diff options
Diffstat (limited to 'modules/private/mail')
-rw-r--r-- | modules/private/mail/default.nix | 3 | ||||
-rw-r--r-- | modules/private/mail/dovecot.nix | 1 | ||||
-rw-r--r-- | modules/private/mail/milters.nix | 4 | ||||
-rw-r--r-- | modules/private/mail/postfix.nix | 1 | ||||
-rw-r--r-- | modules/private/mail/rspamd.nix | 1 | ||||
-rw-r--r-- | modules/private/mail/sympa.nix | 11 |
6 files changed, 21 insertions, 0 deletions
diff --git a/modules/private/mail/default.nix b/modules/private/mail/default.nix index 9e68cc9..fd6d638 100644 --- a/modules/private/mail/default.nix +++ b/modules/private/mail/default.nix | |||
@@ -45,5 +45,8 @@ | |||
45 | ''; | 45 | ''; |
46 | }; | 46 | }; |
47 | }; | 47 | }; |
48 | systemd.slices.mail = { | ||
49 | description = "Mail slice"; | ||
50 | }; | ||
48 | }; | 51 | }; |
49 | } | 52 | } |
diff --git a/modules/private/mail/dovecot.nix b/modules/private/mail/dovecot.nix index aa25d1f..23e795f 100644 --- a/modules/private/mail/dovecot.nix +++ b/modules/private/mail/dovecot.nix | |||
@@ -13,6 +13,7 @@ let | |||
13 | in | 13 | in |
14 | { | 14 | { |
15 | config = lib.mkIf config.myServices.mail.enable { | 15 | config = lib.mkIf config.myServices.mail.enable { |
16 | systemd.services.dovecot2.serviceConfig.Slice = "mail.slice"; | ||
16 | services.duplyBackup.profiles.mail.excludeFile = '' | 17 | services.duplyBackup.profiles.mail.excludeFile = '' |
17 | + /var/lib/dhparams | 18 | + /var/lib/dhparams |
18 | + /var/lib/dovecot | 19 | + /var/lib/dovecot |
diff --git a/modules/private/mail/milters.nix b/modules/private/mail/milters.nix index 5de03cf..02c35c8 100644 --- a/modules/private/mail/milters.nix +++ b/modules/private/mail/milters.nix | |||
@@ -64,6 +64,7 @@ | |||
64 | ''; | 64 | ''; |
65 | group = config.services.postfix.group; | 65 | group = config.services.postfix.group; |
66 | }; | 66 | }; |
67 | systemd.services.opendkim.serviceConfig.Slice = "mail.slice"; | ||
67 | systemd.services.opendkim.preStart = lib.mkBefore '' | 68 | systemd.services.opendkim.preStart = lib.mkBefore '' |
68 | # Skip the prestart script as keys are handled in secrets | 69 | # Skip the prestart script as keys are handled in secrets |
69 | exit 0 | 70 | exit 0 |
@@ -76,6 +77,7 @@ | |||
76 | }; | 77 | }; |
77 | 78 | ||
78 | users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ]; | 79 | users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ]; |
80 | systemd.services.opendmarc.serviceConfig.Slice = "mail.slice"; | ||
79 | services.opendmarc = { | 81 | services.opendmarc = { |
80 | enable = true; | 82 | enable = true; |
81 | socket = "local:${config.myServices.mail.milters.sockets.opendmarc}"; | 83 | socket = "local:${config.myServices.mail.milters.sockets.opendmarc}"; |
@@ -116,6 +118,7 @@ | |||
116 | Syslog Yes | 118 | Syslog Yes |
117 | ''; | 119 | ''; |
118 | }; | 120 | }; |
121 | systemd.services.openarc.serviceConfig.Slice = "mail.slice"; | ||
119 | systemd.services.openarc.postStart = lib.optionalString | 122 | systemd.services.openarc.postStart = lib.optionalString |
120 | (lib.strings.hasPrefix "local:" config.services.openarc.socket) '' | 123 | (lib.strings.hasPrefix "local:" config.services.openarc.socket) '' |
121 | while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do | 124 | while [ ! -S ${lib.strings.removePrefix "local:" config.services.openarc.socket} ]; do |
@@ -136,6 +139,7 @@ | |||
136 | wantedBy = [ "multi-user.target" ]; | 139 | wantedBy = [ "multi-user.target" ]; |
137 | 140 | ||
138 | serviceConfig = { | 141 | serviceConfig = { |
142 | Slice = "mail.slice"; | ||
139 | User = "postfix"; | 143 | User = "postfix"; |
140 | Group = "postfix"; | 144 | Group = "postfix"; |
141 | ExecStart = let python = pkgs.python3.withPackages (p: [ p.pymilter ]); | 145 | ExecStart = let python = pkgs.python3.withPackages (p: [ p.pymilter ]); |
