Fachschaft/nixConfig
6
2
Fork 2
Code Issues 10 Pull requests 1 Projects Wiki Activity

Mail machine #47

Merged
Gonne merged 9 commits from Gonne/nixConfig:nyarlathotep into main 2025-02-27 15:59:49 +00:00
Conversation 4 Commits 9 Files changed 16 +70 -2
3 changed files with 70 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit f0e584e239 - Show all commits

41
flake-module.nix
View file

@ -1,4 +1,8 @@
{inputs, ...}: {
{
inputs,
lib,
...
}: {
# debug = true;
# We only define machines config in this flake yet, so we only include
# the module that builds these. This file might get fuller, if we need to
@ -55,8 +59,41 @@
config.permittedInsecurePackages = ["jitsi-meet-1.0.8043"];
Gonne marked this conversation as resolved Outdated
Gonne commented 2024-12-13 16:31:54 +00:00
Outdated
Copy link

The package selection should depend on system, and is there a reason we overlay like this and not
just use flake-inputs.alias-to-sieve... in the system config?

The package selection should depend on system, and is there a reason we overlay like this and not just use `flake-inputs.alias-to-sieve...` in the system config?
Gonne commented 2024-12-14 11:15:15 +00:00
Outdated
Copy link

The flake-inputs parameter is not available as a module parameter while pkgs is supplied by the nix module system.

The `flake-inputs ` parameter is not available as a module parameter while `pkgs` is supplied by the nix module system.
overlays = [
(_: _: {
(_: prev: {
alias-to-sieve = inputs.alias-to-sieve.packages.x86_64-linux.default; # add custom package to convert alias files to sieve scripts on the stalwart machine
stalwart-mail = assert lib.assertMsg (prev.stalwart-mail.version == "0.11.6-unstable-2025-02-04") ''
1. If the bug https://github.com/stalwartlabs/sieve/issues/11 is resolved to our satisfaction, try to remove this overlay.
2. Check whether sieve-rs recieved new updates that our patch needs to be rebased upon.
3. Check whether the sieve-rs patch below that exchanges the dependency needs updates.
4. Then update the version comparison in this assert statement.
5. Update the `cargoHash` by setting it to `lib.fakeHash` and then inserting the result.
6. Check if we can get rid of alias-to-sieve when stalwart-mail has a builtin mail-forwarding feature.
'';
# This override encapsulates the buildRustPackage function in a function that takes the arguments given by the nixpkgs-version of stalwart-mail
# and adds our patch to the arguments before handing the new arguments to buildRustPackage.
prev.stalwart-mail.override (
let
rp = pkgs.rustPlatform;
in {
rustPlatform =
rp
// {
buildRustPackage = args:
rp.buildRustPackage (
args
// rec {
cargoPatches = [
# Let stalwart-mail depend on our own version of the sieve crate that does not have some “loop prevention” that disables redirects to the original sender.
# We want to redirect to sender if we simulate alias files and not doing so barely prevents loops in my opinion.
./patches/sieve-rs.patch
];
# Replace the string with `lib.fakeHash` after version changes in order to get the new hash value.
cargoHash = "sha256-gb2oFlVA/vE6DoWWW8SCFA3l7rtV2RuosPUY+6IcKNM=";
}
);
};
}
);
})
];
};

4
nixos/modules/mail.nix
View file

@ -1,4 +1,8 @@
/*
* Building: We patch our version of stalwart and thus need to built it locally.
Gonne marked this conversation as resolved Outdated
Gonne commented 2024-12-13 16:42:10 +00:00
Outdated
Copy link

ufff

ufff
* Be aware that this needs some hours, about 12Gb RAM and a few Gb free space in /tmp.
Gonne marked this conversation as resolved Outdated
Gonne commented 2024-12-13 16:42:29 +00:00
Outdated
Copy link

double uff

double uff
* If you only want to deploy configuration changes and no software updates, consider building on the target VM.
* It has stalwart in its nix store and does not need to rebuild it.
Gonne marked this conversation as resolved Outdated
Gonne commented 2024-12-13 16:45:02 +00:00
Outdated
Copy link

isn't really a problem, this means we have time to rebuild stalwart to deploy the new alias

isn't really a problem, this means we have time to rebuild stalwart to deploy the new alias
* Forwarding mails: Update the Sops-secrets in the machine directory, rebuild on the VM and deploy.
* Everything else should happen automatically but new redirects might take up to two hours due HRZ infrastructure.
* Using the web admin interface: Set your SSH to do portforwarding of some local port to port 80 of the VM and
Gonne marked this conversation as resolved Outdated
Gonne commented 2024-12-13 16:47:29 +00:00
Outdated
Copy link

if the mailboxes are data on the machine, maybe the aliases should be too. This would also spare us to rebuild stalwart to update an alias

if the mailboxes are data on the machine, maybe the aliases should be too. This would also spare us to rebuild stalwart to update an alias
Gonne commented 2024-12-15 08:37:39 +00:00
Outdated
Copy link

If only aliases are changed rebuilds on the VM itself are fast and lean.

If only aliases are changed rebuilds on the VM itself are fast and lean.

27
patches/sieve-rs.patch Normal file
View file

@ -0,0 +1,27 @@
diff --git a/Cargo.lock b/Cargo.lock
index be36759b..b4316639 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -6404,8 +6404,7 @@ checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"
[[package]]
name = "sieve-rs"
version = "0.6.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "15ac54053752c25a0e545dd1953de716abcc80b12cfe0b6c2f2c1c73759d4f45"
+source = "git+https://gitea.mathebau.de/fachschaft/sieve-rs.git#71324550504c0f84fe3e814d05cbe22f90a3b228"
dependencies = [
"ahash 0.8.11",
"bincode",
diff --git a/Cargo.toml b/Cargo.toml
index f055474f..2b64c9ac 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -63,3 +63,7 @@ incremental = false
debug-assertions = false
overflow-checks = false
rpath = false
+
+
+[patch.crates-io]
+sieve-rs = { git = 'https://gitea.mathebau.de/fachschaft/sieve-rs.git' }