diff --git a/flake-module.nix b/flake-module.nix index ad05c87..8d06ec0 100644 --- a/flake-module.nix +++ b/flake-module.nix @@ -1,4 +1,8 @@ -{inputs, ...}: { +{ + inputs, + lib, + ... +}: { # debug = true; # We only define machines config in this flake yet, so we only include # the module that builds these. This file might get fuller, if we need to @@ -57,8 +61,41 @@ config.permittedInsecurePackages = ["jitsi-meet-1.0.8043"]; overlays = [ - (_: _: { + (_: prev: { inherit (self'.packages) alias-to-sieve; # add custom package to convert alias files to sieve scripts on the stalwart machine + stalwart-mail = assert lib.assertMsg (prev.stalwart-mail.version == "0.11.7") '' + 1. If the bug https://github.com/stalwartlabs/sieve/issues/11 is resolved to our satisfaction, try to remove this overlay. + 2. Check whether sieve-rs recieved new updates that our patch needs to be rebased upon. + 3. Check whether the sieve-rs patch below that exchanges the dependency needs updates. + 4. Then update the version comparison in this assert statement. + 5. Update the `cargoHash` by setting it to `lib.fakeHash` and then inserting the result. + 6. Check if we can get rid of alias-to-sieve when stalwart-mail has a builtin mail-forwarding feature. + ''; + # This override encapsulates the buildRustPackage function in a function that takes the arguments given by the nixpkgs-version of stalwart-mail + # and adds our patch to the arguments before handing the new arguments to buildRustPackage. + prev.stalwart-mail.override ( + let + rp = pkgs.rustPlatform; + in { + rustPlatform = + rp + // { + buildRustPackage = args: + rp.buildRustPackage ( + args + // rec { + cargoPatches = [ + # Let stalwart-mail depend on our own version of the sieve crate that does not have some “loop prevention” that disables redirects to the original sender. + # We want to redirect to sender if we simulate alias files and not doing so barely prevents loops in my opinion. + ./patches/sieve-rs.patch + ]; + # Replace the string with `lib.fakeHash` after version changes in order to get the new hash value. + cargoHash = "sha256-fP5dyTmuwydPGCgpP6XtVFSHE0HwGfvw5UjwNz0R3ek="; + } + ); + }; + } + ); }) ]; }; diff --git a/flake.lock b/flake.lock index 1724d15..5fb8c5b 100644 --- a/flake.lock +++ b/flake.lock @@ -373,11 +373,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1749398372, - "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", "type": "github" }, "original": { @@ -625,11 +625,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1748740939, - "narHash": "sha256-rQaysilft1aVMwF14xIdGS3sj1yHlI6oKQNBRTF40cc=", + "lastModified": 1743296961, + "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "656a64127e9d791a334452c6b6606d17539476e2", + "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa", "type": "github" }, "original": { @@ -698,11 +698,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1750506804, - "narHash": "sha256-VLFNc4egNjovYVxDGyBYTrvVCgDYgENp5bVi9fPTDYc=", + "lastModified": 1746141548, + "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4206c4cb56751df534751b058295ea61357bbbaa", + "rev": "f02fddb8acef29a8b32f10a335d44828d7825b78", "type": "github" }, "original": { @@ -819,11 +819,11 @@ "nixpkgs": [] }, "locked": { - "lastModified": 1749636823, - "narHash": "sha256-WUaIlOlPLyPgz9be7fqWJA5iG6rHcGRtLERSCfUDne4=", + "lastModified": 1742649964, + "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "623c56286de5a3193aa38891a6991b28f9bab056", + "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", "type": "github" }, "original": { @@ -849,11 +849,11 @@ ] }, "locked": { - "lastModified": 1750119275, - "narHash": "sha256-Rr7Pooz9zQbhdVxux16h7URa6mA80Pb/G07T4lHvh0M=", + "lastModified": 1745310711, + "narHash": "sha256-ePyTpKEJTgX0gvgNQWd7tQYQ3glIkbqcW778RpHlqgA=", "owner": "Mic92", "repo": "sops-nix", - "rev": "77c423a03b9b2b79709ea2cb63336312e78b72e2", + "rev": "5e3e92b16d6fdf9923425a8d4df7496b2434f39c", "type": "github" }, "original": { diff --git a/nixos/modules/mail.nix b/nixos/modules/mail.nix index 0403eb4..5384c40 100644 --- a/nixos/modules/mail.nix +++ b/nixos/modules/mail.nix @@ -1,4 +1,8 @@ /* +* Building: We patch our version of stalwart and thus need to built it locally. +* Be aware that this needs some hours, about 20Gb RAM and a few Gb free space in /tmp. +* If you only want to deploy configuration changes and no software updates, consider building on the target VM. +* It has stalwart in its nix store and does not need to rebuild it. * Forwarding mails: Update the Sops-secrets in the machine directory, rebuild on the VM and deploy. * Everything else should happen automatically but new redirects might take up to two hours due HRZ infrastructure. * Using the web admin interface: Set your SSH to do portforwarding of some local port to port 80 of the VM and diff --git a/packages/alias-to-sieve/Cargo.lock b/packages/alias-to-sieve/Cargo.lock index 7584f97..714c143 100644 --- a/packages/alias-to-sieve/Cargo.lock +++ b/packages/alias-to-sieve/Cargo.lock @@ -21,15 +21,15 @@ dependencies = [ [[package]] name = "bumpalo" -version = "3.18.1" +version = "3.