diff --git a/modules/private/mail/postfix.nix b/modules/private/mail/postfix.nix index c4b09b2..f6c4362 100644 --- a/modules/private/mail/postfix.nix +++ b/modules/private/mail/postfix.nix | |||
@@ -463,5 +463,6 @@ | |||
463 | done | 463 | done |
464 | ''; | 464 | ''; |
465 | }; | 465 | }; |
466 | systemd.services.postfix.serviceConfig.Slice = "mail.slice"; | ||
466 | }; | 467 | }; |
467 | } | 468 | } |
diff --git a/modules/private/mail/rspamd.nix b/modules/private/mail/rspamd.nix index 98e006d..a20135a 100644 --- a/modules/private/mail/rspamd.nix +++ b/modules/private/mail/rspamd.nix | |||
@@ -28,6 +28,7 @@ | |||
28 | in | 28 | in |
29 | [ "*/20 * * * * vhost ${cron_script}/scan_reported_mails" ]; | 29 | [ "*/20 * * * * vhost ${cron_script}/scan_reported_mails" ]; |
30 | 30 | ||
31 | systemd.services.rspamd.serviceConfig.Slice = "mail.slice"; | ||
31 | services.rspamd = { | 32 | services.rspamd = { |
32 | enable = true; | 33 | enable = true; |
33 | debug = false; | 34 | debug = false; |
diff --git a/modules/private/mail/sympa.nix b/modules/private/mail/sympa.nix index f7070e6..5270b69 100644 --- a/modules/private/mail/sympa.nix +++ b/modules/private/mail/sympa.nix | |||
@@ -50,12 +50,22 @@ in | |||
50 | dest = "sympa/scenari/${n}"; permissions = "0400"; group = "sympa"; user = "sympa"; text = v; | 50 | dest = "sympa/scenari/${n}"; permissions = "0400"; group = "sympa"; user = "sympa"; text = v; |
51 | }) sympaConfig.scenari; | 51 | }) sympaConfig.scenari; |
52 | users.users.sympa.extraGroups = [ "keys" ]; | 52 | users.users.sympa.extraGroups = [ "keys" ]; |
53 | systemd.slices.mail-sympa = { | ||
54 | description = "Sympa slice"; | ||
55 | }; | ||
56 | |||
53 | systemd.services.sympa.serviceConfig.SupplementaryGroups = [ "keys" ]; | 57 | systemd.services.sympa.serviceConfig.SupplementaryGroups = [ "keys" ]; |
54 | systemd.services.sympa-archive.serviceConfig.SupplementaryGroups = [ "keys" ]; | 58 | systemd.services.sympa-archive.serviceConfig.SupplementaryGroups = [ "keys" ]; |
55 | systemd.services.sympa-bounce.serviceConfig.SupplementaryGroups = [ "keys" ]; | 59 | systemd.services.sympa-bounce.serviceConfig.SupplementaryGroups = [ "keys" ]; |
56 | systemd.services.sympa-bulk.serviceConfig.SupplementaryGroups = [ "keys" ]; | 60 | systemd.services.sympa-bulk.serviceConfig.SupplementaryGroups = [ "keys" ]; |
57 | systemd.services.sympa-task.serviceConfig.SupplementaryGroups = [ "keys" ]; | 61 | systemd.services.sympa-task.serviceConfig.SupplementaryGroups = [ "keys" ]; |
58 | 62 | ||
63 | systemd.services.sympa.serviceConfig.Slice = "mail-sympa.slice"; | ||
64 | systemd.services.sympa-archive.serviceConfig.Slice = "mail-sympa.slice"; | ||
65 | systemd.services.sympa-bounce.serviceConfig.Slice = "mail-sympa.slice"; | ||
66 | systemd.services.sympa-bulk.serviceConfig.Slice = "mail-sympa.slice"; | ||
67 | systemd.services.sympa-task.serviceConfig.Slice = "mail-sympa.slice"; | ||
68 | |||
59 | # https://github.com/NixOS/nixpkgs/pull/84202 | 69 | # https://github.com/NixOS/nixpkgs/pull/84202 |
60 | systemd.services.sympa.serviceConfig.ProtectKernelModules = lib.mkForce false; | 70 | systemd.services.sympa.serviceConfig.ProtectKernelModules = lib.mkForce false; |
61 | systemd.services.sympa-archive.serviceConfig.ProtectKernelModules = lib.mkForce false; | 71 | systemd.services.sympa-archive.serviceConfig.ProtectKernelModules = lib.mkForce false; |
@@ -72,6 +82,7 @@ in | |||
72 | wantedBy = [ "multi-user.target" ]; | 82 | wantedBy = [ "multi-user.target" ]; |
73 | after = [ "sympa.service" ]; | 83 | after = [ "sympa.service" ]; |
74 | serviceConfig = { | 84 | serviceConfig = { |
85 | Slice = "mail-sympa.slice"; | ||
75 | Type = "forking"; | 86 | Type = "forking"; |
76 | PIDFile = "/run/sympa/wwsympa.pid"; | 87 | PIDFile = "/run/sympa/wwsympa.pid"; |
77 | Restart = "always"; | 88 | Restart = "always"; |