This is a first step that reduces the intransparent configuration aspects
by migrating relevant options from `service`postfix` into the `config`
option that represents the `main.cf` file.
Not all options were migrated since Postfix provides reasonable defaults,
e.g. `myorigin` defaults to `$myhostname`, so it is rarely needed.
The `inet_protocols` integration with `networking.enableIPv6` was also
a thing I removed, because Postfix is capable of understand what inet
protocols are available at runtime, so I concluded it a niche option.
Every option on the `config` freeform setting now also references the
upstream documentation, which provides a great number of examples and is
always worth a look.
In particular we now explain what port the service listens on and what
protocol to expect. Update the RFC8341 recommendation to discourage
submission and recommend submissions.
There exist multiple issues with these options, for example they are not
introspectable, since the values are configured in the config part of the
module.
Also the keypair is always configured for both server and client usage,
which is really surprising. The postfix docs even advise against setting
up client certificates, if they aren't required. [1]
The replacements are the `smtpd_tls_chain_files` for server usage and
`smtp_tls_chain_files` for client usage, which are the prefered way to
configure keys and certificates since Postfix 3.4.0. [2]
[1] https://www.postfix.org/postconf.5.html#smtp_tls_cert_file
[2] https://www.postfix.org/postconf.5.html#smtpd_tls_cert_file
Previously some modules used `config.environment.etc."ssl/certs/ca-certificates.crt".source`, some used `"/etc/ssl/certs/ca-certificates.crt"`, and some used `"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"`. These were all bad in one way or another:
- `config.environment.etc."ssl/certs/ca-certificates.crt".source` relies on `source` being set; if `text` is set instead this breaks, introducing a weird undocumented requirement
- `"/etc/ssl/certs/ca-certificates.crt"` is probably okay but very un-nix. It's a magic string, and the path doesn't change when the file changes (and so you can't trigger service reloads, for example, when the contents change in a new system activation)
- `"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"` silently doesn't include the options from `security.pki`
Co-authored-by: Shelvacu <git@shelvacu.com>
After final improvements to the official formatter implementation,
this commit now performs the first treewide reformat of Nix files using it.
This is part of the implementation of RFC 166.
Only "inactive" files are reformatted, meaning only files that
aren't being touched by any PR with activity in the past 2 months.
This is to avoid conflicts for PRs that might soon be merged.
Later we can do a full treewide reformat to get the rest,
which should not cause as many conflicts.
A CI check has already been running for some time to ensure that new and
already-formatted files are formatted, so the files being reformatted here
should also stay formatted.
This commit was automatically created and can be verified using
nix-build a08b3a4d19.tar.gz \
--argstr baseRev b32a094368
result/bin/apply-formatting $NIXPKGS_PATH
these changes were generated with nixq 0.0.2, by running
nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix
nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix
nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix
two mentions of the mdDoc function remain in nixos/, both of which
are inside of comments.
Since lib.mdDoc is already defined as just id, this commit is a no-op as
far as Nix (and the built manual) is concerned.
Our postfix-setup service ensures that the directory is only writable by root.
postalias by default drops permissions to the user of the source file. In the
case of NixOS that file is in the nix store and thus always owned by root and
everything works.
The problem is that when using a nixos-container with user namespaces (`-U`)
then the nix store is owned by nobody/nogroup, and postfix-setup.service will be
unable to create or modify `aliases.db`.
Since the file would otherwise be owned by root, we should tell postfix to not
assume the user and permissions of the `aliases` file by setting -o and -p
From postalias(1)
> -o Do not release root privileges when processing a non-root input file. By
> default, postalias(1) drops root privileges and runs as the source file owner
> instead.
> -p Do not inherit the file access permissions from the input file when
> creating a new file. Instead, create a new file with default access
> permissions (mode 0644).
In the previous state, postfix would still try to use IPv6 addresses,
even when it is disabled in the global networking config.
Cf. https://www.postfix.org/postconf.5.html:
With Postfix 2.8 and earlier the default is "ipv4". For backwards compatibility with these releases,
the Postfix 2.9 and later upgrade procedure appends an explicit "inet_protocols = ipv4" setting to
main.cf when no explicit setting is present.
This compatibility workaround will be phased out as IPv6 deployment becomes more common.
inet_protocols = ipv4
inet_protocols = all (DEFAULT)
inet_protocols = ipv6
inet_protocols = ipv4, ipv6
So setting it to 'all' conditionally does not help, as we are now on version 3.x.
using regular strings works well for docbook because docbook is not as
whitespace-sensitive as markdown. markdown would render all of these as
code blocks when given the chance.
now nix-doc-munge will not introduce whitespace changes when it replaces
manpage references with the MD equivalent.
no change to the manpage, changes to the HTML manual are whitespace only.
the conversion procedure is simple:
- find all things that look like options, ie calls to either `mkOption`
or `lib.mkOption` that take an attrset. remember the attrset as the
option
- for all options, find a `description` attribute who's value is not a
call to `mdDoc` or `lib.mdDoc`
- textually convert the entire value of the attribute to MD with a few
simple regexes (the set from mdize-module.sh)
- if the change produced a change in the manual output, discard
- if the change kept the manual unchanged, add some text to the
description to make sure we've actually found an option. if the
manual changes this time, keep the converted description
this procedure converts 80% of nixos options to markdown. around 2000
options remain to be inspected, but most of those fail the "does not
change the manual output check": currently the MD conversion process
does not faithfully convert docbook tags like <code> and <package>, so
any option using such tags will not be converted at all.
Otherwise, it wouldn't get restarted when a new system configuration
was activatad, so the Postfix configuration wouldn't be updated.
Fixes: fb2fa1b50f ("nixos/postfix: pull setup into its own unit")
Consider a service that generates postfix lookup tables with
postmap(1), like Mailman. It needs the Postfix configuration file to
exist, but Postfix qmgr needs all the lookup tables its configured
with to exist before it starts. So the service that runs postmap
needs to run after the Postfix configuration and directory structure
is generated, but before Postfix itself is started. To enable this,
we split Postfix into two units: a oneshot unit that sets up the
configuration, and a longrun unit that supervises the Postfix
daemons. The postmap services can then be inserted in between these
two units.
Postfix has started outputting an error on startup that it can't parse
the compatibility level 9999.
Instead, just set the compatibility level to be identical to the current
version, which seems to be the (new) intent for the compatibility level.
