thrall: Upgrade postfix to prevent SMTP smuggling

2024-01-19 19:36:33 +01:00 · 2024-01-19 19:36:33 +01:00 · 2873640cbf
commit 2873640cbf
parent 55c210b8a6
2 changed files with 64 additions and 46 deletions
--- a/flake.lock
+++ b/flake.lock
@ -279,6 +279,21 @@
        "type": "indirect"
      }
    },
    "nixpkgs-23_05": {
      "locked": {
        "lastModified": 1704290814,
        "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
        "ref": "nixos-23.05",
        "type": "indirect"
      }
    },
    "nixpkgs-droid": {
      "locked": {
        "lastModified": 1702350026,
@ -329,11 +344,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1702312524,
+        "lastModified": 1705316053,
-        "narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=",
+        "narHash": "sha256-J2Ey5mPFT8gdfL2XC0JTZvKaBw/b2pnyudEXFvl+dQM=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "a9bf124c46ef298113270b1f84a164865987a91c",
+        "rev": "c3e128f3c0ecc1fb04aef9f72b3dcc2f6cecf370",
        "type": "github"
      },
      "original": {
@ -425,22 +440,20 @@
        "flake-compat": "flake-compat",
        "nixpkgs": "nixpkgs_2",
        "nixpkgs-22_11": "nixpkgs-22_11",
-        "nixpkgs-23_05": [
+        "nixpkgs-23_05": "nixpkgs-23_05",
          "nixpkgs"
        ],
        "utils": "utils_2"
      },
      "locked": {
-        "lastModified": 1687462267,
+        "lastModified": 1703666786,
-        "narHash": "sha256-rNSputjn/0HEHHnsKfQ8mQVEPVchcBw7DsbND7Wg8dk=",
+        "narHash": "sha256-SLPNpM/rI8XPyVJAxMYAe+n6NiYSpuXvdwPILHP4yZI=",
        "owner": "simple-nixos-mailserver",
        "repo": "nixos-mailserver",
-        "rev": "24128c3052090311688b09a400aa408ba61c6ee5",
+        "rev": "b5023b36a1f6628865cb42b4353bd2ddde0ea9f4",
        "type": "gitlab"
      },
      "original": {
        "owner": "simple-nixos-mailserver",
-        "ref": "nixos-23.05",
+        "ref": "master",
        "repo": "nixos-mailserver",
        "type": "gitlab"
      }
--- a/flake.nix
+++ b/flake.nix
@ -16,8 +16,8 @@
    # simple mailserver
    snm = {
-      url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05";
+      url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master";
-      inputs.nixpkgs-23_05.follows = "nixpkgs";
+      #      inputs.nixpkgs-23_05.follows = "nixpkgs";
    };
    nix-on-droid = {
@ -42,41 +42,46 @@
    };
  };
-  outputs = { home-manager, nixpkgs, agenix, snm, ... }@inputs: {
+  outputs =
-    nixosConfigurations."thrall" = nixpkgs.lib.nixosSystem {
+    { home-manager, nixpkgs, nixpkgs-unstable, agenix, snm, ... }@inputs: {
-      system = "x86_64-linux";
+      nixosConfigurations."thrall" = nixpkgs.lib.nixosSystem {
-      specialArgs = { inherit inputs; };
+        system = "x86_64-linux";
-      modules = [
+        specialArgs = { inherit inputs; };
-        ({ inputs, lib, ... }: {
+        modules = let
-          nixpkgs = {
+          postfix-overlay = final: prev: {
-            config.allowUnfree = true;
+            postfix = nixpkgs-unstable.legacyPackages."x86_64-linux".postfix;
            overlays = with inputs; [ emacs.overlay ];
          };
-          nix.registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
+        in [
-        })
+          ({ inputs, lib, ... }: {
-        snm.nixosModule
+            nixpkgs = {
-        ./modules/security.nix
+              config.allowUnfree = true;
-        ./hosts/thrall
+              overlays = with inputs; [ emacs.overlay postfix-overlay ];
-        agenix.nixosModules.age
+            };
-        home-manager.nixosModules.home-manager
+            nix.registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
-        {
+          })
-          home-manager.useGlobalPkgs = true;
+          snm.nixosModule
-          home-manager.useUserPackages = true;
+          ./modules/security.nix
-          home-manager.users.alex = import ./home/cli.nix;
+          ./hosts/thrall
-        }
+          agenix.nixosModules.age
-      ];
+          home-manager.nixosModules.home-manager
-    };
+          {
-
+            home-manager.useGlobalPkgs = true;
-    nixosConfigurations."dregil" = import ./hosts/dregil { inherit inputs; };
+            home-manager.useUserPackages = true;
-    homeConfigurations = import ./outputs/homeConfigurations inputs;
+            home-manager.users.alex = import ./home/cli.nix;
-
+          }
    nixOnDroidConfigurations.default = with inputs;
      nix-on-droid.lib.nixOnDroidConfiguration {
        modules = [
          ./hosts/redmi
          { nix.registry.nixpkgs.flake = nixpkgs-droid; }
          { nix.nixPath = [ "nixpkgs=${nixpkgs-droid}" ]; }
        ];
      };
-  };
+
      nixosConfigurations."dregil" = import ./hosts/dregil { inherit inputs; };
      homeConfigurations = import ./outputs/homeConfigurations inputs;
      nixOnDroidConfigurations.default = with inputs;
        nix-on-droid.lib.nixOnDroidConfiguration {
          modules = [
            ./hosts/redmi
            { nix.registry.nixpkgs.flake = nixpkgs-droid; }
            { nix.nixPath = [ "nixpkgs=${nixpkgs-droid}" ]; }
          ];
        };
    };
 }