From 2873640cbf34cd180878f941a19f6c2e3ffd53f6 Mon Sep 17 00:00:00 2001
From: Alexander Kobjolke <me@failco.de>
Date: Fri, 19 Jan 2024 19:36:33 +0100
Subject: [PATCH] thrall: Upgrade postfix to prevent SMTP smuggling

---
 flake.lock | 33 ++++++++++++++++-------
 flake.nix  | 77 +++++++++++++++++++++++++++++-------------------------
 2 files changed, 64 insertions(+), 46 deletions(-)

diff --git a/flake.lock b/flake.lock
index bf57302..7609277 100644
--- a/flake.lock
+++ b/flake.lock
@@ -279,6 +279,21 @@
         "type": "indirect"
       }
     },
+    "nixpkgs-23_05": {
+      "locked": {
+        "lastModified": 1704290814,
+        "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-23.05",
+        "type": "indirect"
+      }
+    },
     "nixpkgs-droid": {
       "locked": {
         "lastModified": 1702350026,
@@ -329,11 +344,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1702312524,
-        "narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=",
+        "lastModified": 1705316053,
+        "narHash": "sha256-J2Ey5mPFT8gdfL2XC0JTZvKaBw/b2pnyudEXFvl+dQM=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "a9bf124c46ef298113270b1f84a164865987a91c",
+        "rev": "c3e128f3c0ecc1fb04aef9f72b3dcc2f6cecf370",
         "type": "github"
       },
       "original": {
@@ -425,22 +440,20 @@
         "flake-compat": "flake-compat",
         "nixpkgs": "nixpkgs_2",
         "nixpkgs-22_11": "nixpkgs-22_11",
-        "nixpkgs-23_05": [
-          "nixpkgs"
-        ],
+        "nixpkgs-23_05": "nixpkgs-23_05",
         "utils": "utils_2"
       },
       "locked": {
-        "lastModified": 1687462267,
-        "narHash": "sha256-rNSputjn/0HEHHnsKfQ8mQVEPVchcBw7DsbND7Wg8dk=",
+        "lastModified": 1703666786,
+        "narHash": "sha256-SLPNpM/rI8XPyVJAxMYAe+n6NiYSpuXvdwPILHP4yZI=",
         "owner": "simple-nixos-mailserver",
         "repo": "nixos-mailserver",
-        "rev": "24128c3052090311688b09a400aa408ba61c6ee5",
+        "rev": "b5023b36a1f6628865cb42b4353bd2ddde0ea9f4",
         "type": "gitlab"
       },
       "original": {
         "owner": "simple-nixos-mailserver",
-        "ref": "nixos-23.05",
+        "ref": "master",
         "repo": "nixos-mailserver",
         "type": "gitlab"
       }
diff --git a/flake.nix b/flake.nix
index e717092..1b9ab49 100644
--- a/flake.nix
+++ b/flake.nix
@@ -16,8 +16,8 @@
 
     # simple mailserver
     snm = {
-      url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05";
-      inputs.nixpkgs-23_05.follows = "nixpkgs";
+      url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master";
+      #      inputs.nixpkgs-23_05.follows = "nixpkgs";
     };
 
     nix-on-droid = {
@@ -42,41 +42,46 @@
     };
   };
 
-  outputs = { home-manager, nixpkgs, agenix, snm, ... }@inputs: {
-    nixosConfigurations."thrall" = nixpkgs.lib.nixosSystem {
-      system = "x86_64-linux";
-      specialArgs = { inherit inputs; };
-      modules = [
-        ({ inputs, lib, ... }: {
-          nixpkgs = {
-            config.allowUnfree = true;
-            overlays = with inputs; [ emacs.overlay ];
+  outputs =
+    { home-manager, nixpkgs, nixpkgs-unstable, agenix, snm, ... }@inputs: {
+      nixosConfigurations."thrall" = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
+        modules = let
+          postfix-overlay = final: prev: {
+            postfix = nixpkgs-unstable.legacyPackages."x86_64-linux".postfix;
           };
-          nix.registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
-        })
-        snm.nixosModule
-        ./modules/security.nix
-        ./hosts/thrall
-        agenix.nixosModules.age
-        home-manager.nixosModules.home-manager
-        {
-          home-manager.useGlobalPkgs = true;
-          home-manager.useUserPackages = true;
-          home-manager.users.alex = import ./home/cli.nix;
-        }
-      ];
-    };
-
-    nixosConfigurations."dregil" = import ./hosts/dregil { inherit inputs; };
-    homeConfigurations = import ./outputs/homeConfigurations inputs;
-
-    nixOnDroidConfigurations.default = with inputs;
-      nix-on-droid.lib.nixOnDroidConfiguration {
-        modules = [
-          ./hosts/redmi
-          { nix.registry.nixpkgs.flake = nixpkgs-droid; }
-          { nix.nixPath = [ "nixpkgs=${nixpkgs-droid}" ]; }
+        in [
+          ({ inputs, lib, ... }: {
+            nixpkgs = {
+              config.allowUnfree = true;
+              overlays = with inputs; [ emacs.overlay postfix-overlay ];
+            };
+            nix.registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
+          })
+          snm.nixosModule
+          ./modules/security.nix
+          ./hosts/thrall
+          agenix.nixosModules.age
+          home-manager.nixosModules.home-manager
+          {
+            home-manager.useGlobalPkgs = true;
+            home-manager.useUserPackages = true;
+            home-manager.users.alex = import ./home/cli.nix;
+          }
         ];
       };
-  };
+
+      nixosConfigurations."dregil" = import ./hosts/dregil { inherit inputs; };
+      homeConfigurations = import ./outputs/homeConfigurations inputs;
+
+      nixOnDroidConfigurations.default = with inputs;
+        nix-on-droid.lib.nixOnDroidConfiguration {
+          modules = [
+            ./hosts/redmi
+            { nix.registry.nixpkgs.flake = nixpkgs-droid; }
+            { nix.nixPath = [ "nixpkgs=${nixpkgs-droid}" ]; }
+          ];
+        };
+    };
 }