From 7a5c9631f72eeb049cd5c892d84cebd81e6a5019 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 5 Mar 2016 12:57:46 +0100 Subject: tv nginx: expose /etc/os-release --- tv/1systems/nomic.nix | 2 +- tv/1systems/wu.nix | 2 +- tv/1systems/xu.nix | 2 +- tv/2configs/default.nix | 1 + tv/2configs/nginx-public_html.nix | 15 --------------- tv/2configs/nginx/default.nix | 17 +++++++++++++++++ tv/2configs/nginx/public_html.nix | 15 +++++++++++++++ 7 files changed, 36 insertions(+), 18 deletions(-) delete mode 100644 tv/2configs/nginx-public_html.nix create mode 100644 tv/2configs/nginx/default.nix create mode 100644 tv/2configs/nginx/public_html.nix (limited to 'tv') diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix index fa9c90816..fed67a105 100644 --- a/tv/1systems/nomic.nix +++ b/tv/1systems/nomic.nix @@ -12,7 +12,7 @@ with config.krebs.lib; ../2configs/git.nix ../2configs/im.nix ../2configs/mail-client.nix - ../2configs/nginx-public_html.nix + ../2configs/nginx/public_html.nix ../2configs/pulse.nix ../2configs/retiolum.nix ../2configs/wu-binary-cache/client.nix diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index 0bf242109..f64918a35 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -13,7 +13,7 @@ with config.krebs.lib; ../2configs/im.nix ../2configs/mail-client.nix ../2configs/man.nix - ../2configs/nginx-public_html.nix + ../2configs/nginx/public_html.nix ../2configs/pulse.nix ../2configs/retiolum.nix ../2configs/wu-binary-cache diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 46fb59ff3..6ab8f2d61 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -12,7 +12,7 @@ with config.krebs.lib; ../2configs/git.nix ../2configs/mail-client.nix ../2configs/man.nix - ../2configs/nginx-public_html.nix + ../2configs/nginx/public_html.nix ../2configs/pulse.nix ../2configs/retiolum.nix ../2configs/wu-binary-cache/client.nix diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 0a3e40a5c..df5d5da29 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -26,6 +26,7 @@ with config.krebs.lib; imports = [ ./backup.nix + ./nginx ./vim.nix { # stockholm dependencies diff --git a/tv/2configs/nginx-public_html.nix b/tv/2configs/nginx-public_html.nix deleted file mode 100644 index 15a3b5482..000000000 --- a/tv/2configs/nginx-public_html.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, lib, ... }: - -with config.krebs.lib; - -{ - krebs.nginx = { - enable = true; - servers.default.locations = [ - (nameValuePair "~ ^/~(.+?)(/.*)?\$" '' - alias /home/$1/public_html$2; - '') - ]; - }; - tv.iptables.input-internet-accept-new-tcp = singleton "http"; -} diff --git a/tv/2configs/nginx/default.nix b/tv/2configs/nginx/default.nix new file mode 100644 index 000000000..1fac65a31 --- /dev/null +++ b/tv/2configs/nginx/default.nix @@ -0,0 +1,17 @@ +{ config, lib, ... }: + +with config.krebs.lib; + +{ + krebs.nginx = { + servers.default.locations = [ + (nameValuePair "= /etc/os-release" '' + default_type text/plain; + alias /etc/os-release; + '') + ]; + }; + tv.iptables = optionalAttrs config.krebs.nginx.enable { + input-retiolum-accept-new-tcp = singleton "http"; + }; +} diff --git a/tv/2configs/nginx/public_html.nix b/tv/2configs/nginx/public_html.nix new file mode 100644 index 000000000..15a3b5482 --- /dev/null +++ b/tv/2configs/nginx/public_html.nix @@ -0,0 +1,15 @@ +{ config, lib, ... }: + +with config.krebs.lib; + +{ + krebs.nginx = { + enable = true; + servers.default.locations = [ + (nameValuePair "~ ^/~(.+?)(/.*)?\$" '' + alias /home/$1/public_html$2; + '') + ]; + }; + tv.iptables.input-internet-accept-new-tcp = singleton "http"; +} -- cgit v1.3.1 From 0106f4ff07174592bab7bdc14679a9654b92dfab Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 5 Mar 2016 19:54:18 +0100 Subject: tv exim-smarthost: set dkim.domain --- tv/2configs/exim-smarthost.