Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nixos/postfix: allow custom smtp_tls_security_level #109122

Merged
merged 2 commits into from Jan 14, 2021
Merged

nixos/postfix: allow custom smtp_tls_security_level #109122

merged 2 commits into from Jan 14, 2021

Conversation

alyssais
Copy link
Member

@alyssais alyssais commented Jan 12, 2021
edited

Motivation for this change

I run Postfix on my workstation as a smarthost, where it only ever talks to my SMTP server. Because I know it'll only ever connect to this server, and because I know this server supports TLS, I'd like to set smtp_tls_security_level to "encrypt" so Postfix won't fall back to an unencrypted connection.

I’ve also removed services.postfix.useDane, because now that smtp_tls_security_level is using mkDefault, and therefore can
be overridden, there's no need for an option for overriding it to a specific value.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@alyssais
nixos/postfix: allow custom smtp_tls_security_level
844191b 
I run Postfix on my workstation as a smarthost, where it only ever
talks to my SMTP server.  Because I know it'll only ever connect to
this server, and because I know this server supports TLS, I'd like to
set smtp_tls_security_level to "encrypt" so Postfix won't fall back to
an unencrypted connection.
@alyssais
nixos/postfix: deprecate services.postfix.useDane
d721f60 
Now that smtp_tls_security_level is using mkDefault, and therefore can
be overridden, there's no need for an option for overriding it to a
specific value.
@alyssais alyssais requested a review from peti as a code owner January 12, 2021 16:36
jerith666
jerith666 approved these changes Jan 14, 2021
View reviewed changes
Copy link
Contributor

@jerith666 jerith666 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems reasonable to me.

@alyssais
Copy link
Member Author

@ofborg test postfix

@alyssais alyssais merged commit 011d073 into NixOS:master Jan 14, 2021
@alyssais alyssais deleted the postfix branch January 14, 2021 10:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jerith666 jerith666 jerith666 approved these changes

@Mic92 Mic92 Awaiting requested review from Mic92

@asbachb asbachb Awaiting requested review from asbachb

@peti peti Awaiting requested review from peti peti is a code owner

Assignees
No one assigned
Labels
6.topic: nixos 8.has: module (update) 10.rebuild-darwin: 0 10.rebuild-linux: 1-10 10.rebuild-linux: 1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@alyssais @jerith666