From 3891d3e6541fe588ee2430e7b1bdb8d87d787a53 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Mon, 2 Nov 2015 04:13:17 +0300 Subject: [PATCH 01/11] nixos/postfix: add types --- nixos/modules/services/mail/postfix.nix | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix index 2b9175036be..9090fbdaa1e 100644 --- a/nixos/modules/services/mail/postfix.nix +++ b/nixos/modules/services/mail/postfix.nix @@ -158,6 +158,7 @@ in services.postfix = { enable = mkOption { + type = types.bool; default = false; description = "Whether to run the Postfix mail server."; }; @@ -168,21 +169,25 @@ in }; setSendmail = mkOption { + type = types.bool; default = true; description = "Whether to set the system sendmail to postfix's."; }; user = mkOption { + type = types.str; default = "postfix"; description = "What to call the Postfix user (must be used only for postfix)."; }; group = mkOption { + type = types.str; default = "postfix"; description = "What to call the Postfix group (must be used only for postfix)."; }; setgidGroup = mkOption { + type = types.str; default = "postdrop"; description = " How to call postfix setgid group (for postdrop). Should @@ -191,6 +196,7 @@ in }; networks = mkOption { + type = types.nullOr (types.listOf types.str); default = null; example = ["192.168.0.1/24"]; description = " @@ -201,6 +207,7 @@ in }; networksStyle = mkOption { + type = types.str; default = ""; description = " Name of standard way of trusted network specification to use, @@ -210,6 +217,7 @@ in }; hostname = mkOption { + type = types.str; default = ""; description =" Hostname to use. Leave blank to use just the hostname of machine. @@ -218,6 +226,7 @@ in }; domain = mkOption { + type = types.str; default = ""; description =" Domain to use. Leave blank to use hostname minus first component. @@ -225,6 +234,7 @@ in }; origin = mkOption { + type = types.str; default = ""; description =" Origin to use in outgoing e-mail. Leave blank to use hostname. @@ -232,6 +242,7 @@ in }; destination = mkOption { + type = types.nullOr (types.listOf types.str); default = null; example = ["localhost"]; description = " @@ -241,6 +252,7 @@ in }; relayDomains = mkOption { + type = types.nullOr (types.listOf types.str); default = null; example = ["localdomain"]; description = " @@ -249,6 +261,7 @@ in }; relayHost = mkOption { + type = types.str; default = ""; description = " Mail relay for outbound mail. @@ -256,6 +269,7 @@ in }; lookupMX = mkOption { + type = types.bool; default = false; description = " Whether relay specified is just domain whose MX must be used. @@ -263,11 +277,13 @@ in }; postmasterAlias = mkOption { + type = types.str; default = "root"; description = "Who should receive postmaster e-mail."; }; rootAlias = mkOption { + type = types.str; default = ""; description = " Who should receive root e-mail. Blank for no redirection. @@ -275,6 +291,7 @@ in }; extraAliases = mkOption { + type = types.lines; default = ""; description = " Additional entries to put verbatim into aliases file, cf. man-page aliases(8). @@ -282,6 +299,7 @@ in }; extraConfig = mkOption { + type = types.str; default = ""; description = " Extra lines to be added verbatim to the main.cf configuration file. @@ -289,21 +307,25 @@ in }; sslCert = mkOption { + type = types.str; default = ""; description = "SSL certificate to use."; }; sslCACert = mkOption { + type = types.str; default = ""; description = "SSL certificate of CA."; }; sslKey = mkOption { + type = types.str; default = ""; description = "SSL key to use."; }; recipientDelimiter = mkOption { + type = types.str; default = ""; example = "+"; description = " @@ -312,6 +334,7 @@ in }; virtual = mkOption { + type = types.lines; default = ""; description = " Entries for the virtual alias map, cf. man-page virtual(8). @@ -326,6 +349,7 @@ in }; extraMasterConf = mkOption { + type = types.lines; default = ""; example = "submission inet n - n - - smtpd"; description = "Extra lines to append to the generated master.cf file."; From 22fb0cb058d5f2362565bd384d8612b547231947 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Sat, 9 Jan 2016 02:48:24 +0300 Subject: [PATCH 02/11] nixos/postfix: don't emit alias_maps config option if we don't have aliases set --- nixos/modules/services/mail/postfix.