X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fmail%2Fsympa.nix;h=0626ac0c4611f24f8cae211975eb5de5b8cefd87;hb=5315b439af1f72c3282549508ae58d86d66e38ec;hp=1a696d036029d40942d41f0e84d0fef782606aea;hpb=4e07970c88f474bc45ae3e723c62df5f6711833e;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/mail/sympa.nix b/modules/private/mail/sympa.nix
index 1a696d0..0626ac0 100644
--- a/modules/private/mail/sympa.nix
+++ b/modules/private/mail/sympa.nix
@@ -15,9 +15,6 @@ in
         }
       ];
     };
-    services.duplyBackup.profiles.sympa = {
-      rootDir = "/var/lib/sympa";
-    };
     services.websites.env.tools.vhostConfs.mail = {
       extraConfig = lib.mkAfter [
         ''
@@ -34,28 +31,37 @@ in
       ];
     };
 
-    secrets.keys = [
-      {
-        dest = "sympa/db_password";
+    secrets.keys = {
+      "sympa/db_password" = {
         permissions = "0400";
         group = "sympa";
         user = "sympa";
         text = sympaConfig.postgresql.password;
-      }
-    ]
-    ++ lib.mapAttrsToList (n: v: {
-      dest = "sympa/data_sources/${n}.incl"; permissions = "0400"; group = "sympa"; user = "sympa"; text = v;
+      };
+    }
+    // lib.mapAttrs' (n: v: lib.nameValuePair "sympa/data_sources/${n}.incl" {
+      permissions = "0400"; group = "sympa"; user = "sympa"; text = v;
     }) sympaConfig.data_sources
-    ++ lib.mapAttrsToList (n: v: {
-      dest = "sympa/scenari/${n}"; permissions = "0400"; group = "sympa"; user = "sympa"; text = v;
+    // lib.mapAttrs' (n: v: lib.nameValuePair "sympa/scenari/${n}" {
+      permissions = "0400"; group = "sympa"; user = "sympa"; text = v;
     }) sympaConfig.scenari;
     users.users.sympa.extraGroups = [ "keys" ];
+    systemd.slices.mail-sympa = {
+      description = "Sympa slice";
+    };
+
     systemd.services.sympa.serviceConfig.SupplementaryGroups = [ "keys" ];
     systemd.services.sympa-archive.serviceConfig.SupplementaryGroups = [ "keys" ];
     systemd.services.sympa-bounce.serviceConfig.SupplementaryGroups = [ "keys" ];
     systemd.services.sympa-bulk.serviceConfig.SupplementaryGroups = [ "keys" ];
     systemd.services.sympa-task.serviceConfig.SupplementaryGroups = [ "keys" ];
 
+    systemd.services.sympa.serviceConfig.Slice = "mail-sympa.slice";
+    systemd.services.sympa-archive.serviceConfig.Slice = "mail-sympa.slice";
+    systemd.services.sympa-bounce.serviceConfig.Slice = "mail-sympa.slice";
+    systemd.services.sympa-bulk.serviceConfig.Slice = "mail-sympa.slice";
+    systemd.services.sympa-task.serviceConfig.Slice = "mail-sympa.slice";
+
     # https://github.com/NixOS/nixpkgs/pull/84202
     systemd.services.sympa.serviceConfig.ProtectKernelModules = lib.mkForce false;
     systemd.services.sympa-archive.serviceConfig.ProtectKernelModules = lib.mkForce false;
@@ -72,6 +78,7 @@ in
       wantedBy = [ "multi-user.target" ];
       after = [ "sympa.service" ];
       serviceConfig = {
+        Slice = "mail-sympa.slice";
         Type = "forking";
         PIDFile = "/run/sympa/wwsympa.pid";
         Restart = "always";
@@ -83,7 +90,7 @@ in
           -F 2 \
           -P /run/sympa/wwsympa.pid \
           -s /run/sympa/wwsympa.socket \
-          -- ${pkgs.sympa}/bin/wwsympa.fcgi
+          -- ${pkgs.sympa}/lib/sympa/cgi/wwsympa.fcgi
         '';
         StateDirectory = "sympa";
         ProtectHome = true;
@@ -94,9 +101,13 @@ in
 
     services.postfix = {
       mapFiles = {
+        # Update relay list when changing one of those
         sympa_virtual = pkgs.writeText "virtual.sympa" ''
           sympa-request@${domain} postmaster@immae.eu
           sympa-owner@${domain}   postmaster@immae.eu
+
+          sympa-request@cip-ca.fr postmaster@immae.eu
+          sympa-owner@cip-ca.fr   postmaster@immae.eu
         '';
         sympa_transport = pkgs.writeText "transport.sympa" ''
           ${domain}                        error:User unknown in recipient table
@@ -104,6 +115,11 @@ in
           listmaster@${domain}             sympa:listmaster@${domain}
           bounce@${domain}                 sympabounce:sympa@${domain}
           abuse-feedback-report@${domain}  sympabounce:sympa@${domain}
+
+          sympa@cip-ca.fr                  sympa:sympa@cip-ca.fr
+          listmaster@cip-ca.fr             sympa:listmaster@cip-ca.fr
+          bounce@cip-ca.fr                 sympabounce:sympa@cip-ca.fr
+          abuse-feedback-report@cip-ca.fr  sympabounce:sympa@cip-ca.fr
         '';
       };
       config = {
@@ -129,7 +145,7 @@ in
           args = [
             "flags=hqRu"
             "user=sympa"
-            "argv=${pkgs.sympa}/bin/queue"
+            "argv=${pkgs.sympa}/libexec/queue"
             "\${nexthop}"
           ];
         };
@@ -141,7 +157,7 @@ in
           args = [
             "flags=hqRu"
             "user=sympa"
-            "argv=${pkgs.sympa}/bin/bouncequeue"
+            "argv=${pkgs.sympa}/libexec/bouncequeue"
             "\${nexthop}"
           ];
         };
@@ -156,6 +172,10 @@ in
           webHost = "mail.immae.eu";
           webLocation = "/sympa";
         };
+        "cip-ca.fr" = {
+          webHost = "mail.cip-ca.fr";
+          webLocation = "/sympa";
+        };
       };
 
       database = {