X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fmail%2Fsympa.nix;h=0626ac0c4611f24f8cae211975eb5de5b8cefd87;hb=5315b439af1f72c3282549508ae58d86d66e38ec;hp=669c7100c1c64c972a8b85ba08dcdef193fd1f27;hpb=f5761aac8dbfb4af91c232f2b52d1353c899abda;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/modules/private/mail/sympa.nix b/modules/private/mail/sympa.nix index 669c710..0626ac0 100644 --- a/modules/private/mail/sympa.nix +++ b/modules/private/mail/sympa.nix @@ -15,9 +15,6 @@ in } ]; }; - services.duplyBackup.profiles.sympa = { - rootDir = "/var/lib/sympa"; - }; services.websites.env.tools.vhostConfs.mail = { extraConfig = lib.mkAfter [ '' @@ -34,28 +31,37 @@ in ]; }; - secrets.keys = [ - { - dest = "sympa/db_password"; + secrets.keys = { + "sympa/db_password" = { permissions = "0400"; group = "sympa"; user = "sympa"; text = sympaConfig.postgresql.password; - } - ] - ++ lib.mapAttrsToList (n: v: { - dest = "sympa/data_sources/${n}.incl"; permissions = "0400"; group = "sympa"; user = "sympa"; text = v; + }; + } + // lib.mapAttrs' (n: v: lib.nameValuePair "sympa/data_sources/${n}.incl" { + permissions = "0400"; group = "sympa"; user = "sympa"; text = v; }) sympaConfig.data_sources - ++ lib.mapAttrsToList (n: v: { - dest = "sympa/scenari/${n}"; permissions = "0400"; group = "sympa"; user = "sympa"; text = v; + // lib.mapAttrs' (n: v: lib.nameValuePair "sympa/scenari/${n}" { + permissions = "0400"; group = "sympa"; user = "sympa"; text = v; }) sympaConfig.scenari; users.users.sympa.extraGroups = [ "keys" ]; + systemd.slices.mail-sympa = { + description = "Sympa slice"; + }; + systemd.services.sympa.serviceConfig.SupplementaryGroups = [ "keys" ]; systemd.services.sympa-archive.serviceConfig.SupplementaryGroups = [ "keys" ]; systemd.services.sympa-bounce.serviceConfig.SupplementaryGroups = [ "keys" ]; systemd.services.sympa-bulk.serviceConfig.SupplementaryGroups = [ "keys" ]; systemd.services.sympa-task.serviceConfig.SupplementaryGroups = [ "keys" ]; + systemd.services.sympa.serviceConfig.Slice = "mail-sympa.slice"; + systemd.services.sympa-archive.serviceConfig.Slice = "mail-sympa.slice"; + systemd.services.sympa-bounce.serviceConfig.Slice = "mail-sympa.slice"; + systemd.services.sympa-bulk.serviceConfig.Slice = "mail-sympa.slice"; + systemd.services.sympa-task.serviceConfig.Slice = "mail-sympa.slice"; + # https://github.com/NixOS/nixpkgs/pull/84202 systemd.services.sympa.serviceConfig.ProtectKernelModules = lib.mkForce false; systemd.services.sympa-archive.serviceConfig.ProtectKernelModules = lib.mkForce false; @@ -72,6 +78,7 @@ in wantedBy = [ "multi-user.target" ]; after = [ "sympa.service" ]; serviceConfig = { + Slice = "mail-sympa.slice"; Type = "forking"; PIDFile = "/run/sympa/wwsympa.pid"; Restart = "always"; @@ -98,6 +105,9 @@ in sympa_virtual = pkgs.writeText "virtual.sympa" '' sympa-request@${domain} postmaster@immae.eu sympa-owner@${domain} postmaster@immae.eu + + sympa-request@cip-ca.fr postmaster@immae.eu + sympa-owner@cip-ca.fr postmaster@immae.eu ''; sympa_transport = pkgs.writeText "transport.sympa" '' ${domain} error:User unknown in recipient table @@ -105,6 +115,11 @@ in listmaster@${domain} sympa:listmaster@${domain} bounce@${domain} sympabounce:sympa@${domain} abuse-feedback-report@${domain} sympabounce:sympa@${domain} + + sympa@cip-ca.fr sympa:sympa@cip-ca.fr + listmaster@cip-ca.fr sympa:listmaster@cip-ca.fr + bounce@cip-ca.fr sympabounce:sympa@cip-ca.fr + abuse-feedback-report@cip-ca.fr sympabounce:sympa@cip-ca.fr ''; }; config = { @@ -157,6 +172,10 @@ in webHost = "mail.immae.eu"; webLocation = "/sympa"; }; + "cip-ca.fr" = { + webHost = "mail.cip-ca.fr"; + webLocation = "/sympa"; + }; }; database = {