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix index 9090fbdaa1e..35f9c53aa8c 100644 --- a/nixos/modules/services/mail/postfix.nix +++ b/nixos/modules/services/mail/postfix.nix @@ -57,8 +57,6 @@ let else "[" + cfg.relayHost + "]"} - alias_maps = hash:/var/postfix/conf/aliases - mail_spool_directory = /var/spool/mail/ setgid_group = ${setgidGroup} @@ -85,6 +83,8 @@ let '' + optionalString (cfg.transport != "") '' transport_maps = hash:/etc/postfix/transport + + optionalString (cfg.postmasterAlias != "" || cfg.rootAlias != "" || cfg.extraAliases != "") '' + alias_maps = hash:/var/postfix/conf/aliases '' + cfg.extraConfig; From 57c1d09857d826e2774e20d28783299f1f7ac6ca Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Sat, 9 Jan 2016 03:35:40 +0300 Subject: [PATCH 03/11] postfix30: add patch to silence setuid-in-nix-store related warnings --- pkgs/servers/mail/postfix/3.0.nix | 2 +- .../postfix/postfix-3.0-no-warnings.patch | 86 +++++++++++++++++++ 2 files changed, 87 insertions(+), 1 deletion(-) create mode 100644 pkgs/servers/mail/postfix/postfix-3.0-no-warnings.patch diff --git a/pkgs/servers/mail/postfix/3.0.nix b/pkgs/servers/mail/postfix/3.0.nix index 8c625da2c9e..93084f3ba60 100644 --- a/pkgs/servers/mail/postfix/3.0.nix +++ b/pkgs/servers/mail/postfix/3.0.nix @@ -15,7 +15,7 @@ stdenv.mkDerivation rec { buildInputs = [ makeWrapper gnused db openssl cyrus_sasl icu ]; - patches = [ ./postfix-script-shell.patch ]; + patches = [ ./postfix-script-shell.patch ./postfix-3.0-no-warnings.patch ]; preBuild = '' sed -e '/^PATH=/d' -i postfix-install diff --git a/pkgs/servers/mail/postfix/postfix-3.0-no-warnings.patch b/pkgs/servers/mail/postfix/postfix-3.0-no-warnings.patch new file mode 100644 index 00000000000..d93eaf0aaa0 --- /dev/null +++ b/pkgs/servers/mail/postfix/postfix-3.0-no-warnings.patch @@ -0,0 +1,86 @@ +diff -ru3 postfix-3.0.3/conf/postfix-script postfix-3.0.3-new/conf/postfix-script +--- postfix-3.0.3/conf/postfix-script 2014-06-27 18:05:15.000000000 +0400 ++++ postfix-3.0.3-new/conf/postfix-script 2016-01-09 17:51:38.545733631 +0300 +@@ -84,24 +84,6 @@ + exit 1 + } + +-# If this is a secondary instance, don't touch shared files. +- +-instances=`test ! -f $def_config_directory/main.cf || +- $command_directory/postconf -c $def_config_directory \ +- -h multi_instance_directories | sed 's/,/ /'` || { +- $FATAL cannot execute $command_directory/postconf! +- exit 1 +-} +- +-check_shared_files=1 +-for name in $instances +-do +- case "$name" in +- "$def_config_directory") ;; +- "$config_directory") check_shared_files=; break;; +- esac +-done +- + # + # Parse JCL + # +@@ -262,22 +244,6 @@ + -prune \( -perm -020 -o -perm -002 \) \ + -exec $WARN group or other writable: {} \; + +- # Check Postfix root-owned directory tree owner/permissions. +- +- todo="$config_directory/." +- test -n "$check_shared_files" && { +- todo="$daemon_directory/. $meta_directory/. $todo" +- test "$shlib_directory" = "no" || +- todo="$shlib_directory/. $todo" +- } +- todo=`echo "$todo" | tr ' ' '\12' | sort -u` +- +- find $todo ! -user root \ +- -exec $WARN not owned by root: {} \; +- +- find $todo \( -perm -020 -o -perm -002 \) \ +- -exec $WARN group or other writable: {} \; +- + # Check Postfix mail_owner-owned directory tree owner/permissions. + + find $data_directory/. ! -user $mail_owner \ +@@ -302,18 +268,11 @@ + # Check Postfix setgid_group-owned directory and file group/permissions. + + todo="$queue_directory/public $queue_directory/maildrop" +- test -n "$check_shared_files" && +- todo="$command_directory/postqueue $command_directory/postdrop $todo" + + find $todo \ + -prune ! -group $setgid_group \ + -exec $WARN not owned by group $setgid_group: {} \; + +- test -n "$check_shared_files" && +- find $command_directory/postqueue $command_directory/postdrop \ +- -prune ! -perm -02111 \ +- -exec $WARN not set-gid or not owner+group+world executable: {} \; +- + # Check non-Postfix root-owned directory tree owner/content. + + for dir in bin etc lib sbin usr +@@ -334,15 +293,6 @@ + + find corrupt -type f -exec $WARN damaged message: {} \; + +- # Check for non-Postfix MTA remnants. +- +- test -n "$check_shared_files" -a -f /usr/sbin/sendmail -a \ +- -f /usr/lib/sendmail && { +- cmp -s /usr/sbin/sendmail /usr/lib/sendmail || { +- $WARN /usr/lib/sendmail and /usr/sbin/sendmail differ +- $WARN Replace one by a symbolic link to the other +- } +- } + exit 0 + ;; + From 54bc19270b6ac94ec0e8c9d740d1f21b47d2c989 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Sat, 9 Jan 2016 03:36:39 +0300 Subject: [PATCH 04/11] nixos/postfix: add users and groups only if needed, fix group name --- nixos/modules/services/mail/postfix.nix | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix index 35f9c53aa8c..3231a10aa22 100644 --- a/nixos/modules/services/mail/postfix.nix +++ b/nixos/modules/services/mail/postfix.nix @@ -378,26 +378,27 @@ in program = "sendmail"; source = "${pkgs.postfix}/bin/sendmail"; owner = "nobody"; - group = "postdrop"; + group = setgidGroup; setuid = false; setgid = true; }; - users.extraUsers = singleton - { name = user; + users.extraUsers = optional (user == "postfix") + { name = "postfix"; description = "Postfix mail server user"; uid = config.ids.uids.postfix; group = group; }; users.extraGroups = - [ { name = group; - gid = config.ids.gids.postfix; - } - { name = setgidGroup; - gid = config.ids.gids.postdrop; - } - ]; + optional (group == "postfix") + { name = group; + gid = config.ids.gids.postfix; + } + ++ optional (setgidGroup == "postdrop") + { name = setgidGroup; + gid = config.ids.gids.postdrop; + }; systemd.services.postfix = { description = "Postfix mail server"; From d65850e56f26ce6eb9bb01d309aa3cf2c82ff6dd Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Sat, 9 Jan 2016 17:42:01 +0300 Subject: [PATCH 05/11] postfix30: split meta_directory from configuration, fix queue_directory and data_directory --- pkgs/servers/mail/postfix/3.0.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/mail/postfix/3.0.nix b/pkgs/servers/mail/postfix/3.0.nix index 93084f3ba60..786107e9393 100644 --- a/pkgs/servers/mail/postfix/3.0.nix +++ b/pkgs/servers/mail/postfix/3.0.nix @@ -22,13 +22,14 @@ stdenv.mkDerivation rec { export command_directory=$out/sbin export config_directory=/etc/postfix + export meta_directory=$out/etc/postfix export daemon_directory=$out/libexec/postfix - export data_directory=/var/lib/postfix + export data_directory=/var/lib/postfix/data export html_directory=$out/share/postfix/doc/html export mailq_path=$out/bin/mailq export manpage_directory=$out/share/man export newaliases_path=$out/bin/newaliases - export queue_directory=/var/spool/postfix + export queue_directory=/var/lib/postfix/queue export readme_directory=$out/share/postfix/doc export sendmail_path=$out/bin/sendmail From ef3102b27e9a5613b3134f440ddd54b7b453f0a8 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Sat, 9 Jan 2016 15:48:36 +0300 Subject: [PATCH 06/11] nixos/postfix: move /var/postfix to /var/lib/postfix, fix access rights --- nixos/modules/services/mail/postfix.nix | 70 ++++++++++++++----------- 1 file changed, 40 insertions(+), 30 deletions(-) diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix index 3231a10aa22..cbce53a1727 100644 --- a/nixos/modules/services/mail/postfix.nix +++ b/nixos/modules/services/mail/postfix.nix @@ -9,14 +9,14 @@ let group = cfg.group; setgidGroup = cfg.setgidGroup; + haveAliases = cfg.postmasterAlias != "" || cfg.rootAlias != "" || cfg.extraAliases != ""; + haveTransport = cfg.transport != ""; + haveVirtual = cfg.virtual != ""; + mainCf = '' compatibility_level = 2 - queue_directory = /var/postfix/queue - command_directory = ${pkgs.postfix}/sbin - daemon_directory = ${pkgs.postfix}/libexec/postfix - mail_owner = ${user} default_privs = nobody @@ -78,13 +78,14 @@ let + optionalString (cfg.recipientDelimiter != "") '' recipient_delimiter = ${cfg.recipientDelimiter} '' - + optionalString (cfg.virtual != "") '' - virtual_alias_maps = hash:/etc/postfix/virtual + + optionalString haveAliases '' + alias_maps = hash:/etc/postfix/aliases '' - + optionalString (cfg.transport != "") '' + + optionalString haveTransport '' transport_maps = hash:/etc/postfix/transport - + optionalString (cfg.postmasterAlias != "" || cfg.rootAlias != "" || cfg.extraAliases != "") '' - alias_maps = hash:/var/postfix/conf/aliases + '' + + optionalString haveVirtual '' + virtual_alias_maps = hash:/etc/postfix/virtual '' + cfg.extraConfig; @@ -366,7 +367,7 @@ in environment = { etc = singleton - { source = "/var/postfix/conf"; + { source = "/var/lib/postfix/conf"; target = "postfix"; }; @@ -377,7 +378,6 @@ in services.mail.sendmailSetuidWrapper = mkIf config.services.postfix.setSendmail { program = "sendmail"; source = "${pkgs.postfix}/bin/sendmail"; - owner = "nobody"; group = setgidGroup; setuid = false; setgid = true; @@ -409,41 +409,51 @@ in serviceConfig = { Type = "forking"; Restart = "always"; - PIDFile = "/var/postfix/queue/pid/master.pid"; + PIDFile = "/var/lib/postfix/queue/pid/master.pid"; }; preStart = '' - ${pkgs.coreutils}/bin/mkdir -p /var/spool/mail /var/postfix/conf /var/postfix/queue + ${pkgs.coreutils}/bin/mkdir -p /var/lib/postfix/data /var/lib/postfix/queue/{pid,public,maildrop} - ${pkgs.coreutils}/bin/chown -R ${user}:${group} /var/postfix - ${pkgs.coreutils}/bin/chown -R ${user}:${setgidGroup} /var/postfix/queue - ${pkgs.coreutils}/bin/chmod -R ug+rwX /var/postfix/queue + ${pkgs.coreutils}/bin/chown -R ${user}:${group} /var/lib/postfix + ${pkgs.coreutils}/bin/chown root /var/lib/postfix/queue + ${pkgs.coreutils}/bin/chown root /var/lib/postfix/queue/pid + ${pkgs.coreutils}/bin/chgrp -R ${setgidGroup} /var/lib/postfix/queue/{public,maildrop} + ${pkgs.coreutils}/bin/chmod 770 /var/lib/postfix/queue/{public,maildrop} + + ${pkgs.coreutils}/bin/rm -rf /var/lib/postfix/conf + ${pkgs.coreutils}/bin/mkdir -p /var/lib/postfix/conf + ${pkgs.coreutils}/bin/ln -sf ${mainCfFile} /var/lib/postfix/conf/main.cf + ${pkgs.coreutils}/bin/ln -sf ${masterCfFile} /var/lib/postfix/conf/master.cf + ${optionalString haveAliases '' + ${pkgs.coreutils}/bin/ln -sf ${aliasesFile} /var/lib/postfix/conf/aliases + ${pkgs.postfix}/bin/postalias /var/lib/postfix/conf/aliases + ''} + ${optionalString haveTransport '' + ${pkgs.coreutils}/bin/ln -sf ${transportFile} /var/lib/postfix/conf/transport + ${pkgs.postfix}/bin/postmap /var/lib/postfix/conf/transport + ''} + ${optionalString haveVirtual '' + ${pkgs.coreutils}/bin/ln -sf ${virtualFile} /var/lib/postfix/conf/virtual + ${pkgs.postfix}/bin/postmap /var/lib/postfix/conf/virtual + ''} + + ${pkgs.coreutils}/bin/mkdir -p /var/spool/mail ${pkgs.coreutils}/bin/chown root:root /var/spool/mail ${pkgs.coreutils}/bin/chmod a+rwxt /var/spool/mail ${pkgs.coreutils}/bin/ln -sf /var/spool/mail /var/ - - ln -sf ${pkgs.postfix}/etc/postfix/postfix-files /var/postfix/conf - - ln -sf ${aliasesFile} /var/postfix/conf/aliases - ln -sf ${virtualFile} /var/postfix/conf/virtual - ln -sf ${mainCfFile} /var/postfix/conf/main.cf - ln -sf ${masterCfFile} /var/postfix/conf/master.cf - ln -sf ${transportFile} /var/postfix/conf/transport - - ${pkgs.postfix}/sbin/postalias -c /var/postfix/conf /var/postfix/conf/aliases - ${pkgs.postfix}/sbin/postmap -c /var/postfix/conf /var/postfix/conf/virtual ''; script = '' - ${pkgs.postfix}/sbin/postfix -c /var/postfix/conf start + ${pkgs.postfix}/sbin/postfix -c /etc/postfix start ''; reload = '' - ${pkgs.postfix}/sbin/postfix -c /var/postfix/conf reload + ${pkgs.postfix}/sbin/postfix -c /etc/postfix reload ''; preStop = '' - ${pkgs.postfix}/sbin/postfix -c /var/postfix/conf stop + ${pkgs.postfix}/sbin/postfix -c /etc/postfix stop ''; }; From 902dd35d47d5ab62345f2e17537818cc69cc5cb9 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Sat, 9 Jan 2016 18:16:29 +0300 Subject: [PATCH 07/11] nixos/postfix: move scripts to serviceConfig --- nixos/modules/services/mail/postfix.nix | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix index cbce53a1727..9c3c7745021 100644 --- a/nixos/modules/services/mail/postfix.nix +++ b/nixos/modules/services/mail/postfix.nix @@ -410,6 +410,9 @@ in Type = "forking"; Restart = "always"; PIDFile = "/var/lib/postfix/queue/pid/master.pid"; + ExecStart = "${pkgs.postfix}/bin/postfix -c /etc/postfix start"; + ExecStop = "${pkgs.postfix}/bin/postfix -c /etc/postfix stop"; + ExecReload = "${pkgs.postfix}/bin/postfix -c /etc/postfix reload"; }; preStart = '' @@ -443,19 +446,6 @@ in ${pkgs.coreutils}/bin/chmod a+rwxt /var/spool/mail ${pkgs.coreutils}/bin/ln -sf /var/spool/mail /var/ ''; - - script = '' - ${pkgs.postfix}/sbin/postfix -c /etc/postfix start - ''; - - reload = '' - ${pkgs.postfix}/sbin/postfix -c /etc/postfix reload - ''; - - preStop = '' - ${pkgs.postfix}/sbin/postfix -c /etc/postfix stop - ''; - }; }; From 9c502abb1cd764b6c0dd3099705273b8e8ef36bf Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Tue, 12 Jan 2016 17:56:54 +0300 Subject: [PATCH 08/11] nixos/postfix: use path instead of direct package mentions --- nixos/modules/services/mail/postfix.nix | 37 +++++++++++++------------ 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix index 9c3c7745021..4d5f9c8c548 100644 --- a/nixos/modules/services/mail/postfix.nix +++ b/nixos/modules/services/mail/postfix.nix @@ -405,6 +405,7 @@ in wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; + path = [ pkgs.postfix ]; serviceConfig = { Type = "forking"; @@ -416,35 +417,35 @@ in }; preStart = '' - ${pkgs.coreutils}/bin/mkdir -p /var/lib/postfix/data /var/lib/postfix/queue/{pid,public,maildrop} + mkdir -p /var/lib/postfix/data /var/lib/postfix/queue/{pid,public,maildrop} - ${pkgs.coreutils}/bin/chown -R ${user}:${group} /var/lib/postfix - ${pkgs.coreutils}/bin/chown root /var/lib/postfix/queue - ${pkgs.coreutils}/bin/chown root /var/lib/postfix/queue/pid - ${pkgs.coreutils}/bin/chgrp -R ${setgidGroup} /var/lib/postfix/queue/{public,maildrop} - ${pkgs.coreutils}/bin/chmod 770 /var/lib/postfix/queue/{public,maildrop} + chown -R ${user}:${group} /var/lib/postfix + chown root /var/lib/postfix/queue + chown root /var/lib/postfix/queue/pid + chgrp -R ${setgidGroup} /var/lib/postfix/queue/{public,maildrop} + chmod 770 /var/lib/postfix/queue/{public,maildrop} - ${pkgs.coreutils}/bin/rm -rf /var/lib/postfix/conf - ${pkgs.coreutils}/bin/mkdir -p /var/lib/postfix/conf - ${pkgs.coreutils}/bin/ln -sf ${mainCfFile} /var/lib/postfix/conf/main.cf - ${pkgs.coreutils}/bin/ln -sf ${masterCfFile} /var/lib/postfix/conf/master.cf + rm -rf /var/lib/postfix/conf + mkdir -p /var/lib/postfix/conf + ln -sf ${mainCfFile} /var/lib/postfix/conf/main.cf + ln -sf ${masterCfFile} /var/lib/postfix/conf/master.cf ${optionalString haveAliases '' - ${pkgs.coreutils}/bin/ln -sf ${aliasesFile} /var/lib/postfix/conf/aliases - ${pkgs.postfix}/bin/postalias /var/lib/postfix/conf/aliases + ln -sf ${aliasesFile} /var/lib/postfix/conf/aliases + postalias /var/lib/postfix/conf/aliases ''} ${optionalString haveTransport '' ${pkgs.coreutils}/bin/ln -sf ${transportFile} /var/lib/postfix/conf/transport ${pkgs.postfix}/bin/postmap /var/lib/postfix/conf/transport ''} ${optionalString haveVirtual '' - ${pkgs.coreutils}/bin/ln -sf ${virtualFile} /var/lib/postfix/conf/virtual - ${pkgs.postfix}/bin/postmap /var/lib/postfix/conf/virtual + ln -sf ${virtualFile} /var/lib/postfix/conf/virtual + postmap /var/lib/postfix/conf/virtual ''} - ${pkgs.coreutils}/bin/mkdir -p /var/spool/mail - ${pkgs.coreutils}/bin/chown root:root /var/spool/mail - ${pkgs.coreutils}/bin/chmod a+rwxt /var/spool/mail - ${pkgs.coreutils}/bin/ln -sf /var/spool/mail /var/ + mkdir -p /var/spool/mail + chown root:root /var/spool/mail + chmod a+rwxt /var/spool/mail + ln -sf /var/spool/mail /var/ ''; }; From 1edb62b40abb54532d0f8c953409a551d23b35a4 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Sun, 10 Jan 2016 05:39:17 +0300 Subject: [PATCH 09/11] nixos/postfix: add options to compile additional maps and aliases --- nixos/modules/services/mail/postfix.nix | 175 +++++++++++++----------- 1 file changed, 97 insertions(+), 78 deletions(-) diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix index 4d5f9c8c548..00cabc505ca 100644 --- a/nixos/modules/services/mail/postfix.nix +++ b/nixos/modules/services/mail/postfix.nix @@ -356,6 +356,18 @@ in description = "Extra lines to append to the generated master.cf file."; }; + aliasFiles = mkOption { + type = types.attrsOf types.path; + default = {}; + description = "Aliases' tables to be compiled and placed into /var/lib/postfix/conf."; + }; + + mapFiles = mkOption { + type = types.attrsOf types.path; + default = {}; + description = "Maps to be compiled and placed into /var/lib/postfix/conf."; + }; + }; }; @@ -363,92 +375,99 @@ in ###### implementation - config = mkIf config.services.postfix.enable { + config = mkIf config.services.postfix.enable (mkMerge [ + { - environment = { - etc = singleton - { source = "/var/lib/postfix/conf"; - target = "postfix"; + environment = { + etc = singleton + { source = "/var/lib/postfix/conf"; + target = "postfix"; + }; + + # This makes comfortable for root to run 'postqueue' for example. + systemPackages = [ pkgs.postfix ]; + }; + + services.mail.sendmailSetuidWrapper = mkIf config.services.postfix.setSendmail { + program = "sendmail"; + source = "${pkgs.postfix}/bin/sendmail"; + group = setgidGroup; + setuid = false; + setgid = true; + }; + + users.extraUsers = optional (user == "postfix") + { name = "postfix"; + description = "Postfix mail server user"; + uid = config.ids.uids.postfix; + group = group; }; - # This makes comfortable for root to run 'postqueue' for example. - systemPackages = [ pkgs.postfix ]; - }; - - services.mail.sendmailSetuidWrapper = mkIf config.services.postfix.setSendmail { - program = "sendmail"; - source = "${pkgs.postfix}/bin/sendmail"; - group = setgidGroup; - setuid = false; - setgid = true; - }; - - users.extraUsers = optional (user == "postfix") - { name = "postfix"; - description = "Postfix mail server user"; - uid = config.ids.uids.postfix; - group = group; - }; - - users.extraGroups = - optional (group == "postfix") - { name = group; - gid = config.ids.gids.postfix; - } - ++ optional (setgidGroup == "postdrop") - { name = setgidGroup; - gid = config.ids.gids.postdrop; - }; - - systemd.services.postfix = - { description = "Postfix mail server"; - - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - path = [ pkgs.postfix ]; - - serviceConfig = { - Type = "forking"; - Restart = "always"; - PIDFile = "/var/lib/postfix/queue/pid/master.pid"; - ExecStart = "${pkgs.postfix}/bin/postfix -c /etc/postfix start"; - ExecStop = "${pkgs.postfix}/bin/postfix -c /etc/postfix stop"; - ExecReload = "${pkgs.postfix}/bin/postfix -c /etc/postfix reload"; + users.extraGroups = + optional (group == "postfix") + { name = group; + gid = config.ids.gids.postfix; + } + ++ optional (setgidGroup == "postdrop") + { name = setgidGroup; + gid = config.ids.gids.postdrop; }; - preStart = '' - mkdir -p /var/lib/postfix/data /var/lib/postfix/queue/{pid,public,maildrop} + systemd.services.postfix = + { description = "Postfix mail server"; - chown -R ${user}:${group} /var/lib/postfix - chown root /var/lib/postfix/queue - chown root /var/lib/postfix/queue/pid - chgrp -R ${setgidGroup} /var/lib/postfix/queue/{public,maildrop} - chmod 770 /var/lib/postfix/queue/{public,maildrop} + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + path = [ pkgs.postfix ]; - rm -rf /var/lib/postfix/conf - mkdir -p /var/lib/postfix/conf - ln -sf ${mainCfFile} /var/lib/postfix/conf/main.cf - ln -sf ${masterCfFile} /var/lib/postfix/conf/master.cf - ${optionalString haveAliases '' - ln -sf ${aliasesFile} /var/lib/postfix/conf/aliases - postalias /var/lib/postfix/conf/aliases - ''} - ${optionalString haveTransport '' - ${pkgs.coreutils}/bin/ln -sf ${transportFile} /var/lib/postfix/conf/transport - ${pkgs.postfix}/bin/postmap /var/lib/postfix/conf/transport - ''} - ${optionalString haveVirtual '' - ln -sf ${virtualFile} /var/lib/postfix/conf/virtual - postmap /var/lib/postfix/conf/virtual - ''} + serviceConfig = { + Type = "forking"; + Restart = "always"; + PIDFile = "/var/lib/postfix/queue/pid/master.pid"; + ExecStart = "${pkgs.postfix}/bin/postfix start"; + ExecStop = "${pkgs.postfix}/bin/postfix stop"; + ExecReload = "${pkgs.postfix}/bin/postfix reload"; + }; - mkdir -p /var/spool/mail - chown root:root /var/spool/mail - chmod a+rwxt /var/spool/mail - ln -sf /var/spool/mail /var/ - ''; - }; + preStart = '' + mkdir -p /var/lib/postfix/data /var/lib/postfix/queue/{pid,public,maildrop} - }; + chown -R ${user}:${group} /var/lib/postfix + chown root /var/lib/postfix/queue + chown root /var/lib/postfix/queue/pid + chgrp -R ${setgidGroup} /var/lib/postfix/queue/{public,maildrop} + chmod 770 /var/lib/postfix/queue/{public,maildrop} + + rm -rf /var/lib/postfix/conf + mkdir -p /var/lib/postfix/conf + ln -sf ${mainCfFile} /var/lib/postfix/conf/main.cf + ln -sf ${masterCfFile} /var/lib/postfix/conf/master.cf + ${concatStringsSep "\n" (mapAttrsToList (to: from: '' + ln -sf ${from} /var/lib/postfix/conf/${to} + postalias /var/lib/postfix/conf/${to} + '') cfg.aliasFiles)} + ${concatStringsSep "\n" (mapAttrsToList (to: from: '' + ln -sf ${from} /var/lib/postfix/conf/${to} + postmap /var/lib/postfix/conf/${to} + '') cfg.mapFiles)} + + mkdir -p /var/spool/mail + chown root:root /var/spool/mail + chmod a+rwxt /var/spool/mail + ln -sf /var/spool/mail /var/ + ''; + }; + } + + (mkIf haveAliases { + services.postfix.aliasFiles."aliases" = aliasesFile; + }) + (mkIf haveTransport { + services.postfix.mapFiles."transport" = transportFile; + }) + (mkIf haveVirtual { + services.postfix.mapFiles."virtual" = virtualFile; + }) + ]); } From be2b9898422c6c33af9108ffc126e1479ad728ed Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Sat, 9 Jan 2016 20:25:36 +0300 Subject: [PATCH 10/11] postfix30: build with pcre, add