-
-
Notifications
You must be signed in to change notification settings - Fork 14.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/automx2: multi-domain support, service improvements, configurability #370074
base: master
Are you sure you want to change the base?
Conversation
a016f94
to
d980834
Compare
check = | ||
x: | ||
if !builtins.isAttrs x then | ||
false | ||
else if !lib.types.str.check x.type then | ||
false | ||
else if x.type != "imap" && x.type != "smtp" then | ||
false | ||
else if !lib.types.str.check x.name then | ||
false | ||
else if !lib.types.port.check x.port then | ||
false | ||
else | ||
true; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't get this
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you refer to the individual checks or the overall approach?
- individual checks: I'll add comments to make them easier to understand
- general approach: my goal was, to properly validate the JSON datastructure that needs to be passed to
/initdb
to catch issues at evaluation instead of at runtime with a failing service startup…- Is there a better way than using custom types?
- Is my approach of using type checks wrong?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The general approach I must admit. It would be cool, if we could just validate the config with the upstream program. That would make maintenance a lot easier.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
otherwise good idea
8c22197
to
059e077
Compare
059e077
to
49f470c
Compare
04f20f9
to
ee633d2
Compare
The existing approach only allowed to configure a single domain, while the upstream project itself supports multiple ones. By changing the option `domain` from a string to the option `domains` being a list and then configuring the nginx virtualHosts accordingly, multi-domain support works now as expected.
Since `automx2` is stateless in its current form, there's no need for `StateDirectory=` and `WorkingDirectory=`.
This release adds support for `sd_notify()`, which allows the corresponding `services.automx2` module to deprecate a `sleep` workaround. See also: rseichter/automx2#29
Eliminate the `sleep` hack before sending a request to `/initdb` by utilizing systemd's sdnotify which allows a more deterministic and race-free execution of `ExecStartPost=` processes once the service is ready.
ee633d2
to
89aa312
Compare
@@ -8,6 +8,64 @@ | |||
let | |||
cfg = config.services.automx2; | |||
format = pkgs.formats.json { }; | |||
imapSmtpServerType = lib.types.mkOptionType { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
automx2 also support 'pop' as server type.
@@ -105,4 +111,10 @@ in | |||
}; | |||
}; | |||
}; | |||
|
|||
imports = [ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
minor: Normally we place imports between options and config
@@ -7,12 +7,13 @@ | |||
ldap3, | |||
pytestCheckHook, | |||
pythonOlder, | |||
pythonPackages, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
pythonPackages, |
serverAliases = [ "autodiscover.${domain}" ]; | ||
locations = { | ||
"/".proxyPass = "http://127.0.0.1:${toString cfg.port}/"; | ||
# TODO: verify this actually blocks external requests due to the current IP/proxy issue? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
# TODO: verify this actually blocks external requests due to the current IP/proxy issue? |
it does, see https://autoconfig.c3d2.de/initdb
as long as your not chaining proxies.
So what's left on your side to undraft this PR? |
This PR adds multiple improvements to the
automx2
service, such as:settings
as proper validated option instead of a plain JSON stringDynamicUser=
and get rid of extra service userSince this is still WIP and only a draft PR so far, pinging @SuperSandro2000 as the original committer of this module for early input.
Things done
nix.conf
? (See Nix manual)sandbox = relaxed
sandbox = true
nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)Add a 👍 reaction to pull requests you find important.