Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nixos/pfix-srsd: add module #29452

Merged
merged 1 commit into from Oct 3, 2017
Merged

nixos/pfix-srsd: add module #29452

merged 1 commit into from Oct 3, 2017

Conversation

jerith666
Copy link
Contributor

@jerith666 jerith666 commented Sep 16, 2017
edited

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option build-use-sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • Linux
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

joachifm
joachifm reviewed Sep 17, 2017
View reviewed changes
nixos/modules/services/mail/pfix-srsd.nix Outdated
};

secret = mkOption {
description = "The secret data used to encode the SRS address";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How important is it that this remains secret? If at all, consider not copying it into the store.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it is rather important -- possession of this secret means you can forge bounces through this mail server. Looking into duplicating the approach used by postsrsd.nix.

joachifm
joachifm reviewed Sep 17, 2017
View reviewed changes
nixos/modules/services/mail/pfix-srsd.nix Outdated
description = "Whether to run the postfix sender rewriting scheme daemon.";
};

domain = mkOption {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please declare types for the options.

@jerith666
Copy link
Contributor Author

Okay, secrets moved out of store and types added. Thanks for the review!

@joachifm joachifm merged commit cb3d443 into NixOS:master Oct 3, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joachifm joachifm joachifm left review comments

Assignees
No one assigned
Labels
8.has: module (new)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jerith666 @joachifm