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'tv') diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix index 3ea010524..2beaa28ef 100644 --- a/tv/2configs/exim-smarthost.nix +++ b/tv/2configs/exim-smarthost.nix @@ -5,6 +5,9 @@ with config.krebs.lib; { krebs.exim-smarthost = { enable = true; + dkim = { + domain = "viljetic.de"; + }; sender_domains = [ "krebsco.de" "shackspace.de" -- cgit v1.3.1 From 421f346257ac19612822b1f0fde9f21d3b5e7955 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 5 Mar 2016 20:28:08 +0100 Subject: krebs.exim-smarthost.dkim: support multiple domains --- krebs/3modules/exim-smarthost.nix | 41 ++++++++++++++++++++++----------------- tv/2configs/exim-smarthost.nix | 6 +++--- 2 files changed, 26 insertions(+), 21 deletions(-) (limited to 'tv') diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index 45219885f..6c48f1225 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -12,15 +12,9 @@ let api = { enable = mkEnableOption "krebs.exim-smarthost"; - # TODO DKIM for multiple domains dkim = mkOption { - default = null; - type = types.nullOr (types.submodule ({ config, ... }: { + type = types.listOf (types.submodule ({ config, ... }: { options = { - canon = mkOption { - type = types.enum ["relaxed"]; - default = "relaxed"; - }; domain = mkOption { type = types.str; }; @@ -38,6 +32,7 @@ let }; }; })); + default = []; }; internet-aliases = mkOption { @@ -100,10 +95,11 @@ let }; imp = { - krebs.secret.files = mkIf (cfg.dkim != null) { - exim-dkim_private_key = cfg.dkim.private_key; - }; - systemd.services = mkIf (cfg.dkim != null) { + krebs.secret.files = listToAttrs (flip map cfg.dkim (dkim: { + name = "exim.dkim_private_key/${dkim.domain}"; + value = dkim.private_key; + })); + systemd.services = mkIf (cfg.dkim != []) { exim = { after = [ "secret.service" ]; requires = [ "secret.service" ]; @@ -230,11 +226,11 @@ let remote_smtp: driver = smtp - ${optionalString (cfg.dkim != null) '' - dkim_domain = ${cfg.dkim.domain} - dkim_selector = ${cfg.dkim.selector} - dkim_private_key = ${cfg.dkim.private_key.path} - dkim_canon = ${cfg.dkim.canon} + ${optionalString (cfg.dkim != []) '' + dkim_canon = relaxed + dkim_domain = $sender_address_domain + dkim_private_key = ''${lookup{$sender_address_domain}lsearch{${lsearch.dkim_private_key}}} + dkim_selector = ''${lookup{$sender_address_domain}lsearch{${lsearch.dkim_selector}}} ''} helo_data = ''${if eq{$acl_m_special_dom}{} \ {$primary_hostname} \ @@ -264,10 +260,19 @@ let }; - lsearch = mapAttrs (name: set: toFile name (to-lsearch set)) { + lsearch = mapAttrs (name: set: toFile name (to-lsearch set)) ({ inherit (cfg) internet-aliases; inherit (cfg) system-aliases; - }; + } // optionalAttrs (cfg.dkim != []) { + dkim_private_key = flip map cfg.dkim (dkim: { + from = dkim.domain; + to = dkim.private_key.path; + }); + dkim_selector = flip map cfg.dkim (dkim: { + from = dkim.domain; + to = dkim.selector; + }); + }); to-lsearch = concatMapStringsSep "\n" ({ from, to, ... }: "${from}: ${to}"); diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix index 2beaa28ef..280d8572b 100644 --- a/tv/2configs/exim-smarthost.nix +++ b/tv/2configs/exim-smarthost.nix @@ -5,9 +5,9 @@ with config.krebs.lib; { krebs.exim-smarthost = { enable = true; - dkim = { - domain = "viljetic.de"; - }; + dkim = [ + { domain = "viljetic.de"; } + ]; sender_domains = [ "krebsco.de" "shackspace.de" -- cgit v1.3.1 From 198407f70fdeacaae5dac6e4ec305629a5368410 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 5 Mar 2016 22:27:54 +0100 Subject: nq: RIP --- krebs/5pkgs/nq/default.nix | 16 ---------------- mv/1systems/stro.nix | 1 - tv/1systems/wu.nix | 1 - tv/1systems/xu.nix | 1 - 4 files changed, 19 deletions(-) delete mode 100644 krebs/5pkgs/nq/default.nix (limited to 'tv') diff --git a/krebs/5pkgs/nq/default.nix b/krebs/5pkgs/nq/default.nix deleted file mode 100644 index 0f397a43c..000000000 --- a/krebs/5pkgs/nq/default.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ fetchgit, stdenv }: - -stdenv.mkDerivation rec { - name = "nq-${rev}"; - rev = "0eae839cb1"; - - src = fetchgit { - url = https://github.com/chneukirchen/nq; - inherit rev; - sha256 = "1150274750cde934932d65bd6053d7a0ba2404a59eadfb87fc6bd8a4fb70febb"; - }; - - configurePhase = '' - sed -i "s:^PREFIX=.*:PREFIX=$out:" Makefile - ''; -} diff --git a/mv/1systems/stro.nix b/mv/1systems/stro.nix index f251cb092..520bf14eb 100644 --- a/mv/1systems/stro.nix +++ b/mv/1systems/stro.nix @@ -56,7 +56,6 @@ with config.krebs.lib; netcat nix-repl nmap - nq p7zip pass posix_man_pages diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index f64918a35..27dd12520 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -46,7 +46,6 @@ with config.krebs.lib; netcat nix-repl nmap - nq p7zip push qrencode diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 6ab8f2d61..96a0545a7 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -58,7 +58,6 @@ with config.krebs.lib; netcat nix-repl nmap - nq p7zip pass qrencode -- cgit v1.3.1