[RFC]: nixos/opendkim: umask, extraConfig options #78126
Conversation
This removes the configFile option.
There was a problem hiding this comment.
This works and I'm in favor of this change.
I also wonder if UMask should perhaps be set to 0002 by default? The socket is owned by opendkim:opendkim, so 0022 is not really a useful default for other processes to use opendkim as intended.
Beyond this PR, I would welcome a setting to integrate with postfix directly, like what rspamd does. Fiddling with socket paths and permissions isn't ideal.
|
See #82379 as an alternative, which implements a generic solution for setting additional opendkim settings. |
|
Hello, I'm a bot and I thank you in the name of the community for your contributions. Nixpkgs is a busy repository, and unfortunately sometimes PRs get left behind for too long. Nevertheless, we'd like to help committers reach the PRs that are still important. This PR has had no activity for 180 days, and so I marked it as stale, but you can rest assured it will never be closed by a non-human. If this is still important to you and you'd like to remove the stale label, we ask that you leave a comment. Your comment can be as simple as "still important to me". But there's a bit more you can do: If you received an approval by an unprivileged maintainer and you are just waiting for a merge, you can @ mention someone with merge permissions and ask them to help. You might be able to find someone relevant by using Git blame on the relevant files, or via GitHub's web interface. You can see if someone's a member of the nixpkgs-committers team, by hovering with the mouse over their username on the web interface, or by searching them directly on the list. If your PR wasn't reviewed at all, it might help to find someone who's perhaps a user of the package or module you are changing, or alternatively, ask once more for a review by the maintainer of the package/module this is about. If you don't know any, you can use Git blame on the relevant files, or GitHub's web interface to find someone who touched the relevant files in the past. If your PR has had reviews and nevertheless got stale, make sure you've responded to all of the reviewer's requests / questions. Usually when PR authors show responsibility and dedication, reviewers (privileged or not) show dedication as well. If you've pushed a change, it's possible the reviewer wasn't notified about your push via email, so you can always officially request them for a review, or just @ mention them and say you've addressed their comments. Lastly, you can always ask for help at our Discourse Forum, or more specifically, at this thread or at #nixos' IRC channel. |
stale
bot
added
the
2.status: stale
stale
bot
removed
the
2.status: stale
wegank
added
the
2.status: stale
Motivated by #27260 (by default opendkim creates a socket whose permissions do not allow postfix to talk to it), we add a umask option. Since this would clash with configFile, we change that to an extraConfig string which is merged with the umask option to create the actual config file.
This does not add any new functionality, but I think it is cleaner this way.
This has been running on my mailserver with no problems (indeed, the instantiated configuration of opendkim is the same as it was using configFile).
Obviously there is some debate to be had as to whether we want this patch.
If we do, I have a couple of questions to clear up before merging: