From 5609fe521daf42af3a8d7d8d15dd68db87efefb0 Mon Sep 17 00:00:00 2001
From: Herwig Hochleitner <herwig@bendlas.net>
Date: Tue, 17 Nov 2015 18:30:10 +0100
Subject: [PATCH] postgrey: init at 1.36 (includes service)

---
 nixos/modules/misc/ids.nix               |  2 +
 nixos/modules/module-list.nix            |  1 +
 nixos/modules/services/mail/postgrey.nix | 75 ++++++++++++++++++++++++
 pkgs/servers/mail/postgrey/default.nix   | 34 +++++++++++
 pkgs/top-level/all-packages.nix          |  2 +
 5 files changed, 114 insertions(+)
 create mode 100644 nixos/modules/services/mail/postgrey.nix
 create mode 100644 pkgs/servers/mail/postgrey/default.nix

diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix
index e005c046504..2881d843760 100755
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@@ -275,6 +275,7 @@
       prometheus = 255;
       telegraf = 256;
       gitlab-runner = 257;
+      postgrey = 258;
 
       # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
 
@@ -520,6 +521,7 @@
       prometheus = 255;
       #telegraf = 256; # unused
       gitlab-runner = 257;
+      postgrey = 258;
 
       # When adding a gid, make sure it doesn't match an existing
       # uid. Users and groups with the same name should have equal
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index ad3edd6fbd5..2978eaefb46 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -216,6 +216,7 @@
   ./services/mail/opensmtpd.nix
   ./services/mail/postfix.nix
   ./services/mail/postsrsd.nix
+  ./services/mail/postgrey.nix
   ./services/mail/spamassassin.nix
   ./services/mail/rspamd.nix
   ./services/mail/rmilter.nix
diff --git a/nixos/modules/services/mail/postgrey.nix b/nixos/modules/services/mail/postgrey.nix
new file mode 100644
index 00000000000..5332939a859
--- /dev/null
+++ b/nixos/modules/services/mail/postgrey.nix
@@ -0,0 +1,75 @@
+{ config, lib, pkgs, ... }:
+
+with lib; let
+
+  cfg = config.services.postgrey;
+
+in {
+
+  options = {
+    services.postgrey = {
+      enable = mkOption {
+        default = false;
+        description = "Whether to run the Postgrey daemon";
+      };
+      inetAddr = mkOption {
+        default = null;
+        example = "127.0.0.1";
+        description = "The inet address to bind to. If none given, bind to /var/run/postgrey.sock";
+      };
+      inetPort = mkOption {
+        default = 10030;
+        description = "The tcp port to bind to";
+      };
+      greylistText = mkOption {
+        default = "Greylisted for %%s seconds";
+        description = "Response status text for greylisted messages";
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+
+    environment.systemPackages = [ pkgs.postgrey ];
+
+    users = {
+      extraUsers = {
+        postgrey = {
+          description = "Postgrey Daemon";
+          uid = config.ids.uids.postgrey;
+          group = "postgrey";
+        };
+      };
+      extraGroups = {
+        postgrey = {
+          gid = config.ids.gids.postgrey;
+        };
+      };
+    };
+
+    systemd.services.postgrey = let
+      bind-flag = if isNull cfg.inetAddr then
+        "--unix=/var/run/postgrey.sock"
+      else
+        "--inet=${cfg.inetAddr}:${cfg.inetPort}";
+    in {
+      description = "Postfix Greylisting Service";
+      wantedBy = [ "multi-user.target" ];
+      before = [ "postfix.service" ];
+      preStart = ''
+        mkdir -p /var/postgrey
+        chown postgrey:postgrey /var/postgrey
+        chmod 0770 /var/postgrey
+      '';
+      serviceConfig = {
+        Type = "simple";
+        ExecStart = ''${pkgs.postgrey}/bin/postgrey ${bind-flag} --pidfile=/var/run/postgrey.pid --group=postgrey --user=postgrey --dbdir=/var/postgrey --greylist-text="${cfg.greylistText}"'';
+        Restart = "always";
+        RestartSec = 5;
+        TimeoutSec = 10;
+      };
+    };
+
+  };
+
+}
diff --git a/pkgs/servers/mail/postgrey/default.nix b/pkgs/servers/mail/postgrey/default.nix
new file mode 100644
index 00000000000..7fdf0edb096
--- /dev/null
+++ b/pkgs/servers/mail/postgrey/default.nix
@@ -0,0 +1,34 @@
+{ stdenv, fetchurl, perl, perlPackages, lib, runCommand, postfix }:
+
+let
+    mk-perl-flags = inputs: lib.concatStringsSep " " (map (dep: "-I ${dep}/lib/perl5/site_perl") inputs);
+    postgrey-flags = mk-perl-flags (with perlPackages; [
+      NetServer BerkeleyDB DigestSHA1 NetAddrIP IOMultiplex
+    ]);
+    policy-test-flags = mk-perl-flags (with perlPackages; [
+      ParseSyslog
+    ]);
+    version = "1.36";
+    name = "postgrey-${version}";
+in runCommand name {
+  src = fetchurl {
+    url = "http://postgrey.schweikert.ch/pub/${name}.tar.gz";
+    sha256 = "09jzb246ki988389r9gryigriv9sravk40q75fih5n0q4p2ghax2";
+  };
+  meta = with stdenv.lib; {
+    description = "A postfix policy server to provide greylisting";
+    homepage = "https://postgrey.schweikert.ch/";
+    platforms = postfix.meta.platforms;
+    licenses = licenses.gpl2;
+  };
+} ''
+    mkdir -p $out/bin
+    cd $out
+    tar -xzf $src --strip-components=1
+    mv postgrey policy-test bin
+    sed -i -e "s,#!/usr/bin/perl -T,#!${perl}/bin/perl -T ${postgrey-flags}," \
+           -e "s#/etc/postfix#$out#" \
+        bin/postgrey
+    sed -i -e "s,#!/usr/bin/perl,#!${perl}/bin/perl ${policy-test-flags}," \
+        bin/policy-test
+''
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 53ad8e5f586..394c0c7a27a 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -9963,6 +9963,8 @@ in
   pfixtools = callPackage ../servers/mail/postfix/pfixtools.nix { };
   pflogsumm = callPackage ../servers/mail/postfix/pflogsumm.nix { };
 
+  postgrey = callPackage ../servers/mail/postgrey { };
+
   pshs = callPackage ../servers/http/pshs { };
 
   libpulseaudio = callPackage ../servers/pulseaudio { libOnly = true; };