database drivers support --- pkgs/servers/mail/postfix/3.0.nix | 42 +++++++++++++++++++++---------- 1 file changed, 29 insertions(+), 13 deletions(-) diff --git a/pkgs/servers/mail/postfix/3.0.nix b/pkgs/servers/mail/postfix/3.0.nix index 786107e9393..73ab8c8116f 100644 --- a/pkgs/servers/mail/postfix/3.0.nix +++ b/pkgs/servers/mail/postfix/3.0.nix @@ -1,8 +1,25 @@ -{ stdenv, fetchurl, makeWrapper, gnused, db, openssl, cyrus_sasl, coreutils -, findutils, gnugrep, gawk, icu +{ stdenv, lib, fetchurl, makeWrapper, gnused, db, openssl, cyrus_sasl +, coreutils, findutils, gnugrep, gawk, icu, pcre +, withPgSQL ? false, postgresql +, withMySQL ? false, libmysql +, withSQLite ? false, sqlite }: -stdenv.mkDerivation rec { +let + ccargs = lib.concatStringsSep " " ([ + "-DUSE_TLS" "-DUSE_SASL_AUTH" "-DUSE_CYRUS_SASL" "-I${cyrus_sasl}/include/sasl" + "-DHAS_DB_BYPASS_MAKEDEFS_CHECK" + "-fPIE" "-fstack-protector-all" "--param" "ssp-buffer-size=4" "-O2" "-D_FORTIFY_SOURCE=2" + ] ++ lib.optional withPgSQL "-DHAS_PGSQL" + ++ lib.optionals withMySQL [ "-DHAS_MYSQL" "-I${libmysql}/include/mysql" ] + ++ lib.optional withSQLite "-DHAS_SQLITE"); + auxlibs = lib.concatStringsSep " " ([ + "-ldb" "-lnsl" "-lresolv" "-lsasl2" "-lcrypto" "-lssl" "-pie" "-Wl,-z,relro,-z,now" + ] ++ lib.optional withPgSQL "-lpq" + ++ lib.optional withMySQL "-lmysqlclient" + ++ lib.optional withSQLite "-lsqlite3"); + +in stdenv.mkDerivation rec { name = "postfix-${version}"; @@ -13,7 +30,10 @@ stdenv.mkDerivation rec { sha256 = "00mc12k5p1zlrlqcf33vh5zizaqr5ai8q78dwv69smjh6kn4c7j0"; }; - buildInputs = [ makeWrapper gnused db openssl cyrus_sasl icu ]; + buildInputs = [ makeWrapper gnused db openssl cyrus_sasl icu pcre ] + ++ lib.optional withPgSQL postgresql + ++ lib.optional withMySQL libmysql + ++ lib.optional withSQLite sqlite; patches = [ ./postfix-script-shell.patch ./postfix-3.0-no-warnings.patch ]; @@ -33,16 +53,12 @@ stdenv.mkDerivation rec { export readme_directory=$out/share/postfix/doc export sendmail_path=$out/bin/sendmail - make makefiles \ - CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I${cyrus_sasl}/include/sasl \ - -DHAS_DB_BYPASS_MAKEDEFS_CHECK \ - -fPIE -fstack-protector-all --param ssp-buffer-size=4 -O2 -D_FORTIFY_SOURCE=2' \ - AUXLIBS='-ldb -lnsl -lresolv -lsasl2 -lcrypto -lssl -pie -Wl,-z,relro,-z,now' + make makefiles CCARGS='${ccargs}' AUXLIBS='${auxlibs}' ''; installTargets = [ "non-interactive-package" ]; - installFlags = [ " install_root=installdir " ]; + installFlags = [ "install_root=installdir" ]; postInstall = '' mkdir -p $out @@ -58,9 +74,9 @@ stdenv.mkDerivation rec { meta = { homepage = "http://www.postfix.org/"; description = "A fast, easy to administer, and secure mail server"; - license = stdenv.lib.licenses.bsdOriginal; - platforms = stdenv.lib.platforms.linux; - maintainers = [ stdenv.lib.maintainers.rickynils ]; + license = lib.licenses.bsdOriginal; + platforms = lib.platforms.linux; + maintainers = [ lib.maintainers.rickynils ]; }; } From d3a19f1b8e65668ca711c4f329ab0a296f3774c9 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Sun, 10 Jan 2016 15:33:23 +0300 Subject: [PATCH 11/11] nixos/postfix: backwards compatibility with /var/postfix --- nixos/modules/services/mail/postfix.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix index 00cabc505ca..ab6ad390600 100644 --- a/nixos/modules/services/mail/postfix.nix +++ b/nixos/modules/services/mail/postfix.nix @@ -430,6 +430,11 @@ in }; preStart = '' + # Backwards compatibility + if [ ! -d /var/lib/postfix ] && [ -d /var/postfix ]; then + mkdir -p /var/lib + mv /var/postfix /var/lib/postfix + fi mkdir -p /var/lib/postfix/data /var/lib/postfix/queue/{pid,public,maildrop} chown -R ${user}:${group} /var/lib/postfix