postgrey: init at 1.36 (includes service)

9 years ago · 5609fe521d
parent 7a0a877b15
commit 5609fe521d
5 changed files with 114 additions and 0 deletions
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@ -275,6 +275,7 @@
      prometheus = 255;
      telegraf = 256;
      gitlab-runner = 257;
+      postgrey = 258;

      # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!

@ -520,6 +521,7 @@
      prometheus = 255;
      #telegraf = 256; # unused
      gitlab-runner = 257;
+      postgrey = 258;

      # When adding a gid, make sure it doesn't match an existing
      # uid. Users and groups with the same name should have equal
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@ -216,6 +216,7 @@
  ./services/mail/opensmtpd.nix
  ./services/mail/postfix.nix
  ./services/mail/postsrsd.nix
+  ./services/mail/postgrey.nix
  ./services/mail/spamassassin.nix
  ./services/mail/rspamd.nix
  ./services/mail/rmilter.nix
--- a/nixos/modules/services/mail/postgrey.nix
+++ b/nixos/modules/services/mail/postgrey.nix
@ -0,0 +1,75 @@
+{ config, lib, pkgs, ... }:
+
+with lib; let
+
+  cfg = config.services.postgrey;
+
+in {
+
+  options = {
+    services.postgrey = {
+      enable = mkOption {
+        default = false;
+        description = "Whether to run the Postgrey daemon";
+      };
+      inetAddr = mkOption {
+        default = null;
+        example = "127.0.0.1";
+        description = "The inet address to bind to. If none given, bind to /var/run/postgrey.sock";
+      };
+      inetPort = mkOption {
+        default = 10030;
+        description = "The tcp port to bind to";
+      };
+      greylistText = mkOption {
+        default = "Greylisted for %%s seconds";
+        description = "Response status text for greylisted messages";
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+
+    environment.systemPackages = [ pkgs.postgrey ];
+
+    users = {
+      extraUsers = {
+        postgrey = {
+          description = "Postgrey Daemon";
+          uid = config.ids.uids.postgrey;
+          group = "postgrey";
+        };
+      };
+      extraGroups = {
+        postgrey = {
+          gid = config.ids.gids.postgrey;
+        };
+      };
+    };
+
+    systemd.services.postgrey = let
+      bind-flag = if isNull cfg.inetAddr then
+        "--unix=/var/run/postgrey.sock"
+      else
+        "--inet=${cfg.inetAddr}:${cfg.inetPort}";
+    in {
+      description = "Postfix Greylisting Service";
+      wantedBy = [ "multi-user.target" ];
+      before = [ "postfix.service" ];
+      preStart = ''
+        mkdir -p /var/postgrey
+        chown postgrey:postgrey /var/postgrey
+        chmod 0770 /var/postgrey
+      '';
+      serviceConfig = {
+        Type = "simple";
+        ExecStart = ''${pkgs.postgrey}/bin/postgrey ${bind-flag} --pidfile=/var/run/postgrey.pid --group=postgrey --user=postgrey --dbdir=/var/postgrey --greylist-text="${cfg.greylistText}"'';
+        Restart = "always";
+        RestartSec = 5;
+        TimeoutSec = 10;
+      };
+    };
+
+  };
+
+}
--- a/pkgs/servers/mail/postgrey/default.nix
+++ b/pkgs/servers/mail/postgrey/default.nix
@ -0,0 +1,34 @@
+{ stdenv, fetchurl, perl, perlPackages, lib, runCommand, postfix }:
+
+let
+    mk-perl-flags = inputs: lib.concatStringsSep " " (map (dep: "-I ${dep}/lib/perl5/site_perl") inputs);
+    postgrey-flags = mk-perl-flags (with perlPackages; [
+      NetServer BerkeleyDB DigestSHA1 NetAddrIP IOMultiplex
+    ]);
+    policy-test-flags = mk-perl-flags (with perlPackages; [
+      ParseSyslog
+    ]);
+    version = "1.36";
+    name = "postgrey-${version}";
+in runCommand name {
+  src = fetchurl {
+    url = "http://postgrey.schweikert.ch/pub/${name}.tar.gz";
+    sha256 = "09jzb246ki988389r9gryigriv9sravk40q75fih5n0q4p2ghax2";
+  };
+  meta = with stdenv.lib; {
+    description = "A postfix policy server to provide greylisting";
+    homepage = "https://postgrey.schweikert.ch/";
+    platforms = postfix.meta.platforms;
+    licenses = licenses.gpl2;
+  };
+} ''
+    mkdir -p $out/bin
+    cd $out
+    tar -xzf $src --strip-components=1
+    mv postgrey policy-test bin
+    sed -i -e "s,#!/usr/bin/perl -T,#!${perl}/bin/perl -T ${postgrey-flags}," \
+           -e "s#/etc/postfix#$out#" \
+        bin/postgrey
+    sed -i -e "s,#!/usr/bin/perl,#!${perl}/bin/perl ${policy-test-flags}," \
+        bin/policy-test
+''
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -9963,6 +9963,8 @@ in
  pfixtools = callPackage ../servers/mail/postfix/pfixtools.nix { };
  pflogsumm = callPackage ../servers/mail/postfix/pflogsumm.nix { };

+  postgrey = callPackage ../servers/mail/postgrey { };
+
  pshs = callPackage ../servers/http/pshs { };

  libpulseaudio = callPackage ../servers/pulseaudio { libOnly = true; };