From d1e4ee146d68a21c263d094acb416b050af32939 Mon Sep 17 00:00:00 2001 From: uwap Date: Thu, 9 Jun 2016 00:15:55 +0200 Subject: [PATCH 1/4] Postfix: Add an option to enable Submission Adds services.postfix.enableSubmission and services.postfix.extraSubmissionOptions to make it easy to enable submission in master.cf --- nixos/modules/services/mail/postfix.nix | 26 ++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix index bad9d527f9a1..e354ae668197 100644 --- a/nixos/modules/services/mail/postfix.nix +++ b/nixos/modules/services/mail/postfix.nix @@ -127,11 +127,14 @@ let # (yes) (yes) (no) (never) (100) # ========================================================================== smtp inet n - n - - smtpd - #submission inet n - n - - smtpd - # -o smtpd_tls_security_level=encrypt - # -o smtpd_sasl_auth_enable=yes - # -o smtpd_client_restrictions=permit_sasl_authenticated,reject - # -o milter_macro_daemon_name=ORIGINATING + '' + optionalString cfg.enableSubmission '' + submission inet n - n - - smtpd + -o smtpd_tls_security_level=encrypt + -o smtpd_sasl_auth_enable=yes + -o smtpd_client_restrictions=permit_sasl_authenticated,reject + ${cfg.extraSubmissionOptions} + '' + + '' pickup unix n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr unix n - n 300 1 qmgr @@ -201,6 +204,19 @@ in default = true; description = "Whether to enable smtp in master.cf."; }; + + enableSubmission = mkOption { + type = types.bool; + default = false; + description = "Whether to enable smtp submission in master.cf."; + }; + + extraSubmissionOptions = mkOption { + type = types.str; + default = ""; + description = "Extra options for the submission config in master.cf."; + example = "-o milter_macro_daemon_name=ORIGINATING"; + }; setSendmail = mkOption { type = types.bool; From cc658b695a2d6a49f9c94f0ac9d124de1f62b644 Mon Sep 17 00:00:00 2001 From: uwap Date: Thu, 9 Jun 2016 18:06:07 +0200 Subject: [PATCH 2/4] Make submission options more flexible --- nixos/modules/services/mail/postfix.nix | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix index e354ae668197..616018fc3079 100644 --- a/nixos/modules/services/mail/postfix.nix +++ b/nixos/modules/services/mail/postfix.nix @@ -129,10 +129,7 @@ let smtp inet n - n - - smtpd '' + optionalString cfg.enableSubmission '' submission inet n - n - - smtpd - -o smtpd_tls_security_level=encrypt - -o smtpd_sasl_auth_enable=yes - -o smtpd_client_restrictions=permit_sasl_authenticated,reject - ${cfg.extraSubmissionOptions} + ${concatStringsSep "\n " (mapAttrsToList (x: y: "-o " + x + "=" + y) cfg.submissionOptions)} '' + '' pickup unix n - n 60 1 pickup @@ -208,14 +205,17 @@ in enableSubmission = mkOption { type = types.bool; default = false; - description = "Whether to enable smtp submission in master.cf."; + description = "Whether to enable smtp submission"; }; - extraSubmissionOptions = mkOption { - type = types.str; - default = ""; - description = "Extra options for the submission config in master.cf."; - example = "-o milter_macro_daemon_name=ORIGINATING"; + submissionOptions = mkOption { + type = types.attrs; + default = { "smtpd_tls_security_level" = "encrypt"; + "smtpd_sasl_auth_enable" = "yes"; + "smtpd_client_restrictions" = "permit_sasl_authenticated,reject"; + }; + description = "Options for the submission config in master.cf"; + example = { "milter_macro_daemon_name" = "ORIGINATING"; }; }; setSendmail = mkOption { From ab0547b16fc9a80cb801041a78cb21bd05470139 Mon Sep 17 00:00:00 2001 From: uwap Date: Fri, 10 Jun 2016 14:51:43 +0200 Subject: [PATCH 3/4] Choose a better default for services.postfix.submissionOptions --- nixos/modules/services/mail/postfix.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix index 616018fc3079..c97aad774196 100644 --- a/nixos/modules/services/mail/postfix.nix +++ b/nixos/modules/services/mail/postfix.nix @@ -210,12 +210,13 @@ in submissionOptions = mkOption { type = types.attrs; - default = { "smtpd_tls_security_level" = "encrypt"; + default = {}; + description = "Options for the submission config in master.cf"; + example = { "smtpd_tls_security_level" = "encrypt"; "smtpd_sasl_auth_enable" = "yes"; "smtpd_client_restrictions" = "permit_sasl_authenticated,reject"; + "milter_macro_daemon_name" = "ORIGINATING"; }; - description = "Options for the submission config in master.cf"; - example = { "milter_macro_daemon_name" = "ORIGINATING"; }; }; setSendmail = mkOption { From 1e72706d667f33d5282d4a8f519d32837b3aa8bd Mon Sep 17 00:00:00 2001 From: uwap Date: Fri, 10 Jun 2016 15:10:28 +0200 Subject: [PATCH 4/4] Change default to postfix default. --- nixos/modules/services/mail/postfix.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix index c97aad774196..cdde41446224 100644 --- a/nixos/modules/services/mail/postfix.nix +++ b/nixos/modules/services/mail/postfix.nix @@ -210,10 +210,15 @@ in submissionOptions = mkOption { type = types.attrs; - default = {}; + default = { "smtpd_tls_security_level" = "encrypt"; + "smtpd_sasl_auth_enable" = "yes"; + "smtpd_client_restrictions" = "permit_sasl_authenticated,reject"; + "milter_macro_daemon_name" = "ORIGINATING"; + }; description = "Options for the submission config in master.cf"; example = { "smtpd_tls_security_level" = "encrypt"; "smtpd_sasl_auth_enable" = "yes"; + "smtpd_sasl_type" = "dovecot"; "smtpd_client_restrictions" = "permit_sasl_authenticated,reject"; "milter_macro_daemon_name" = "ORIGINATING"; };