixtools.nix { }; pflogsumm = callPackage ../servers/mail/postfix/pflogsumm.nix { }; + postgrey = callPackage ../servers/mail/postgrey { }; + pshs = callPackage ../servers/http/pshs { }; libpulseaudio = callPackage ../servers/pulseaudio { libOnly = true; }; From 5fa7cf9f9776a429aeae0281a1947f55170573d2 Mon Sep 17 00:00:00 2001 From: Herwig Hochleitner Date: Wed, 14 Sep 2016 02:18:18 +0200 Subject: [PATCH 3/3] postgrey: add types to service --- nixos/modules/services/mail/postgrey.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/mail/postgrey.nix b/nixos/modules/services/mail/postgrey.nix index 5332939a859..0db631868cc 100644 --- a/nixos/modules/services/mail/postgrey.nix +++ b/nixos/modules/services/mail/postgrey.nix @@ -7,21 +7,25 @@ with lib; let in { options = { - services.postgrey = { + services.postgrey = with types; { enable = mkOption { + type = bool; default = false; description = "Whether to run the Postgrey daemon"; }; inetAddr = mkOption { + type = nullOr string; default = null; example = "127.0.0.1"; description = "The inet address to bind to. If none given, bind to /var/run/postgrey.sock"; }; inetPort = mkOption { + type = int; default = 10030; description = "The tcp port to bind to"; }; greylistText = mkOption { + type = string; default = "Greylisted for %%s seconds"; description = "Response status text for greylisted messages"; };