thrall: Upgrade postfix to prevent SMTP smuggling

2024-01-19 19:36:33 +01:00 · 2024-01-19 19:36:33 +01:00 · 2873640cbf
commit 2873640cbf
parent 55c210b8a6
2 changed files with 64 additions and 46 deletions
--- a/flake.nix
+++ b/flake.nix
@ -16,8 +16,8 @@

    # simple mailserver
    snm = {
-      url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05";
-      inputs.nixpkgs-23_05.follows = "nixpkgs";
+      url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master";
+      #      inputs.nixpkgs-23_05.follows = "nixpkgs";
    };

    nix-on-droid = {
@ -42,41 +42,46 @@
    };
  };

-  outputs = { home-manager, nixpkgs, agenix, snm, ... }@inputs: {
-    nixosConfigurations."thrall" = nixpkgs.lib.nixosSystem {
-      system = "x86_64-linux";
-      specialArgs = { inherit inputs; };
-      modules = [
-        ({ inputs, lib, ... }: {
-          nixpkgs = {
-            config.allowUnfree = true;
-            overlays = with inputs; [ emacs.overlay ];
+  outputs =
+    { home-manager, nixpkgs, nixpkgs-unstable, agenix, snm, ... }@inputs: {
+      nixosConfigurations."thrall" = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
+        modules = let
+          postfix-overlay = final: prev: {
+            postfix = nixpkgs-unstable.legacyPackages."x86_64-linux".postfix;
          };
-          nix.registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
-        })
-        snm.nixosModule
-        ./modules/security.nix
-        ./hosts/thrall
-        agenix.nixosModules.age
-        home-manager.nixosModules.home-manager
-        {
-          home-manager.useGlobalPkgs = true;
-          home-manager.useUserPackages = true;
-          home-manager.users.alex = import ./home/cli.nix;
-        }
-      ];
-    };
-
-    nixosConfigurations."dregil" = import ./hosts/dregil { inherit inputs; };
-    homeConfigurations = import ./outputs/homeConfigurations inputs;
-
-    nixOnDroidConfigurations.default = with inputs;
-      nix-on-droid.lib.nixOnDroidConfiguration {
-        modules = [
-          ./hosts/redmi
-          { nix.registry.nixpkgs.flake = nixpkgs-droid; }
-          { nix.nixPath = [ "nixpkgs=${nixpkgs-droid}" ]; }
+        in [
+          ({ inputs, lib, ... }: {
+            nixpkgs = {
+              config.allowUnfree = true;
+              overlays = with inputs; [ emacs.overlay postfix-overlay ];
+            };
+            nix.registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
+          })
+          snm.nixosModule
+          ./modules/security.nix
+          ./hosts/thrall
+          agenix.nixosModules.age
+          home-manager.nixosModules.home-manager
+          {
+            home-manager.useGlobalPkgs = true;
+            home-manager.useUserPackages = true;
+            home-manager.users.alex = import ./home/cli.nix;
+          }
        ];
      };
-  };
+
+      nixosConfigurations."dregil" = import ./hosts/dregil { inherit inputs; };
+      homeConfigurations = import ./outputs/homeConfigurations inputs;
+
+      nixOnDroidConfigurations.default = with inputs;
+        nix-on-droid.lib.nixOnDroidConfiguration {
+          modules = [
+            ./hosts/redmi
+            { nix.registry.nixpkgs.flake = nixpkgs-droid; }
+            { nix.nixPath = [ "nixpkgs=${nixpkgs-droid}" ]; }
+          ];
+        };
+    };
 }