Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nixos/automx2: multi-domain support, service improvements, configurability #370074

Draft
wants to merge 9 commits into
base: master
Choose a base branch
from

Conversation

eliasp
Copy link
Member

@eliasp eliasp commented Jan 2, 2025

This PR adds multiple improvements to the automx2 service, such as:

  • support for more than 1 domain
  • configuration of the log level
  • configuring settings as proper validated option instead of a plain JSON string
  • improve the systemd service:
    • use DynamicUser= and get rid of extra service user
    • use sdnotify for a faster, more deterministic/race-free service startup
    • get rid of the service state, since it doesn't have any
  • support for Caddy as webserver instead of only nginx

Since this is still WIP and only a draft PR so far, pinging @SuperSandro2000 as the original committer of this module for early input.

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 25.05 Release Notes (or backporting 24.11 and 25.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@github-actions github-actions bot added 6.topic: python 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 1-10 10.rebuild-linux: 1-10 labels Jan 2, 2025
@eliasp eliasp force-pushed the automx2-improvements branch 2 times, most recently from a016f94 to d980834 Compare January 2, 2025 00:43
Comment on lines +14 to +27
check =
x:
if !builtins.isAttrs x then
false
else if !lib.types.str.check x.type then
false
else if x.type != "imap" && x.type != "smtp" then
false
else if !lib.types.str.check x.name then
false
else if !lib.types.port.check x.port then
false
else
true;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't get this

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you refer to the individual checks or the overall approach?

  • individual checks: I'll add comments to make them easier to understand
  • general approach: my goal was, to properly validate the JSON datastructure that needs to be passed to /initdb to catch issues at evaluation instead of at runtime with a failing service startup…
    • Is there a better way than using custom types?
    • Is my approach of using type checks wrong?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The general approach I must admit. It would be cool, if we could just validate the config with the upstream program. That would make maintenance a lot easier.

Copy link
Member

@SuperSandro2000 SuperSandro2000 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

otherwise good idea

pkgs/development/python-modules/automx2/default.nix Outdated Show resolved Hide resolved
pkgs/development/python-modules/automx2/default.nix Outdated Show resolved Hide resolved
nixos/modules/services/mail/automx2.nix Show resolved Hide resolved
@eliasp eliasp force-pushed the automx2-improvements branch from 8c22197 to 059e077 Compare January 7, 2025 00:11
@ofborg ofborg bot added the ofborg-internal-error Ofborg encountered an error label Jan 7, 2025
@eliasp eliasp force-pushed the automx2-improvements branch from 059e077 to 49f470c Compare January 7, 2025 00:12
@ofborg ofborg bot removed the ofborg-internal-error Ofborg encountered an error label Jan 7, 2025
@eliasp eliasp force-pushed the automx2-improvements branch 2 times, most recently from 04f20f9 to ee633d2 Compare January 9, 2025 00:17
eliasp added 9 commits January 9, 2025 01:24
The existing approach only allowed to configure a
single domain, while the upstream project itself
supports multiple ones.

By changing the option `domain` from a string to
the option `domains` being a list and then
configuring the nginx virtualHosts accordingly,
multi-domain support works now as expected.
Since `automx2` is stateless in its current form,
there's no need for `StateDirectory=` and
`WorkingDirectory=`.
This release adds support for `sd_notify()`, which allows the
corresponding `services.automx2` module to deprecate a `sleep`
workaround.

See also: rseichter/automx2#29
Eliminate the `sleep` hack before sending a request to `/initdb` by
utilizing systemd's sdnotify which allows a more deterministic and
race-free execution of `ExecStartPost=` processes once the service is
ready.
@eliasp eliasp force-pushed the automx2-improvements branch from ee633d2 to 89aa312 Compare January 9, 2025 00:25
@@ -8,6 +8,64 @@
let
cfg = config.services.automx2;
format = pkgs.formats.json { };
imapSmtpServerType = lib.types.mkOptionType {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

automx2 also support 'pop' as server type.

@@ -105,4 +111,10 @@ in
};
};
};

imports = [
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

minor: Normally we place imports between options and config

@@ -7,12 +7,13 @@
ldap3,
pytestCheckHook,
pythonOlder,
pythonPackages,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
pythonPackages,

serverAliases = [ "autodiscover.${domain}" ];
locations = {
"/".proxyPass = "http://127.0.0.1:${toString cfg.port}/";
# TODO: verify this actually blocks external requests due to the current IP/proxy issue?
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
# TODO: verify this actually blocks external requests due to the current IP/proxy issue?

it does, see https://autoconfig.c3d2.de/initdb

as long as your not chaining proxies.

@SuperSandro2000
Copy link
Member

So what's left on your side to undraft this PR?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 6.topic: python 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 1-10 10.rebuild-linux: 1-10
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants