thrall: Upgrade postfix to prevent SMTP smuggling

2024-01-19 19:36:33 +01:00 · 2024-01-19 19:36:33 +01:00 · 2873640cbf
commit 2873640cbf
parent 55c210b8a6
2 changed files with 64 additions and 46 deletions
--- a/flake.lock
+++ b/flake.lock
@ -279,6 +279,21 @@
        "type": "indirect"
      }
    },
+    "nixpkgs-23_05": {
+      "locked": {
+        "lastModified": 1704290814,
+        "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-23.05",
+        "type": "indirect"
+      }
+    },
    "nixpkgs-droid": {
      "locked": {
        "lastModified": 1702350026,
@ -329,11 +344,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1702312524,
-        "narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=",
+        "lastModified": 1705316053,
+        "narHash": "sha256-J2Ey5mPFT8gdfL2XC0JTZvKaBw/b2pnyudEXFvl+dQM=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "a9bf124c46ef298113270b1f84a164865987a91c",
+        "rev": "c3e128f3c0ecc1fb04aef9f72b3dcc2f6cecf370",
        "type": "github"
      },
      "original": {
@ -425,22 +440,20 @@
        "flake-compat": "flake-compat",
        "nixpkgs": "nixpkgs_2",
        "nixpkgs-22_11": "nixpkgs-22_11",
-        "nixpkgs-23_05": [
-          "nixpkgs"
-        ],
+        "nixpkgs-23_05": "nixpkgs-23_05",
        "utils": "utils_2"
      },
      "locked": {
-        "lastModified": 1687462267,
-        "narHash": "sha256-rNSputjn/0HEHHnsKfQ8mQVEPVchcBw7DsbND7Wg8dk=",
+        "lastModified": 1703666786,
+        "narHash": "sha256-SLPNpM/rI8XPyVJAxMYAe+n6NiYSpuXvdwPILHP4yZI=",
        "owner": "simple-nixos-mailserver",
        "repo": "nixos-mailserver",
-        "rev": "24128c3052090311688b09a400aa408ba61c6ee5",
+        "rev": "b5023b36a1f6628865cb42b4353bd2ddde0ea9f4",
        "type": "gitlab"
      },
      "original": {
        "owner": "simple-nixos-mailserver",
-        "ref": "nixos-23.05",
+        "ref": "master",
        "repo": "nixos-mailserver",
        "type": "gitlab"
      }
--- a/flake.nix
+++ b/flake.nix
@ -16,8 +16,8 @@

    # simple mailserver
    snm = {
-      url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05";
-      inputs.nixpkgs-23_05.follows = "nixpkgs";
+      url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master";
+      #      inputs.nixpkgs-23_05.follows = "nixpkgs";
    };

    nix-on-droid = {
@ -42,41 +42,46 @@
    };
  };

-  outputs = { home-manager, nixpkgs, agenix, snm, ... }@inputs: {
-    nixosConfigurations."thrall" = nixpkgs.lib.nixosSystem {
-      system = "x86_64-linux";
-      specialArgs = { inherit inputs; };
-      modules = [
-        ({ inputs, lib, ... }: {
-          nixpkgs = {
-            config.allowUnfree = true;
-            overlays = with inputs; [ emacs.overlay ];
+  outputs =
+    { home-manager, nixpkgs, nixpkgs-unstable, agenix, snm, ... }@inputs: {
+      nixosConfigurations."thrall" = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
+        modules = let
+          postfix-overlay = final: prev: {
+            postfix = nixpkgs-unstable.legacyPackages."x86_64-linux".postfix;
          };
-          nix.registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
-        })
-        snm.nixosModule
-        ./modules/security.nix
-        ./hosts/thrall
-        agenix.nixosModules.age
-        home-manager.nixosModules.home-manager
-        {
-          home-manager.useGlobalPkgs = true;
-          home-manager.useUserPackages = true;
-          home-manager.users.alex = import ./home/cli.nix;
-        }
-      ];
-    };
-
-    nixosConfigurations."dregil" = import ./hosts/dregil { inherit inputs; };
-    homeConfigurations = import ./outputs/homeConfigurations inputs;
-
-    nixOnDroidConfigurations.default = with inputs;
-      nix-on-droid.lib.nixOnDroidConfiguration {
-        modules = [
-          ./hosts/redmi
-          { nix.registry.nixpkgs.flake = nixpkgs-droid; }
-          { nix.nixPath = [ "nixpkgs=${nixpkgs-droid}" ]; }
+        in [
+          ({ inputs, lib, ... }: {
+            nixpkgs = {
+              config.allowUnfree = true;
+              overlays = with inputs; [ emacs.overlay postfix-overlay ];
+            };
+            nix.registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
+          })
+          snm.nixosModule
+          ./modules/security.nix
+          ./hosts/thrall
+          agenix.nixosModules.age
+          home-manager.nixosModules.home-manager
+          {
+            home-manager.useGlobalPkgs = true;
+            home-manager.useUserPackages = true;
+            home-manager.users.alex = import ./home/cli.nix;
+          }
        ];
      };
-  };
+
+      nixosConfigurations."dregil" = import ./hosts/dregil { inherit inputs; };
+      homeConfigurations = import ./outputs/homeConfigurations inputs;
+
+      nixOnDroidConfigurations.default = with inputs;
+        nix-on-droid.lib.nixOnDroidConfiguration {
+          modules = [
+            ./hosts/redmi
+            { nix.registry.nixpkgs.flake = nixpkgs-droid; }
+            { nix.nixPath = [ "nixpkgs=${nixpkgs-droid}" ]; }
+          ];
+        };
+    };
 }