X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fmail%2Fsympa.nix;h=920daa985e11bb2f1b56d163c9e7c874f6ef6b4c;hb=4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0;hp=9bd5a572c4e478b1c608fb5664d703c905b7d34f;hpb=22b4bd78a10b49272cfd345d379703cae4ab5d3d;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/modules/private/mail/sympa.nix b/modules/private/mail/sympa.nix index 9bd5a57..920daa9 100644 --- a/modules/private/mail/sympa.nix +++ b/modules/private/mail/sympa.nix @@ -34,28 +34,37 @@ in ]; }; - secrets.keys = [ - { - dest = "sympa/db_password"; + secrets.keys = { + "sympa/db_password" = { permissions = "0400"; group = "sympa"; user = "sympa"; text = sympaConfig.postgresql.password; - } - ] - ++ lib.mapAttrsToList (n: v: { - dest = "sympa/data_sources/${n}.incl"; permissions = "0400"; group = "sympa"; user = "sympa"; text = v; + }; + } + // lib.mapAttrs' (n: v: lib.nameValuePair "sympa/data_sources/${n}.incl" { + permissions = "0400"; group = "sympa"; user = "sympa"; text = v; }) sympaConfig.data_sources - ++ lib.mapAttrsToList (n: v: { - dest = "sympa/scenari/${n}"; permissions = "0400"; group = "sympa"; user = "sympa"; text = v; + // lib.mapAttrs' (n: v: lib.nameValuePair "sympa/scenari/${n}" { + permissions = "0400"; group = "sympa"; user = "sympa"; text = v; }) sympaConfig.scenari; users.users.sympa.extraGroups = [ "keys" ]; + systemd.slices.mail-sympa = { + description = "Sympa slice"; + }; + systemd.services.sympa.serviceConfig.SupplementaryGroups = [ "keys" ]; systemd.services.sympa-archive.serviceConfig.SupplementaryGroups = [ "keys" ]; systemd.services.sympa-bounce.serviceConfig.SupplementaryGroups = [ "keys" ]; systemd.services.sympa-bulk.serviceConfig.SupplementaryGroups = [ "keys" ]; systemd.services.sympa-task.serviceConfig.SupplementaryGroups = [ "keys" ]; + systemd.services.sympa.serviceConfig.Slice = "mail-sympa.slice"; + systemd.services.sympa-archive.serviceConfig.Slice = "mail-sympa.slice"; + systemd.services.sympa-bounce.serviceConfig.Slice = "mail-sympa.slice"; + systemd.services.sympa-bulk.serviceConfig.Slice = "mail-sympa.slice"; + systemd.services.sympa-task.serviceConfig.Slice = "mail-sympa.slice"; + # https://github.com/NixOS/nixpkgs/pull/84202 systemd.services.sympa.serviceConfig.ProtectKernelModules = lib.mkForce false; systemd.services.sympa-archive.serviceConfig.ProtectKernelModules = lib.mkForce false; @@ -72,6 +81,7 @@ in wantedBy = [ "multi-user.target" ]; after = [ "sympa.service" ]; serviceConfig = { + Slice = "mail-sympa.slice"; Type = "forking"; PIDFile = "/run/sympa/wwsympa.pid"; Restart = "always"; @@ -83,7 +93,7 @@ in -F 2 \ -P /run/sympa/wwsympa.pid \ -s /run/sympa/wwsympa.socket \ - -- ${pkgs.sympa}/bin/wwsympa.fcgi + -- ${pkgs.sympa}/lib/sympa/cgi/wwsympa.fcgi ''; StateDirectory = "sympa"; ProtectHome = true; @@ -98,6 +108,9 @@ in sympa_virtual = pkgs.writeText "virtual.sympa" '' sympa-request@${domain} postmaster@immae.eu sympa-owner@${domain} postmaster@immae.eu + + sympa-request@cip-ca.fr postmaster@immae.eu + sympa-owner@cip-ca.fr postmaster@immae.eu ''; sympa_transport = pkgs.writeText "transport.sympa" '' ${domain} error:User unknown in recipient table @@ -105,6 +118,11 @@ in listmaster@${domain} sympa:listmaster@${domain} bounce@${domain} sympabounce:sympa@${domain} abuse-feedback-report@${domain} sympabounce:sympa@${domain} + + sympa@cip-ca.fr sympa:sympa@cip-ca.fr + listmaster@cip-ca.fr sympa:listmaster@cip-ca.fr + bounce@cip-ca.fr sympabounce:sympa@cip-ca.fr + abuse-feedback-report@cip-ca.fr sympabounce:sympa@cip-ca.fr ''; }; config = { @@ -130,7 +148,7 @@ in args = [ "flags=hqRu" "user=sympa" - "argv=${pkgs.sympa}/bin/queue" + "argv=${pkgs.sympa}/libexec/queue" "\${nexthop}" ]; }; @@ -142,7 +160,7 @@ in args = [ "flags=hqRu" "user=sympa" - "argv=${pkgs.sympa}/bin/bouncequeue" + "argv=${pkgs.sympa}/libexec/bouncequeue" "\${nexthop}" ]; }; @@ -157,6 +175,10 @@ in webHost = "mail.immae.eu"; webLocation = "/sympa"; }; + "cip-ca.fr" = { + webHost = "mail.cip-ca.fr"; + webLocation = "/sympa"; + }; }; database = {