krebs.exim*: admit *.r

author: tv <tv@krebsco.de> 2016-02-21 21:51:11 +0100
committer: tv <tv@krebsco.de> 2016-02-21 22:08:30 +0100
commit: a73eaae18c3e873c09c313590a0ab8dad1fbc5d9 (patch)
tree: cef5c64d779bb3e183ce925553e65861cd5a3805
parent: de5de37a12771db395f7bc1954be52f51f54b9e2 (diff)
5 files changed, 61 insertions, 32 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 662fd6489..186469e97 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -143,12 +143,11 @@ let
         { text=(stripEmptyLines value); }) all-zones;
 
       krebs.exim-smarthost.internet-aliases = let
-        format = from: to:
+        format = from: to: {
+          inherit from;
           # TODO assert is-retiolum-mail-address to;
-          { inherit from;
-            to = if typeOf to == "list"
-                   then concatMapStringsSep "," (getAttr "mail") to
-                   else to.mail; };
+          to = concatMapStringsSep "," (getAttr "mail") (toList to);
+        };
       in mapAttrsToList format (with config.krebs.users; let
         spam-ml = [
           lass
@@ -167,6 +166,10 @@ let
         "makefu@retiolum" = makefu;
         "spam@retiolum" = spam-ml;
         "tv@retiolum" = tv;
+        "lass@r" = lass;
+        "makefu@r" = makefu;
+        "spam@r" = spam-ml;
+        "tv@r" = tv;
       });
 
       services.openssh.hostKeys =
diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix
index 1722eef1f..6e6928f89 100644
--- a/krebs/3modules/exim-retiolum.nix
+++ b/krebs/3modules/exim-retiolum.nix
@@ -11,6 +11,24 @@ let
 
   api = {
     enable = mkEnableOption "krebs.exim-retiolum";
+    local_domains = mkOption {
+      type = with types; listOf hostname;
+      default = ["localhost"] ++ config.krebs.build.host.nets.retiolum.aliases;
+    };
+    primary_hostname = mkOption {
+      type = types.str;
+      default = let x = "${config.krebs.build.host.name}.r"; in
+        assert elem x config.krebs.build.host.nets.retiolum.aliases;
+        x;
+    };
+    relay_to_domains = mkOption {
+      # TODO hostname with wildcards
+      type = with types; listOf str;
+      default = [
+        "*.r"
+        "*.retiolum"
+      ];
+    };
   };
 
   imp = {
@@ -21,9 +39,9 @@ let
         # TODO modular configuration
         assert config.krebs.retiolum.enable;
         ''
-          primary_hostname = ${retiolumHostname}
-          domainlist local_domains    = @ : localhost
-          domainlist relay_to_domains = *.retiolum
+          primary_hostname = ${cfg.primary_hostname}
+          domainlist local_domains = ${concatStringsSep ":" cfg.local_domains}
+          domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains}
           hostlist   relay_from_hosts = <; 127.0.0.1 ; ::1
 
           acl_smtp_rcpt = acl_check_rcpt
@@ -85,7 +103,7 @@ let
 
           retiolum:
             driver = manualroute
-            domains = ! ${retiolumHostname} : *.retiolum
+            domains = ! +local_domains : +relay_to_domains
             transport = remote_smtp
             route_list = ^.* $0 byname
             no_more
@@ -125,8 +143,8 @@ let
           # mode = 0660
 
           begin retry
-          *.retiolum             *           F,42d,1m
-          *                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h
+          ${concatMapStringsSep "\n" (k: "${k} * F,42d,1m") cfg.relay_to_domains}
+          * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
 
           begin rewrite
 
@@ -134,8 +152,4 @@ let
         '';
     };
   };
-
-  # TODO get the hostname from somewhere else.
-  retiolumHostname = "${config.networking.hostName}.retiolum";
-in
-out
+in out
diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix
index 267ee2900..c976e89de 100644
--- a/krebs/3modules/exim-smarthost.nix
+++ b/krebs/3modules/exim-smarthost.nix
@@ -25,14 +25,31 @@ let
       }));
     };
 
