Now using pkgs.writeText

this places header cleanup rules into /store out of /etc and avoids the name clash.
This commit is contained in:
Philipp Dörfler 2017-09-20 08:38:40 +02:00 committed by GitHub
parent 16e31c6a0d
commit 893c6db5cd
1 changed files with 13 additions and 16 deletions

View File

@ -48,6 +48,17 @@ let
# address though # address though
vaccounts_file = builtins.toFile "vaccounts" (lib.concatStringsSep "\n" (vaccounts_identity ++ valiases_postfix)); vaccounts_file = builtins.toFile "vaccounts" (lib.concatStringsSep "\n" (vaccounts_identity ++ valiases_postfix));
submissionHeaderCleanupRules = pkgs.writeText "submission_header_cleanup_rules" ''
### Removes sensitive headers from mails handed in via the submission port.
### See https://thomas-leister.de/mailserver-debian-stretch/
### Uses "pcre" style regex.
/^Received:/ IGNORE
/^X-Originating-IP:/ IGNORE
/^X-Mailer:/ IGNORE
/^User-Agent:/ IGNORE
/^X-Enigmail:/ IGNORE
'';
in in
{ {
config = with cfg; lib.mkIf enable { config = with cfg; lib.mkIf enable {
@ -102,22 +113,8 @@ in
extraMasterConf = '' extraMasterConf = ''
submission-header-cleanup unix n - n - 0 cleanup submission-header-cleanup unix n - n - 0 cleanup
-o header_checks=regexp:/etc/postfixsupport/submission_header_cleanup -o header_checks=pcre:${submissionHeaderCleanupRules}
''; '';
}; };
environment.etc = {
"postfixsupport/submission_header_cleanup" = {
text = ''
### Removes sensitive headers from mails handed in via the submission port.
### Thanks to https://thomas-leister.de/mailserver-debian-stretch/
/^Received:/ IGNORE
/^X-Originating-IP:/ IGNORE
/^X-Mailer:/ IGNORE
/^User-Agent:/ IGNORE
'';
};
};
}; };
} }