];
};
- secrets.keys = [
- {
- dest = "sympa/db_password";
+ secrets.keys = {
+ "sympa/db_password" = {
permissions = "0400";
group = "sympa";
user = "sympa";
text = sympaConfig.postgresql.password;
- }
- ]
- ++ lib.mapAttrsToList (n: v: {
- dest = "sympa/data_sources/${n}.incl"; permissions = "0400"; group = "sympa"; user = "sympa"; text = v;
+ };
+ }
+ // lib.mapAttrs' (n: v: lib.nameValuePair "sympa/data_sources/${n}.incl" {
+ permissions = "0400"; group = "sympa"; user = "sympa"; text = v;
}) sympaConfig.data_sources
- ++ lib.mapAttrsToList (n: v: {
- dest = "sympa/scenari/${n}"; permissions = "0400"; group = "sympa"; user = "sympa"; text = v;
+ // lib.mapAttrs' (n: v: lib.nameValuePair "sympa/scenari/${n}" {
+ permissions = "0400"; group = "sympa"; user = "sympa"; text = v;
}) sympaConfig.scenari;
users.users.sympa.extraGroups = [ "keys" ];
+ systemd.slices.mail-sympa = {
+ description = "Sympa slice";
+ };
+
systemd.services.sympa.serviceConfig.SupplementaryGroups = [ "keys" ];
systemd.services.sympa-archive.serviceConfig.SupplementaryGroups = [ "keys" ];
systemd.services.sympa-bounce.serviceConfig.SupplementaryGroups = [ "keys" ];
systemd.services.sympa-bulk.serviceConfig.SupplementaryGroups = [ "keys" ];
systemd.services.sympa-task.serviceConfig.SupplementaryGroups = [ "keys" ];
+ systemd.services.sympa.serviceConfig.Slice = "mail-sympa.slice";
+ systemd.services.sympa-archive.serviceConfig.Slice = "mail-sympa.slice";
+ systemd.services.sympa-bounce.serviceConfig.Slice = "mail-sympa.slice";
+ systemd.services.sympa-bulk.serviceConfig.Slice = "mail-sympa.slice";
+ systemd.services.sympa-task.serviceConfig.Slice = "mail-sympa.slice";
+
# https://github.com/NixOS/nixpkgs/pull/84202
systemd.services.sympa.serviceConfig.ProtectKernelModules = lib.mkForce false;
systemd.services.sympa-archive.serviceConfig.ProtectKernelModules = lib.mkForce false;
wantedBy = [ "multi-user.target" ];
after = [ "sympa.service" ];
serviceConfig = {
+ Slice = "mail-sympa.slice";
Type = "forking";
PIDFile = "/run/sympa/wwsympa.pid";
Restart = "always";
-F 2 \
-P /run/sympa/wwsympa.pid \
-s /run/sympa/wwsympa.socket \
- -- ${pkgs.sympa}/bin/wwsympa.fcgi
+ -- ${pkgs.sympa}/lib/sympa/cgi/wwsympa.fcgi
'';
StateDirectory = "sympa";
ProtectHome = true;
services.postfix = {
mapFiles = {
+ # Update relay list when changing one of those
sympa_virtual = pkgs.writeText "virtual.sympa" ''
sympa-request@${domain} postmaster@immae.eu
sympa-owner@${domain} postmaster@immae.eu
+
+ sympa-request@cip-ca.fr postmaster@immae.eu
+ sympa-owner@cip-ca.fr postmaster@immae.eu
'';
sympa_transport = pkgs.writeText "transport.sympa" ''
${domain} error:User unknown in recipient table
listmaster@${domain} sympa:listmaster@${domain}
bounce@${domain} sympabounce:sympa@${domain}
abuse-feedback-report@${domain} sympabounce:sympa@${domain}
+
+ sympa@cip-ca.fr sympa:sympa@cip-ca.fr
+ listmaster@cip-ca.fr sympa:listmaster@cip-ca.fr
+ bounce@cip-ca.fr sympabounce:sympa@cip-ca.fr
+ abuse-feedback-report@cip-ca.fr sympabounce:sympa@cip-ca.fr
'';
};
config = {
args = [
"flags=hqRu"
"user=sympa"
- "argv=${pkgs.sympa}/bin/queue"
+ "argv=${pkgs.sympa}/libexec/queue"
"\${nexthop}"
];
};
args = [
"flags=hqRu"
"user=sympa"
- "argv=${pkgs.sympa}/bin/bouncequeue"
+ "argv=${pkgs.sympa}/libexec/bouncequeue"
"\${nexthop}"
];
};
webHost = "mail.immae.eu";
webLocation = "/sympa";
};
+ "cip-ca.fr" = {
+ webHost = "mail.cip-ca.fr";
+ webLocation = "/sympa";
+ };
};
database = {
projects / perso / Immae / Config / Nix.git / blobdiff