nixos/pfix-srsd: migrate postfix integration from postfix module (fbc56958) · Commits · nix / nixpkgs

nixos/doc/manual/release-notes/rl-2511.section.md

+2 −0

Original line number	Diff line number	Diff line
		@@ -122,6 +122,8 @@

		- `services.postsrsd` now automatically integrates with the local Postfix instance, when enabled. This behavior can disabled using the [services.postsrsd.configurePostfix](#opt-services.postsrsd.configurePostfix) option.

		- `services.pfix-srsd` now automatically integrates with the local Postfix instance, when enabled. This behavior can disabled using the [services.pfix-srsd.configurePostfix](#opt-services.pfix-srsd.configurePostfix) option.

		- `services.monero` now includes the `environmentFile` option for adding secrets to the Monero daemon config.

		- `amdgpu` kernel driver overdrive mode can now be enabled by setting [hardware.amdgpu.overdrive.enable](#opt-hardware.amdgpu.overdrive.enable) and customized through [hardware.amdgpu.overdrive.ppfeaturemask](#opt-hardware.amdgpu.overdrive.ppfeaturemask).

+39 −16

Original line number	Diff line number	Diff line
		@@ -4,6 +4,10 @@
		pkgs,
		...
		}:

		let
		cfg = config.services.pfix-srsd;
		in
		{

		###### interface
		@@ -32,12 +36,30 @@
		type = lib.types.path;
		default = "/var/lib/pfix-srsd/secrets";
		};

		configurePostfix = lib.mkOption {
		type = lib.types.bool;
		default = true;
		description = ''
		Whether to configure the required settings to use pfix-srsd in the local Postfix instance.
		'';
		};
		};
		};

		###### implementation

		config = lib.mkIf config.services.pfix-srsd.enable {
		config = lib.mkMerge [
		(lib.mkIf (cfg.enable && cfg.configurePostfix && config.services.postfix.enable) {
		services.postfix.config = {
		sender_canonical_maps = [ "tcp:127.0.0.1:10001" ];
		sender_canonical_classes = [ "envelope_sender" ];
		recipient_canonical_maps = [ "tcp:127.0.0.1:10002" ];
		recipient_canonical_classes = [ "envelope_recipient" ];
		};
		})

		(lib.mkIf cfg.enable {
		environment = {
		systemPackages = [ pkgs.pfixtools ];
		};
		@@ -54,5 +76,6 @@
		ExecStart = "${pkgs.pfixtools}/bin/pfix-srsd -p /run/pfix-srsd.pid -I ${config.services.pfix-srsd.domain} ${config.services.pfix-srsd.secretsFile}";
		};
		};
		};
		})
		];
		}

+1 −14

Original line number	Diff line number	Diff line
		@@ -785,12 +785,6 @@ in
		description = "Maps to be compiled and placed into /var/lib/postfix/conf.";
		};

		useSrs = lib.mkOption {
		type = lib.types.bool;
		default = false;
		description = "Whether to enable sender rewriting scheme";
		};

		};

		};
		@@ -808,8 +802,6 @@ in
		systemPackages = [ pkgs.postfix ];
		};

		services.pfix-srsd.enable = config.services.postfix.useSrs;

		services.mail.sendmailSetuidWrapper = lib.mkIf config.services.postfix.setSendmail {
		program = "sendmail";
		source = "${pkgs.postfix}/bin/sendmail";
		@@ -1002,12 +994,6 @@ in
		] ++ lib.optional haveAliases "$alias_maps";
		}
		// lib.optionalAttrs (cfg.dnsBlacklists != [ ]) { smtpd_client_restrictions = clientRestrictions; }
		// lib.optionalAttrs cfg.useSrs {
		sender_canonical_maps = [ "tcp:127.0.0.1:10001" ];
		sender_canonical_classes = [ "envelope_sender" ];
		recipient_canonical_maps = [ "tcp:127.0.0.1:10002" ];
		recipient_canonical_classes = [ "envelope_recipient" ];
		}
		// lib.optionalAttrs cfg.enableHeaderChecks {
		header_checks = [ "regexp:/etc/postfix/header_checks" ];
		}
		@@ -1190,5 +1176,6 @@ in
		[ "services" "postfix" "config" "smtp_tls_security_level" ]
		(config: lib.mkIf config.services.postfix.useDane "dane")
		)
		(lib.mkRenamedOptionModule [ "services" "postfix" "useSrs" ] [ "services" "pfix-srsd" "enable" ])
		];
		}