diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 390bab907b3..0c863ec8de1 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -179,6 +179,7 @@ apache-kafka = 169; panamax = 170; marathon = 171; + exim = 172; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -319,6 +320,7 @@ gitlab = 165; nylon = 166; panamax = 170; + exim = 172; # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index e0255bbbe28..c41ae69c1ac 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -166,6 +166,7 @@ ./services/logging/syslogd.nix ./services/logging/syslog-ng.nix ./services/mail/dovecot.nix + ./services/mail/exim.nix ./services/mail/freepops.nix ./services/mail/mail.nix ./services/mail/mlmmj.nix diff --git a/nixos/modules/services/mail/exim.nix b/nixos/modules/services/mail/exim.nix new file mode 100644 index 00000000000..e0890d96a88 --- /dev/null +++ b/nixos/modules/services/mail/exim.nix @@ -0,0 +1,111 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkOption singleton types; + inherit (pkgs) coreutils exim; + cfg = config.services.exim; +in + +{ + + ###### interface + + options = { + + services.exim = { + + enable = mkOption { + type = types.bool; + default = false; + description = "Whether to enable the Exim mail transfer agent."; + }; + + config = mkOption { + type = types.string; + default = ""; + description = '' + Verbatim Exim configuration. This should not contain exim_user, + exim_group, exim_path, or spool_directory. + ''; + }; + + user = mkOption { + type = types.string; + default = "exim"; + description = '' + User to use when no root privileges are required. + In particular, this applies when receiving messages and when doing + remote deliveries. (Local deliveries run as various non-root users, + typically as the owner of a local mailbox.) Specifying this value + as root is not supported. + ''; + }; + + group = mkOption { + type = types.string; + default = "exim"; + description = '' + Group to use when no root privileges are required. + ''; + }; + + spoolDir = mkOption { + type = types.string; + default = "/var/spool/exim"; + description = '' + Location of the spool directory of exim. + ''; + }; + + }; + + }; + + + ###### implementation + + config = mkIf cfg.enable { + + environment = { + etc."exim.conf".text = '' + exim_user = ${cfg.user} + exim_group = ${cfg.group} + exim_path = /var/setuid-wrappers/exim + spool_directory = ${cfg.spoolDir} + ${cfg.config} + ''; + systemPackages = [ exim ]; + }; + + users.extraUsers = singleton { + name = cfg.user; + description = "Exim mail transfer agent user"; + uid = config.ids.uids.exim; + group = cfg.group; + }; + + users.extraGroups = singleton { + name = cfg.group; + gid = config.ids.gids.exim; + }; + + security.setuidPrograms = [ "exim" ]; + + systemd.services.exim = { + description = "Exim Mail Daemon"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = "${exim}/bin/exim -bdf -q30m"; + ExecReload = "${coreutils}/bin/kill -HUP $MAINPID"; + }; + preStart = '' + if ! test -d ${cfg.spoolDir}; then + ${coreutils}/bin/mkdir -p ${cfg.spoolDir} + ${coreutils}/bin/chown ${cfg.user}:${cfg.group} ${cfg.spoolDir} + fi + ''; + }; + + }; + +} diff --git a/pkgs/servers/mail/exim/default.nix b/pkgs/servers/mail/exim/default.nix new file mode 100644 index 00000000000..ae4e1d6f245 --- /dev/null +++ b/pkgs/servers/mail/exim/default.nix @@ -0,0 +1,63 @@ +{ coreutils, fetchurl, db, openssl, pcre, perl, pkgconfig, stdenv }: + +stdenv.mkDerivation rec { + name = "exim-4.85"; + + src = fetchurl { + url = "http://mirror.switch.ch/ftp/mirror/exim/exim/exim4/${name}.tar.bz2"; + sha256 = "195a3ll5ck9viazf9pvgcyc0sziln5g0ggmlm6ax002lphmiy88k"; + }; + + buildInputs = [ coreutils db openssl pcre perl pkgconfig ]; + + preBuild = '' + sed ' + s:^\(BIN_DIRECTORY\)=.*:\1='"$out"'/bin: + s:^\(CONFIGURE_FILE\)=.*:\1=/etc/exim.conf: + s:^\(EXIM_USER\)=.*:\1=ref\:nobody: + s:^\(SPOOL_DIRECTORY\)=.*:\1=/exim-homeless-shelter: + s:^# \(SUPPORT_MAILDIR\)=.*:\1=yes: + s:^EXIM_MONITOR=.*$:# &: + s:^\(FIXED_NEVER_USERS\)=root$:\1=0: + s:^# \(WITH_CONTENT_SCAN\)=.*:\1=yes: + s:^# \(AUTH_PLAINTEXT\)=.*:\1=yes: + s:^# \(SUPPORT_TLS\)=.*:\1=yes: + s:^# \(USE_OPENSSL_PC=openssl\)$:\1: + s:^# \(LOG_FILE_PATH=syslog\)$:\1: + s:^# \(HAVE_IPV6=yes\)$:\1: + s:^# \(CHOWN_COMMAND\)=.*:\1=${coreutils}/bin/chown: + s:^# \(CHGRP_COMMAND\)=.*:\1=${coreutils}/bin/chgrp: + s:^# \(CHMOD_COMMAND\)=.*:\1=${coreutils}/bin/chmod: + s:^# \(MV_COMMAND\)=.*:\1=${coreutils}/bin/mv: + s:^# \(RM_COMMAND\)=.*:\1=${coreutils}/bin/rm: + s:^# \(TOUCH_COMMAND\)=.*:\1=${coreutils}/bin/touch: + s:^# \(PERL_COMMAND\)=.*:\1=${perl}/bin/perl: + #/^\s*#.*/d + #/^\s*$/d + ' < src/EDITME > Local/Makefile + ''; + + installPhase = '' + mkdir -p $out/bin $out/share/man/man8 + cp doc/exim.8 $out/share/man/man8 + + ( cd build-Linux-* + cp exicyclog exim_checkaccess exim_dumpdb exim_lock exim_tidydb \ + exipick exiqsumm exigrep exim_dbmbuild exim exim_fixdb eximstats \ + exinext exiqgrep exiwhat \ + $out/bin ) + + ( cd $out/bin + for i in mailq newaliases rmail rsmtp runq sendmail; do + ln -s exim $i + done ) + ''; + + meta = { + homepage = "http://exim.org/"; + description = "Exim is a mail transfer agent (MTA) for hosts that are running Unix or Unix-like operating systems."; + license = stdenv.lib.licenses.gpl3; + platforms = stdenv.lib.platforms.linux; + maintainers = [ stdenv.lib.maintainers.tv ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 57052a39d6c..b807c0d15fc 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7975,6 +7975,8 @@ let etcdctl = callPackage ../development/tools/etcdctl { }; + exim = callPackage ../servers/mail/exim { }; + fcgiwrap = callPackage ../servers/fcgiwrap { }; felix = callPackage ../servers/felix { };