+    local_domains = mkOption {
+      type = with types; listOf hostname;
+      default = ["localhost"] ++ config.krebs.build.host.nets.retiolum.aliases;
+    };
+
     relay_from_hosts = mkOption {
       type = with types; listOf str;
       default = [];
+      apply = xs: ["127.0.0.1" "::1"] ++ xs;
+    };
+
+    relay_to_domains = mkOption {
+      # TODO hostname with wildcards
+      type = with types; listOf str;
+      default = [
+        "*.r"
+        "*.retiolum"
+      ];
     };
 
     primary_hostname = mkOption {
       type = types.str;
-      default = "${config.networking.hostName}.retiolum";
+      default = let x = "${config.krebs.build.host.name}.r"; in
+        assert elem x config.krebs.build.host.nets.retiolum.aliases;
+        x;
     };
 
     sender_domains = mkOption {
@@ -63,19 +80,11 @@ let
         # HOST_REDIR contains the real destinations for "local_domains".
         #HOST_REDIR = /etc/exim4/host_redirect
 
-
         # Domains not listed in local_domains need to be deliverable remotely.
         # XXX We abuse local_domains to mean "domains, we're the gateway for".
-        domainlist local_domains = @ : localhost
-        domainlist relay_to_domains =
-        hostlist relay_from_hosts = <;${concatStringsSep ";" (
-          [
-            "127.0.0.1"
-            "::1"
-          ]
-          ++
-          cfg.relay_from_hosts
-        )}
+        domainlist local_domains = ${concatStringsSep ":" cfg.local_domains}
+        domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains}
+        hostlist relay_from_hosts = <;${concatStringsSep ";" cfg.relay_from_hosts}
 
         acl_smtp_rcpt = acl_check_rcpt
         acl_smtp_data = acl_check_data
@@ -144,7 +153,7 @@ let
         retiolum:
           debug_print = "R: retiolum for $local_part@$domain"
           driver = manualroute
-          domains = ! ${cfg.primary_hostname} : *.retiolum
+          domains = ! +local_domains : +relay_to_domains
           transport = retiolum_smtp
           route_list = ^.* $0 byname
           no_more
@@ -197,8 +206,11 @@ let
           return_path_add
 
         begin retry
-        *.retiolum             *           F,42d,1m
-        *                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h
+        ${concatMapStringsSep "\n" (k: "${k} * F,42d,1m") cfg.relay_to_domains}
+        ${concatMapStringsSep "\n" (k: "${k} * F,42d,1m")
+                                   # TODO don't include relay_to_domains
+                                   (map (getAttr "from") cfg.internet-aliases)}
+        * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
 
         begin rewrite
         begin authenticators
diff --git a/krebs/3modules/shared/default.nix b/krebs/3modules/shared/default.nix
index 208b596f8..ccd15b569 100644
--- a/krebs/3modules/shared/default.nix
+++ b/krebs/3modules/shared/default.nix
@@ -15,6 +15,7 @@ let
         addrs4 = ["10.243.111.111"];
         addrs6 = ["42:0:0:0:0:0:0:7357"];
         aliases = [
+          "test.r"
           "test.retiolum"
         ];
         tinc.pubkey = ''
diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix
index 4b49e20b1..3bb022d77 100644
--- a/tv/2configs/exim-smarthost.nix
+++ b/tv/2configs/exim-smarthost.nix
@@ -5,7 +5,6 @@ with config.krebs.lib;
 {
   krebs.exim-smarthost = {
     enable = true;
-    primary_hostname = "${config.networking.hostName}.retiolum";
     sender_domains = [
       "shackspace.de"
       "viljetic.de"
author	tv <tv@krebsco.de>	2016-02-21 21:51:11 +0100
committer	tv <tv@krebsco.de>	2016-02-21 22:08:30 +0100
commit	a73eaae18c3e873c09c313590a0ab8dad1fbc5d9 (patch)
tree	cef5c64d779bb3e183ce925553e65861cd5a3805
parent	de5de37a12771db395f7bc1954be52f51f54b9e2 (diff)