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "793db76d6187cd04dff33004d8e6c9cc4e05cd330500379d2394209271b4aeee" +checksum = "1628fb46dfa0b37568d12e5edd512553eccf6a22a78e8bde00bb4aed84d5bdbf" [[package]] name = "cfg-if" -version = "1.0.1" +version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9555578bc9e57714c812a1f84e4fc5b4d21fcb063490c624de019f7464c91268" +checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "console_error_panic_hook" @@ -101,9 +101,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.174" +version = "0.2.172" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1171693293099992e19cddea4e8b849964e9846f4acee11b3948bcc337be8776" +checksum = "d750af042f7ef4f724306de029d18836c26c1765a54a6a3f094cbd23a7267ffa" [[package]] name = "log" @@ -113,9 +113,9 @@ checksum = "13dc2df351e3202783a1fe0d44375f7295ffb4049267b0f3018346dc122a1d94" [[package]] name = "memchr" -version = "2.7.5" +version = "2.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "32a282da65faaf38286cf3be983213fcf1d2e2a58700e808f83f4ea9a4804bc0" +checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" [[package]] name = "once_cell" @@ -125,9 +125,9 @@ checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d" [[package]] name = "pest" -version = "2.8.1" +version = "2.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1db05f56d34358a8b1066f67cbb203ee3e7ed2ba674a6263a1d5ec6db2204323" +checksum = "198db74531d58c70a361c42201efde7e2591e976d518caf7662a47dc5720e7b6" dependencies = [ "memchr", "thiserror", @@ -136,9 +136,9 @@ dependencies = [ [[package]] name = "pest_derive" -version = "2.8.1" +version = "2.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bb056d9e8ea77922845ec74a1c4e8fb17e7c218cc4fc11a15c5d25e189aa40bc" +checksum = "d725d9cfd79e87dccc9341a2ef39d1b6f6353d68c4b33c177febbe1a402c97c5" dependencies = [ "pest", "pest_generator", @@ -146,9 +146,9 @@ dependencies = [ [[package]] name = "pest_generator" -version = "2.8.1" +version = "2.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87e404e638f781eb3202dc82db6760c8ae8a1eeef7fb3fa8264b2ef280504966" +checksum = "db7d01726be8ab66ab32f9df467ae8b1148906685bbe75c82d1e65d7f5b3f841" dependencies = [ "pest", "pest_meta", @@ -159,10 +159,11 @@ dependencies = [ [[package]] name = "pest_meta" -version = "2.8.1" +version = "2.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "edd1101f170f5903fde0914f899bb503d9ff5271d7ba76bbb70bea63690cc0d5" +checksum = "7f9f832470494906d1fca5329f8ab5791cc60beb230c74815dff541cbd2b5ca0" dependencies = [ + "once_cell", "pest", "sha2", ] @@ -196,9 +197,9 @@ dependencies = [ [[package]] name = "rustversion" -version = "1.0.21" +version = "1.0.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a0d197bd2c9dc6e53b84da9556a69ba4cdfab8619eb41a8bd1cc2027a0f6b1d" +checksum = "eded382c5f5f786b989652c49544c4877d9f015cc22e145a5ea8ea66c2921cd2" [[package]] name = "sha2" @@ -213,9 +214,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.104" +version = "2.0.101" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "17b6f705963418cdb9927482fa304bc562ece2fdd4f616084c50b7023b435a40" +checksum = "8ce2b7fc941b3a24138a0a7cf8e858bfc6a992e7978a068a5c760deb0ed43caf" dependencies = [ "proc-macro2", "quote", diff --git a/patches/sieve-rs.patch b/patches/sieve-rs.patch new file mode 100644 index 0000000..b0882f4 --- /dev/null +++ b/patches/sieve-rs.patch @@ -0,0 +1,27 @@ +diff --git a/Cargo.lock b/Cargo.lock +index be36759b..b4316639 100644 +--- a/Cargo.lock ++++ b/Cargo.lock +@@ -6404,8 +6404,7 @@ checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" + [[package]] + name = "sieve-rs" + version = "0.6.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "15ac54053752c25a0e545dd1953de716abcc80b12cfe0b6c2f2c1c73759d4f45" ++source = "git+https://github.com/stalwartlabs/sieve.git#56450c6ccdf76f1de95931db24896599159efc53" + dependencies = [ + "ahash 0.8.11", + "bincode", +diff --git a/Cargo.toml b/Cargo.toml +index f055474f..2b64c9ac 100644 +--- a/Cargo.toml ++++ b/Cargo.toml +@@ -63,3 +63,7 @@ incremental = false + debug-assertions = false + overflow-checks = false + rpath = false ++ ++ ++[patch.crates-io] ++sieve-rs = { git = 'https://github.com/stalwartlabs/sieve.git' } +